Fixed issues in the

Windows

agent

In some cases when memory protection was enabled,

CylancePROTECT Desktop

got stuck in a cooperative spinlock state with other software processes, which prevented garbage collection and eventually the software stopped responding. (EUS-1707)

Script control exclusions that were added to a device policy were not applied until the CylanceSvc service was restarted. (EPP-5574)

The

CylancePROTECT

display name was inconsistent between the MSI installer and the zone updater (cyupdate). (EPP-4894)

When running

CylancePROTECT Desktop

3.x on an ASP-based web server, the server threw a "Create object failed" error if Active Script was turned on in the script control policy. (EUS-1699)

When running

CylancePROTECT Desktop

3.x on a web application server, such as for an ASP-based website,

w3wp.exe

might stop responding when the application pool was restarted. (EUS-1682)

When running

CylancePROTECT Desktop

3.x on application servers, w3wp.exe might stop responding when script control was turned on in the device policy. (EUS-1647)

The Barco ClickShare app stopped responding when memory protection was turned on in the device policy. (EUS-1283)

When the

Windows

8.3 short naming format of a process path was used to execute a file (e.g.

C:\PROGRA~1\folder\file.exe

) and the memory protection exclusions were defined using the long naming format for that process (e.g.

C:\Program Files\folder\file.exe

), the exclusions did not apply. (EUS-593)

If you uninstalled

CylancePROTECT Desktop

and reinstalled it without restarting the device first, the files from the old installation remained on the device which might have caused unexpected behavior. (EPP-5165)

If you have

CylancePROTECT Desktop

2.1.157x installed on a device with a user proxy configured, the updater cannot successfully complete the upgrade the agent to version 3.2.1001. (EPP-5114)

If the self-protection level installation parameter was set to allow local administrators to modify the registry and services, the local admin user received an error when trying to make modifications. (EPP-4786)

If the device had different versions of

CylancePROTECT Desktop

agent assemblies or .dll files referenced in the .NET Global Assembly Cache (for example, AlphaFS.dll), the agent cannot start properly if it couldn't find a matching reference. (EPP-4608)

On a computer that was shared between multiple users, if a user installed an application and then logged off, the application was removed from the user's list of installed applications in the

Cylance

console. (EPP-4538)

A signed script that was added to the exclusion list was reported as a threat even though, it was signed with a valid certificate at the time of signing, according to the timestamp. (EPP-4500)

If you installed

CylancePROTECT Desktop

with a custom installation wrapper, zone-based updates were not successful. (EPP-4485)

When you opened

Microsoft Excel

documents through an

Outlook

attachment or

OneNote

tab, OfficeClickToRun.exe triggered alerts from the Updates folder. (EPP-4406)

On some devices that were running

Windows Server

2012 R2 and

Windows

8.1, after receiving a zone-based update from agent version 3.2.1000 to 3.2.1001, the device couldn't verify the digital signature for

CylanceDrv64.sys

during a reboot of the device. (EPP-4998)

On some devices that were running agent version 3.2.1001, if the device had multiple USB devices connected to it such as through a USB hub, a system bug check error occurred when the device control policy was turned on. (EUS-1725)

After a USB device such as a document scanner was unplugged and you plugged in another one, and the device control policy was turned on, a system bug check (SYSTEM_THREAD_EXCEPTION_NOT_HANDLED) error occurred and the device was forced to reboot. (EUS-1685)

Some USB4 docking stations did not work properly after a device restart on a device that had device control policy enabled. (EUS-1400)

An issue that prevented the offline ML model from working properly on

Windows

devices running

CylancePROTECT Desktop

version 3.2.1000 was fixed. (EPP-4880)

Some files that could not be scored in the

Cylance

cloud or locally received invalid scores which caused unnecessary log entries. (EPP-4662)

Some files that could not be scored in the

Cylance

cloud or locally were repeatedly analyzed which caused unnecessary log entries. (EPP-4661)

If a USB device was connected at device startup, sometimes the device control policy blocked it even though there is a valid exclusion set in the device policy. (EUS-1424)

If you plugged in a UGREEN USB-C hub on a device that was running the

CylancePROTECT Desktop

agent with a device control policy, a blue screen error occurred. (EUS-934)

When Auto Quarantine was enabled, the OS might hang temporarily while

CylancePROTECT Desktop

took some time to process unknown files. (CHP-8912)

When you try to install Autodesk on a device with the Block PowerShell Console Usage device policy rule enabled, you were blocked. (CHP-8861)

When attempting to upgrade the

CylancePROTECT Desktop

agent from version 3.x to 3.2 (beta version), the CylanceSvc service could not restart and the upgrade was not successful. (EPP-4424)

Compressed archives that contained executables were not scored properly. The "Input stream of wrong type: stream must be readable and seekable but not writeable" error message appeared in the log file. (EPP-4083)

When the Cylancesvc service was restarted, the timestamp for the last background threat detection scan was updated even though a scan did not take place after the service restarted. (EPP-3958)

If the device has a copy of one of the

CylancePROTECT Desktop

agent assemblies or .dll files referenced in the .NET Global Assembly Cache (for example, System.Data.SQLite.dll), the CylancePROTECT Desktop agent could not start properly. (EPP-3767)

Each time an executable that was in the exclusion list was run on a device, there were multiple redundant 'UNKNOWN_FILE' log entries associated with it. If the executable was used frequently, the log file size can grew quickly. (EPP-2828)

When you use the online updater to upgrade the

CylancePROTECT Desktop

agent, if its installation was successful but the upgrade of a non-

CylancePROTECT Desktop

agent (such as

CylanceOPTICS

) was not successful, the

CylancePROTECT Desktop

agent was rolled back unnecessarily. If the upgrade to

CylancePROTECT Desktop

agent 3.2 is successful, it does not roll back even if upgrades to other agents were not successful. (EPP-1897)

When a file in the global quarantine list was detected and blocked, the block action was not reported to the management console if the file was deleted before the agent processed the event. (EPP-1709)

After unplugging a USB device such as a document scanner and then plugging in another one, and the device control policy is turned on, a bug check error occurs and the device is forced to reboot. (EUS-1655)

When both PowerShell Console and PowerShell Script policies are set to Block, some scripts were blocked from running even though they should have been allowed according to script control exclusions. (EUS-1212, EUS-1123)

After plugging in a USB device such as a printer through a USB hub, and the device control policy is turned on, a bug check error occurs and the device is forced to reboot. (EUS-563)

If the device has a copy of one of the

CylancePROTECT Desktop

agent assemblies or .dll files referenced in the .NET Global Assembly Cache (for example, System.Data.SQLite.dll), the CylancePROTECT Desktop agent could not start properly. (EPP-4507, EPP-3767)

When a device could not connect to the

Cylance

management console, the log line that was associated with the event was only available when verbose logging was enabled. (EPP-3311)

If you installed a version of

CylancePROTECT Desktop

using a unified installer (version 2.4.x), you were prevented from upgrading the

CylancePROTECT Desktop

agent individually. You can now upgrade to

CylancePROTECT Desktop

agent 3.1.1001.17 using the online updater. (EPP-3300)

For more information, visit support.blackberry.com/community to read KB 102884.

When a device connection timed out, the log line that was associated with the event was only available when verbose logging was enabled. (EPP-3294)

Devices that are on networks with higher latency could not connect to

Cylance

Cloud services. (EPP-3292)

When you opened

Microsoft Excel

documents through an

Outlook

attachment or

OneNote

tab,

OfficeClickToRun.exe

was blocked by the memory protection policy. (EPP-1951)

The

taskkill.exe

process intermittently stopped responding while killing a process. (EUS-1274)

In a

Citrix

VDI environment, high CPU usage by the

CylancePROTECT Desktop

agent was observed. (EUS-1209)

When a memory protection exclusion for Dangerous VBA macros was added for a .xlsm file, if file name contained Japanese characters, the file was not excluded properly and was blocked from running. (EUS-1090)

When Smart App Control was enabled on

Windows

11 devices, the installation of the

CylancePROTECT Desktop

agent 3.1 was not successful if you used the .exe installer. (EPP-3194)

When a memory protection violation occurred, there was a delay before the system reported the event to the management console. (CHP-8615)

When some applications caused a memory protection violation, the applications stopped responding due to a "Security check failure or stack buffer overrun" error. (EUS-991)

Microsoft Excel

stopped responding due to stack overflow errors when attempting to run a macro with VBA hooking functions. (EUS-664)

When VSTO add-ins are configured in

Microsoft Excel

, it stopped responding when you opened a file that included various macros even though exclusions were properly set. (EUS-637)

When accessing an ASP-based website that uses an embedded VBScript, the website throws a 500 error on the first attempt to access the site. This error appears if the device is assigned a policy with the Active Script script control setting enabled. (EUS-555)

The memory protection exclusion list did not take effect properly when folders were named using uppercase letters of the Zenkaku Hiragana input method. (EUS-937)

When “Block PowerShell Console Usage” was selected in the script control policy, and a script that used the Write-Error cmdlet was added to the exclusion list (i.e. approved), the script was interrupted when it used the cmdlet. The script can now run as expected without being interrupted by the agent when the cmdlet is used. (EUS-508)

If the

CylancePROTECT Desktop

agent version 3.0 with memory protection enabled was running on a user’s 64-bit

Windows

OS, and the user started a 32-bit version of

Microsoft Outlook

,

Outlook

closed immediately. (EUS-440)

When a user tried to execute a program file from a network share while the

CylancePROTECT Desktop

agent version 3.0 was monitoring,

Windows

might have displayed a blue screen with the following error:  "Your PC ran into a problem and needs to restart, Stop code: SYSTEM_SERVICE_EXCEPTION, What failed: CylanceDrv64.sys” (EUS-437)

When memory protection was enabled, redundant information was written to temporary files. The redundant information has been reduced and fewer temporary files are created. (EUS-294)

The

CylancePROTECT

service did not start on devices that have installed the Arabic version of

Windows

. (CHP-8512)

When you opened the

Windows

agent on a

Windows

10 device, some options were disabled when you right-clicked a threat in the Threats tab. In Online Mode, the "Show File Properties" option was disabled. In Disconnected Mode, "Show File Properties", "Quarantine File", and "Waive File" options were disabled. (CHP-8357)

The timestamps of events that the agent reported were slightly offset if the device time zone was set to UTC +0100. (CHP-8351)

When a remote procedure call (RPC) message was larger than 64K and the agent allocated memory, the memory allocation size couldn’t be modified. (EPP-1504)

An arbitrary message could have been broadcasted to an Advanced Local Procedure Call (ALPC) port. (EPP-1503)

A user with insufficient privileges could have deleted files in the Cylance directory when using a remote procedure call (RPC) and the Chromium Embedded Framework (CEF) was loaded using a third-party app. (EPP-1236)

A system bugcheck may occur when formatting some Unicode strings for logging. (CHP-8610)