What's new in the CylancePROTECT Desktop agent for Windows Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance Endpoint Security Release Notes
  4. CylancePROTECT Desktop release notes
  5. What's new in the CylancePROTECT Desktop agent for Windows

What's new in the
CylancePROTECT Desktop
 agent for
Windows

What's new in
Windows
 agent version 3.1.1003

Bug fix only. See fixed issues.

What's new in
Windows
 agent version 3.1.1001

Feature
Description
Script control improvements
The
CylancePROTECT Desktop
 agent now reports parent and interpreter processes to the Cylance console when a potentially malicious script is executed.
Administrators can add exclusions for either a parent process or interpreter process of a script to allow the script to run on a device.
DLL exclusions for memory protection
The
CylancePROTECT Desktop
 agent for
Windows
 now supports the ability to add exclusions for third-party application DLLs. For example, if you are running third-party security products in addition to
CylancePROTECT
, you can add an exclusion for the appropriate .dll files so that
CylancePROTECT
 ignores specific violations for those products.
This feature supports the Malicious Payload and System DLL Overwrite violation types only.
The following rules apply when you specify a DLL exclusion:
  • You must select the
    Treat as DLL exclusion
     option in the device policy.
  • The device must be running
    CylancePROTECT Desktop
     agent version 3.1.1001 or later on a
    Windows
     device. 
  • The file path that you specify must be the full, direct path to the .dll file. Wildcards are not allowed.
  • The .dll file must be signed using a certificate that is trusted on the device where
    CylancePROTECT Desktop
     is installed. Otherwise, it will not be excluded.
Improvements to memory protection sensor for malicious payloads
The memory protection sensor for the malicious payload violation type has been improved to help improve accuracy of violation reporting and reduce unnecessary alerts.

What's new in
Windows
 agent version 3.1.1000

Feature
Description
Execution protection for XLM/XL4 Excel Macros (Preview)
The
CylancePROTECT Desktop
 agent now works with
Microsoft
's anti-malware scan interface (AMSI) so that when a potentially dangerous XLM macro is executed, threat information is reported to the management console, and the agent responds to the interface according to the device policy rules for script control events. For example, the agent responds whether to allow the macro to run or block it from running. This feature is enabled from the Script Control > XLM Macros settings in the device policy.
This feature requires the following:
  • Microsoft Windows
     10 or later
  • CylancePROTECT Desktop
     agent version 3.1
  • VBA macros must be disabled in the
    Excel
    File > Trust Center > Excel Trust Center > Macro Settings
     menu. 
This feature is currently available in Preview mode where it might behave unexpectedly.
Support for Antimalware Protected Process Light (AM-PPL)
The
CylancePROTECT Desktop
 agent now runs as a trusted service using Antimalware Protected Process Light (AM-PPL) technology from
Microsoft
, which protects the agent's security processes from malicious actions. For example, it helps protect the agent from being terminated. This feature requires the endpoint to be running
Windows 10
 1709 or later or
Windows Server
 2019 or later.
Custom interval for background threat detection scanning
Administrators can now set a custom interval to run background threat detection scanning from the device policy. The scan interval can be set between 1 and 90 days. The default scan interval is 10 days. Note that increasing the frequency of the scans might impact the device performance. The scan may also be manually started from the command line.
Manually start background threat detection scanning
On
Windows
 devices, you can now manually start background threat detection scanning from the command line using the
backgroundscan
 command option. For example, you can run the following command: 
C:\Program Files\Cylance\Desktop\CylanceSvc.exe /backgroundscan
Windows
 OS support
  • Added support for
    Windows
     365 (Business, Enterprise)
  • Added support for
    Windows
     10 (22H2)
  • Removed support for
    Windows
     10 (2004)

What's new in
Windows
 agent version 3.0.1005

Feature
Description
LSASS Read violations reporting
LSASS Read violations that are blocked are now reported to the management console.
Due to compatibility issues, tenants that have
CylanceOPTICS
 3.2 for
Windows
 available will not have
CylancePROTECT Desktop
 agent version 3.0.1005 for
Windows
 provisioned to them. The compatibility issues will be resolved in an upcoming release. All other versions of
CylanceOPTICS
 support
CylancePROTECT Desktop
 agent version 3.0.1005 for
Windows
.

What's new in
Windows
 agent version 3.0.1000

Feature
Description
Support for
Windows
 11
The
CylancePROTECT Desktop
 agent for
Windows
 now supports
Windows
 11 devices.
LSASS Read violations detection
Detection of LSASS Read violations has been improved in the
Windows
 agent 3.0.1000.
Exclusions for macro files
For
Windows
 devices running agent 3.0.1000, administrators can now add exclusions in the Memory Protection device policy for macro files that cause Script Control events.
Read-only access to USB devices
For
Windows
 devices running agent 3.0.1000, administrators can now allow read-only access to external USB devices on
Windows
 devices.
Detection disabled for embedded VBScripts
Detection of embedded VBScript script control violations is disabled in
Windows
 agent 3.0.1000.

What's new in
Windows
 agent version 2.1.1584

Feature
Description
Added support for
Windows
The
CylancePROTECT Desktop
 2.1.1584 agent for
Windows
 is supported on devices running
Windows
 10 21H1 (May 2021),
Windows
 10 21H2 (November 2021),
Windows
 11, and
Windows Server
 2022.
Memory protection enhancements
  • Memory Protection now uses a new code base and methodology that generates more events.
  • The Dangerous VBA Macro event (RunMacroScript) is now a memory protection event, not a script control event. This event prevents dangerous implementations within a macro. This event is not related to running scripts.

What's new in
Windows
 agent version 2.1.1568

Bug fixes only
The
CylancePROTECT Desktop
 2.1.1568 agent for
Windows
 is the last release that supports endpoints running the
Windows XP
,
Windows Server
 2003, and
Windows Server
 2008 (non-R2) operating systems. The
Cylance
 SHA1 certificate that the agent requires to support these endpoints is due to expire in November 2023. After November 2023, any endpoints that are running this version of the agent may not behave as expected. For endpoints that are running a later version of
Windows
, you must install a later version of the
CylancePROTECT Desktop
 agent. For more information about
CylancePROTECT Desktop
 support for legacy operating systems, visit support.blackberry.com and read KB 66653.