- Cylance Endpoint Security requirements
- Requirements: Cylance console
- Requirements: CylancePROTECT Desktop
- Requirements: CylanceOPTICS
- Requirements: CylancePROTECT Mobile app
- Requirements: BlackBerry Connectivity Node
- Requirements: CylanceGATEWAY Connector
- Requirements: CylanceGATEWAY agents
- Requirements: CylanceAVERT
- Cylance Endpoint Security network requirements
- Cylance Endpoint Security proxy requirements
- Logging in to the management console
- Configuring a new Cylance Endpoint Security tenant
- Installing the BlackBerry Connectivity Node
- Linking to your company directory
- Setting up administrators
- Adding users and devices
- Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Setting up CylancePROTECT Desktop
- Testing your CylancePROTECT Desktop deployment
- Using device policies to manage CylancePROTECT Desktop devices
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Require users to provide a password to remove the CylancePROTECT Desktop and CylanceOPTICS agents
- Setting up CylancePROTECT Mobile
- Setting up CylanceOPTICS
- Setting up CylanceGATEWAY
- Defining your private network
- Setting up the CylanceGATEWAY Connector
- Install the CylanceGATEWAY Connector to a vSphere environment
- Install the CylanceGATEWAY Connector to an ESXi environment
- Prerequisites to install CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Hyper-V environment
- Install the CylanceGATEWAY Connector to an AWS environment
- Configure the CylanceGATEWAY Connector in the VM environment
- Access the CylanceGATEWAY Connector using OpenSSH
- Configure your firewall for the CylanceGATEWAY Connector
- Enroll the CylanceGATEWAY Connector with the BlackBerry Infrastructure
- View details for an enrolled CylanceGATEWAY Connector
- Configure the CylanceGATEWAY Connector
- Managing CylanceGATEWAY Connectors
- Manage CylanceGATEWAY Connectors
- Update a CylanceGATEWAY Connector
- UDP connectivity test responses
- Specify your private network
- Specify your private DNS
- Specify your DNS suffixes
- Specify private CylanceGATEWAY agent IP ranges
- Bring your own IP addresses (BYOIP)
- Setting up the CylanceGATEWAY Connector
- Network Address Translation with CylanceGATEWAY
- Define network services
- Controlling network access
- Configuring network protection
- Searching ACL rules and Network Services
- Using source IP pinning
- Configuring the Gateway service options
- Gateway Service policy parameters
- Configure Gateway service options
- Specifying how devices activated with an EMM solution use the CylanceGATEWAY tunnel
- Specify which apps use CylanceGATEWAY on iOS devices
- Specify which apps use CylanceGATEWAY on iOS devices in a Microsoft Intune environment
- Specify CylanceGATEWAY options on Android Enterprise devices
- Specify CylanceGATEWAY options on Chromebook devices
- Specify CylanceGATEWAY options on Android Enterprise devices in your Microsoft Intune environment
- Connecting Cylance Endpoint Security to MDM solutions to verify whether devices are managed
- Installing the CylanceGATEWAY agent
- Defining your private network
- Setting up CylanceAVERT
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Connecting Cylance Endpoint Security to external services
- Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
- Appendix: Using RMM solutions to install the Cylance agents on devices
- BlackBerry Docs
- Cylance Endpoint Security
- Setup
- Cylance Endpoint Security Setup Guide
- Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
- Deploy CylancePROTECT Desktop on virtual machines
Deploy CylancePROTECT Desktop on virtual machines
CylancePROTECT Desktop
on virtual machines- Create a device policy that you will use to prepare the VDI gold image. Configure the following options in the policy:Device policy categoryOptionsFile ActionsTurn onAuto Quarantine with Execution Controlfor unsafe and abnormal file typesProtection Settings
- Turn onBackground Threat Detection(Run Once)
- Turn onWatch for New Files
- Prepare the VDI gold image.
- Install the CylancePROTECT Desktop agent on the gold image. For example, use the following installation command and parameters:msiexec /i CylancePROTECTSetup_x64.msi /qn PIDKEY=<INSTALLATION TOKEN> VDI=1 LAUNCHAPP=1
- Apply the device policy that you created in step 1 to the gold image.Allow the background threat detection scan to complete. This can take several hours, depending on the size of the disk and the activity on the image as it is being scanned.
- Review the results of the background threat detection scan and, if necessary, add binaries detected on the gold image to the CylancePROTECT Desktop quarantine or safe lists.
- On the gold image, clear the Fingerprint Values from the registry.
- Stop the CylanceSvc service. Visit support.blackberry.com and read KB 107236.
- Using the Local Administrator account, take ownership of the registry key and add full control permissions to the following registry:HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop
- Back up or export the registry shown above.
- Remove the following registry keys: FP, FPMask, and FPVersion.
- Create the gold image.
- Create a device policy that is intended for production VDI workstations.BlackBerryrecommends the following options in the policy, in addition to the options that you want to enable for your production workstations:Device policy categoryOptionsFile Actions
- Turn onAuto Quarantine with Execution Controlfor unsafe and abnormal file types
- Turn onAuto Upload
Protection Settings- Turn onWatch for New Files
- Turn offBackground Threat Detection
- Deploy and clone the gold image to production workstations. Each cloned image must have a unique UUID or ID that is different than the gold image.
- Apply the device policy from step 5 to the production workstations.
For the cloned devices, configure zone-based agent updates to
Do Not Update
or to a specific version of the agent. Updates should be managed on the gold image. See Update CylancePROTECT Desktop on cloned devices.