Fixed issues in the Windows agent Skip Navigation

Fixed issues in the
Windows
agent

Fixed in
Windows
agent version 3.2.1000

When Auto Quarantine was enabled, the OS might hang temporarily while
CylancePROTECT Desktop
took some time to process unknown files. (CHP-8912)
When you try to install Autodesk on a device with the Block PowerShell Console Usage device policy rule enabled, you were blocked. (CHP-8861)
When attempting to upgrade the
CylancePROTECT Desktop
agent from version 3.x to 3.2, the CylanceSvc could not restart and the upgrade was not successful. (EPP-4424)
Compressed archives that contained executables were not scored properly. The "Input stream of wrong type: stream must be readable and seekable but not writeable" error message appeared in the log file. (EPP-4083)
When the Cylancesvc service was restarted, the timestamp for the last background threat detection scan was updated even though a scan did not take place after the service restarted. (EPP-3958)
If the device has a copy of one of the
CylancePROTECT Desktop
agent assemblies or .dll files referenced in the .NET Global Assembly Cache (for example, System.Data.SQLite.dll), the CylancePROTECT Desktop agent could not start properly. (EPP-3767)
Each time an executable that was in the exclusion list was run on a device, there were multiple redundant 'UNKNOWN_FILE' log entries associated with it. If the executable was used frequently, the log file size can grew quickly. (EPP-2828)
When you use the online updater to upgrade the
CylancePROTECT Desktop
agent, if its installation was successful but the upgrade of a non-
CylancePROTECT Desktop
agent (such as
CylanceOPTICS
) was not successful, the
CylancePROTECT Desktop
agent was rolled back unnecessarily. If the upgrade to
CylancePROTECT Desktop
agent 3.2 is successful, it does not roll back even if upgrades to other agents were not successful. (EPP-1897)
When a file in the global quarantine list was detected and blocked, the block action was not reported to the management console if the file was deleted before the agent processed the event. (EPP-1709)
After unplugging a USB device such as a document scanner and then plugging in another one, and the device control policy is turned on, a bug check error occurs and the device is forced to reboot. (EUS-1655)
When both PowerShell Console and PowerShell Script policies are set to Block, some scripts were blocked from running even though they should have been allowed according to script control exclusions. (EUS-1212, EUS-1123)
If you plugged in a UGREEN USB-C hub on a device that was running the
CylancePROTECT Desktop
agent with a device control policy, a blue screen error occurred. (EUS-934)
After plugging in a USB device such as a printer through a USB hub, and the device control policy is turned on, a bug check error occurs and the device is forced to reboot. (EUS-563)

Fixed in
Windows
agent version 3.1.1003

If the device has a copy of one of the
CylancePROTECT Desktop
agent assemblies or .dll files referenced in the .NET Global Assembly Cache (for example, System.Data.SQLite.dll), the CylancePROTECT Desktop agent could not start properly. (EPP-4507, EPP-3767)

Fixed in
Windows
agent version 3.1.1001

When a device could not connect to the
Cylance
management console, the log line that was associated with the event was only available when verbose logging was enabled. (EPP-3311)
If you installed a version of
CylancePROTECT Desktop
using a unified installer (version 2.4.x), you were prevented from upgrading the
CylancePROTECT Desktop
agent individually. You can now upgrade to
CylancePROTECT Desktop
agent 3.1.1001.17 using the online updater. (EPP-3300)
For more information, visit support.blackberry.com/community to read KB 102884.
When a device connection timed out, the log line that was associated with the event was only available when verbose logging was enabled. (EPP-3294)
Devices that are on networks with higher latency could not connect to
Cylance
Cloud services. (EPP-3292)
When you opened
Microsoft Excel
documents through an
Outlook
attachment or
OneNote
tab,
OfficeClickToRun.exe
was blocked by the memory protection policy. (EPP-1951)
The
taskkill.exe
process intermittently stopped responding while killing a process. (EUS-1274)
In a
Citrix
VDI environment, high CPU usage by the
CylancePROTECT Desktop
agent was observed. (EUS-1209)
When a memory protection exclusion for Dangerous VBA macros was added for a .xlsm file, if file name contained Japanese characters, the file was not excluded properly and was blocked from running. (EUS-1090)

Fixed in
Windows
agent version 3.1.1000

When Smart App Control was enabled on
Windows
11 devices, the installation of the
CylancePROTECT Desktop
agent 3.1 was not successful if you used the .exe installer. (EPP-3194)
When a memory protection violation occurred, there was a delay before the system reported the event to the management console. (CHP-8615)
When some applications caused a memory protection violation, the applications stopped responding due to a "Security check failure or stack buffer overrun" error. (EUS-991)
Microsoft Excel
stopped responding due to stack overflow errors when attempting to run a macro with VBA hooking functions. (EUS-664)
When VSTO add-ins are configured in
Microsoft Excel
, it stopped responding when you opened a file that included various macros even though exclusions were properly set. (EUS-637)
When accessing an ASP-based website that uses an embedded VBScript, the website throws a 500 error on the first attempt to access the site. This error appears if the device is assigned a policy with the Active Script script control setting enabled. (EUS-555)
The memory protection exclusion list did not take effect properly when folders were named using uppercase letters of the Zenkaku Hiragana input method. (EUS-937)

Fixed in
Windows
agent version 3.0.1005

When “Block PowerShell Console Usage” was selected in the script control policy, and a script that used the Write-Error cmdlet was added to the exclusion list (i.e. approved), the script was interrupted when it used the cmdlet. The script can now run as expected without being interrupted by the agent when the cmdlet is used. (EUS-508)
If the
CylancePROTECT Desktop
agent version 3.0 with memory protection enabled was running on a user’s 64-bit
Windows
OS, and the user started a 32-bit version of
Microsoft Outlook
,
Outlook
closed immediately. (EUS-440)
When a user tried to execute a program file from a network share while the
CylancePROTECT Desktop
agent version 3.0 was monitoring,
Windows
might have displayed a blue screen with the following error:  "Your PC ran into a problem and needs to restart, Stop code: SYSTEM_SERVICE_EXCEPTION, What failed: CylanceDrv64.sys” (EUS-437)
When memory protection was enabled, redundant information was written to temporary files. The redundant information has been reduced and fewer temporary files are created. (EUS-294)

Fixed in
Windows
agent version 3.0.1000

The
CylancePROTECT
service did not start on devices that have installed the Arabic version of
Windows
. (CHP-8512)
When you opened the
Windows
agent on a
Windows
10 device, some options were disabled when you right-clicked a threat in the Threats tab. In Online Mode, the "Show File Properties" option was disabled. In Disconnected Mode, "Show File Properties", "Quarantine File", and "Waive File" options were disabled. (CHP-8357)
The timestamps of events that the agent reported were slightly offset if the device time zone was set to UTC +0100. (CHP-8351)

Fixed in
Windows
agent version 2.1.1584

Microsoft SQL Server 2008 R2 stopped responding on startup. (MEM-847)
Fixed an issue with WideOrbit servers and
CylancePROTECT Desktop
script control. (MEM-846, MEM-844)
Fixed an issue with Microsoft Dynamics and
CylancePROTECT Desktop
script control. (MEM-845)
An error occurred when launching VisionApp Remote Desktop 2011 with script control enabled. (MEM-830)
Resolved an issue with LSASS Read for memory protection. (MEM-662)
The agent did not properly log an action taken for the Remote APC Scheduled violation. (CHP-8534)

Fixed in
Windows
agent version 2.1.1568

When a remote procedure call (RPC) message was larger than 64K and the agent allocated memory, the memory allocation size couldn’t be modified. (EPP-1504)
An arbitrary message could have been broadcasted to an Advanced Local Procedure Call (ALPC) port. (EPP-1503)
A user with insufficient privileges could have deleted files in the Cylance directory when using a remote procedure call (RPC) and the Chromium Embedded Framework (CEF) was loaded using a third-party app. (EPP-1236)
A system bugcheck may occur when formatting some Unicode strings for logging. (CHP-8610)