Fixed issues in the

Windows

agent

When a device could not connect to the

Cylance

management console, the log line that was associated with the event was only available when verbose logging was enabled. (EPP-3311)

If you installed a version of

CylancePROTECT Desktop

using a unified installer (version 2.4.x), you were prevented from upgrading the

CylancePROTECT Desktop

agent individually. You can now upgrade to

CylancePROTECT Desktop

agent 3.1.1001.17 using the online updater. (EPP-3300)

For more information, visit support.blackberry.com/community to read KB 102884.

When a device connection timed out, the log line that was associated with the event was only available when verbose logging was enabled. (EPP-3294)

Devices that are on networks with higher latency could not connect to

Cylance

Cloud services. (EPP-3292)

When you opened

Microsoft Excel

documents through an

Outlook

attachment or

OneNote

tab,

OfficeClickToRun.exe

was blocked by the memory protection policy. (EPP-1951)

The

taskkill.exe

process intermittently stopped responding while killing a process. (EUS-1274)

When a memory protection exclusion for Dangerous VBA macros was added for a .xlsm file, if file name contained Japanese characters, the file was not excluded properly and was blocked from running. (EUS-1090)

When Smart App Control was enabled on

Windows

11 devices, the installation of the

CylancePROTECT Desktop

agent 3.1 was not successful if you used the .exe installer. (EPP-3194)

When a memory protection violation occurred, there was a delay before the system reported the event to the management console. (CHP-8615)

When some applications caused a memory protection violation, the applications stopped responding due to a "Security check failure or stack buffer overrun" error. (EUS-991)

Microsoft Excel

stopped responding due to stack overflow errors when attempting to run a macro with VBA hooking functions. (EUS-664)

When VSTO add-ins are configured in

Microsoft Excel

, it stopped responding when you opened a file that included various macros even though exclusions were properly set. (EUS-637)

When accessing an ASP-based website that uses an embedded VBScript, the website throws a 500 error on the first attempt to access the site. This error appears if the device is assigned a policy with the Active Script script control setting enabled. (EUS-555)

The memory protection exclusion list did not take effect properly when folders were named using uppercase letters of the Zenkaku Hiragana input method. (EUS-937)

When “Block PowerShell Console Usage” was selected in the script control policy, and a script that used the Write-Error cmdlet was added to the exclusion list (i.e. approved), the script was interrupted when it used the cmdlet. The script can now run as expected without being interrupted by the agent when the cmdlet is used. (EUS-508)

If the

CylancePROTECT Desktop

agent version 3.0 with memory protection enabled was running on a user’s 64-bit

Windows

OS, and the user started a 32-bit version of

Microsoft Outlook

,

Outlook

closed immediately. (EUS-440)

When a user tried to execute a program file from a network share while the

CylancePROTECT Desktop

agent version 3.0 was monitoring,

Windows

might have displayed a blue screen with the following error:  "Your PC ran into a problem and needs to restart, Stop code: SYSTEM_SERVICE_EXCEPTION, What failed: CylanceDrv64.sys” (EUS-437)

When memory protection was enabled, redundant information was written to temporary files. The redundant information has been reduced and fewer temporary files are created. (EUS-294)

The

CylancePROTECT

service did not start on devices that have installed the Arabic version of

Windows

. (CHP-8512)

When you opened the

Windows

agent on a

Windows

10 device, some options were disabled when you right-clicked a threat in the Threats tab. In Online Mode, the "Show File Properties" option was disabled. In Disconnected Mode, "Show File Properties", "Quarantine File", and "Waive File" options were disabled. (CHP-8357)

The timestamps of events that the agent reported were slightly offset if the device time zone was set to UTC +0100. (CHP-8351)

Microsoft SQL Server 2008 R2 stopped responding on startup. (MEM-847)

Fixed an issue with WideOrbit servers and

CylancePROTECT Desktop

script control. (MEM-846, MEM-844)

Fixed an issue with Microsoft Dynamics and

CylancePROTECT Desktop

script control. (MEM-845)

An error occurred when launching VisionApp Remote Desktop 2011 with script control enabled. (MEM-830)

Resolved an issue with LSASS Read for memory protection. (MEM-662)

The 1580 agent did not properly log an action taken for the Remote APC Scheduled violation. (CHP-8534)

When a remote procedure call (RPC) message was larger than 64K and the agent allocated memory, the memory allocation size couldn’t be modified. (EPP-1504)

An arbitrary message could have been broadcasted to an Advanced Local Procedure Call (ALPC) port. (EPP-1503)

A user with insufficient privileges could have deleted files in the Cylance directory when using a remote procedure call (RPC) and the Chromium Embedded Framework (CEF) was loaded using a third-party app. (EPP-1236)

A system bugcheck may occur when formatting some Unicode strings for logging. (CHP-8610)