CylancePROTECT Desktop

release notes

In the script control device policy settings, administrators can now separately control how the larger scripts (for example, PowerShell scripts larger than 5 MB) are reported to the

Cylance

console when a threat is detected. The separate setting allows administrators to focus on tuning the detection of smaller scripts, which are more likely to be malicious than IT scripts (which are typically larger in size), and enables the agent to achieve optimal blocking posture faster. You can apply the policy settings for each type of script (which includes blocking the script from running) so that these threats are managed together regardless of the size of the script. You can also manage them separately by only sending alerts to the console, or ignoring alerts for large scripts. The default setting is "Ignore large scripts".

Devices must be running

CylancePROTECT Desktop

agent version 3.3 or later.

For more information, see Script control in the Setup content.

The

CylancePROTECT Desktop

agent for

macOS

3.3 now supports the USB device control feature, which allows administrators to control whether to allow or block access to USB mass storage devices. Administrators can turn on device control for

macOS

devices from the device policy for storage devices classified as USB optical drives or USB storage drives (such as hard drives or flash drives).

For more information, see Device control in the Setup content.

This feature allows administrators to identify applications that may be a source of vulnerabilities, prioritize actions against vulnerabilities, and address them accordingly. Administrators can view all applications installed on devices that are registered with the tenant and view a list of applications that are installed on individual devices.

The

CylancePROTECT Desktop

agent now supports enhanced script control using script scoring. Scripts that have an unsafe or abnormal threat score can be intelligently blocked from executing and alerted to the management console.

For more information, see the Cylance Endpoint Security Setup content.

The

CylancePROTECT Desktop

agent now supports Alert mode for the use of PowerShell Console in interactive mode, so that detected events are reported to the management console while still allowing them to run.

Administrators can now initiate a background threat detection scan on demand from the management console.

Note that if background threat detection scans are running on several VM devices that are from the same VM host at the same time, device performance will be impacted due to resource sharing.