Cylance Endpoint Security service updates
Management console and platform services
- Management console and platform services fixed issues
- Management console and platform services known issues
CylancePROTECT Desktop release notes
CylancePROTECT Mobile release notes
- CylancePROTECT Mobile fixed issues
- CylancePROTECT Mobile known issues
CylanceOPTICS release notes
- CylanceOPTICS fixed issues
- CylanceOPTICS known issues
CylanceGATEWAY release notes
- CylanceGATEWAY fixed issues
- CylanceGATEWAY known issues
CylanceAVERT release notes
- CylanceAVERT fixed issues
- CylanceAVERT known issues

Known issues in the
Windows
agent

CylancePROTECT Desktop

might not successfully block

Microsoft Excel

files that are infected with Kangatang or Laroux viruses even though the Dangerous VBA Macros policy is turned on. (EUS-1465)

* If a USB device is connected at device startup, sometimes the device control policy blocks it even though there is a valid exclusion set in the device policy. (EUS-1424)

Workaround
: Disconnect and reconnect the USB device.

* The Barco ClickShare app stops responding when memory protection is turned on in the device policy. (EUS-1283)

Workaround
: Add a memory protection exclusion for

clickshare_native.exe

On some devices running

Windows Server

2012 R2,

rundll32.exe

stops responding after a memory protection violation. (EUS-1267)

The script control policy for XLM macros is not enforced if the Excel Trust Center > Macros Settings is set to "Enable VBA macros". (EUS-1065)

Workaround
: Verify that one of the "Disable VBA macros" is selected.

When the

Windows

8.3 short naming format of a process path is used to execute a file (e.g.

C:\PROGRA~1\folder\file.exe

) and the memory protection exclusions are defined using the long naming format for that process (e.g.

C:\Program Files\folder\file.exe

), the exclusions do not apply. (EUS-593)

Workaround
: Ensure that files are executed using the long path format. Note that adding exclusions using the

Windows

8.3 short naming format is not supported.

On a device running

Windows

Server 2012 R2 and

CylancePROTECT Desktop

agent 2.1.1580 and later,

System32\wbem\WmiPrvSE.exe

is incorrectly reported as a threat. (EUS-179, EPP-3279)

When trying to launch

Microsoft Visual Studio

2022, several System DLL Overwrite violations are reported and it is not launching as expected. (EPP-2312)

Workaround
: In the device policy, add an exclusion to ignore "System DLL Overwrite" violations for devenv.exe that is located in the installation folder of

Visual Studio

2022. For example, set the exclusion to ignore "System DLL Overwrite" violations at

\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\devenv.exe

. The installation path may differ between editions and locales.

If you assign a device policy with script control set to "Block" but allow PowerShell console usage, scripts run from the PowerShell console are blocked. (CHP-8409)

On the Script tab of the

Windows

agent, the command line display in the tooltip for a long PowerShell script shows duplicated and overwritten information. (CHP-8349)

The

Cylance

service may intermittently get stuck in a “StopPending” state when cycling between a stopped and running state. (CHP-7174)

When "System DLL Overwrite" is enabled in the memory protection policy, using AutoCad 2022 (S.51.0.0) and trying to log in to an AutoCad account triggers a memory protection event. (COM-3896)

Workaround
: Add a memory protection exclusion for AutoCad for the System DLL Overwrite violation type.

Section:

What's new in the CylancePROTECT Desktop agent for Windows

Known issues in the Windows agent

Known issues in the
Windows
agent