What's new in the CylancePROTECT Desktop agent for Windows
CylancePROTECT Desktop
agent for Windows
What's new in Windows agent version 3.1.1001
Windows
agent version 3.1.1001 Feature | Description |
|---|---|
Script control improvements | The CylancePROTECT Desktop agent now reports parent and interpreter processes to the Cylance console when a potentially malicious script is executed. Administrators can add exclusions for either a parent process or interpreter process of a script to allow the script to run on a device. |
DLL exclusions for memory protection | The CylancePROTECT Desktop agent for Windows now supports the ability to add exclusions for third-party application DLLs. For example, if you are running third-party security products in addition to CylancePROTECT , you can add an exclusion for the appropriate .dll files so that CylancePROTECT ignores specific violations for those products. This feature supports the Malicious Payload and System DLL Overwrite violation types only. The following rules apply when you specify a DLL exclusion:
|
Improvements to memory protection sensor for malicious payloads | The memory protection sensor for the malicious payload violation type has been improved to help improve accuracy of violation reporting and reduce unnecessary alerts. |
What's new in Windows agent version 3.1.1000
Windows
agent version 3.1.1000 Feature | Description |
|---|---|
Execution protection for XLM/XL4 Excel Macros (Preview) | The CylancePROTECT Desktop agent now works with Microsoft 's anti-malware scan interface (AMSI) so that when a potentially dangerous XLM macro is executed, threat information is reported to the management console, and the agent responds to the interface according to the device policy rules for script control events. For example, the agent responds whether to allow the macro to run or block it from running. This feature is enabled from the Script Control > XLM Macros settings in the device policy.This feature requires the following:
This feature is currently available in Preview mode where it might behave unexpectedly. |
Support for Antimalware Protected Process Light (AM-PPL) | The CylancePROTECT Desktop agent now runs as a trusted service using Antimalware Protected Process Light (AM-PPL) technology from Microsoft , which protects the agent's security processes from malicious actions. For example, it helps protect the agent from being terminated. This feature requires the endpoint to be running Windows 10 1709 or later or Windows Server 2019 or later. |
Custom interval for background threat detection scanning | Administrators can now set a custom interval to run background threat detection scanning from the device policy. The scan interval can be set between 1 and 90 days. The default scan interval is 10 days. Note that increasing the frequency of the scans might impact the device performance. The scan may also be manually started from the command line. The date of the last scan for each device is logged in the management console. |
Manually start background threat detection scanning | On Windows devices, you can now manually start background threat detection scanning from the command line using the backgroundscan command option. For example, you can run the following command:
|
Windows OS support |
|
What's new in Windows agent version 3.0.1005
Windows
agent version 3.0.1005 Feature | Description |
|---|---|
LSASS Read violations reporting | LSASS Read violations that are blocked are now reported to the management console. |
Due to compatibility issues, tenants that have
CylanceOPTICS
3.2 for Windows
available will not have CylancePROTECT Desktop
agent version 3.0.1005 for Windows
provisioned to them. The compatibility issues will be resolved in an upcoming release. All other versions of CylanceOPTICS
support CylancePROTECT Desktop
agent version 3.0.1005 for Windows
.What's new in Windows agent version 3.0.1000
Windows
agent version 3.0.1000Feature | Description |
|---|---|
Support for Windows 11 | The CylancePROTECT Desktop agent for Windows now supports Windows 11 devices. |
LSASS Read violations detection | Detection of LSASS Read violations has been improved in the Windows agent 3.0.1000. |
Exclusions for macro files | For Windows devices running agent 3.0.1000, administrators can now add exclusions in the Memory Protection device policy for macro files that cause Script Control events. |
Read-only access to USB devices | For Windows devices running agent 3.0.1000, administrators can now allow read-only access to external USB devices on Windows devices. |
Detection disabled for embedded VBScripts | Detection of embedded VBScript script control violations is disabled in Windows agent 3.0.1000. |
What's new in Windows agent version 2.1.1584
Windows
agent version 2.1.1584Feature | Description |
|---|---|
Added support for Windows | The CylancePROTECT Desktop 1584 agent for Windows is supported on devices running Windows 10 21H1 (May 2021), Windows 10 21H2 (November 2021), Windows 11, and Windows Server 2022. |
Memory protection enhancements |
|
What's new in Windows agent version 2.1.1568
Windows
agent version 2.1.1568Bug fixes only.
The
CylancePROTECT Desktop
1568 agent for Windows
is the last release that supports endpoints running the Windows XP
, Windows Server
2003, and Windows Server
2008 (non-R2) operating systems. The Cylance
SHA1 certificate that the agent requires to support these endpoints is due to expire in November 2023. After November 2023, any endpoints that are running this version of the agent may not behave as expected. For endpoints that are running a later version of Windows
, you must install a later version of the CylancePROTECT Desktop
agent. For more information about CylancePROTECT Desktop
support for legacy operating systems, visit support.blackberry.com and read KB 66653.