Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
You can use update rules to manage updates of the
CylanceOPTICSagents on devices. Update rules allow you to configure
Cylance Endpoint Securityto automatically push updates to a specific version or the latest available version, or you can turn off automatic updates so that you can manage the software distribution using your organization’s preferred method. Zones are associated with update rules, so that devices and users that are part of those zones receive updates accordingly (also known as zone-based updating). Any devices that are not in a zone with an update rule associated are assigned the Production update rule. By default, the Test, Pilot, and Production update rules are available but you can also add additional update rules to manage agent updates based on your organization's needs.
The agent version on the device is always updated to the version that is specified in the update rule. You can use update rules to install an earlier version of an agent, even if the device is already using a newer version.
Linuxdriver on a device was previously updated manually on a device, the driver is not automatically updated as part of the agent update. This is to prevent the automated system from overwriting an action taken by an administrator.
When you are testing agent updates, consider the following:
- BlackBerryrecommends that you test agent update rules using update rules and zones that were created for testing purposes (for example, using the Test and Pilot update rules) before using other update rules that you added for production deployment. When testing updates, consider using devices that are reserved for testing and evaluation purposes.
- Create zones for testing agent updates and add devices that are reserved for testing to them. Associate the zones that you created with the Test and Pilot update rules. For more information about creating zones, see Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS.
- Make sure that all test devices are in a zone that you are testing. The Production update rule applies to all devices that are not in a zone with another update rule associated.
How update rules work with zones
- Devices are associated with zones either by zone rules or by manual assignment.
- Devices can be associated with multiple zones.
- Zones are assigned to update rules. Devices that are assigned to those zones will follow the update rules.
- Update rules are not specific to an operating system (OS) platform, but you can create zones to manage the updates of devices with specific OS platforms. If the agent version that is specified in the update rule is not available for a platform, the device receives the update as soon as it becomes available for the platform.
- Update rules are ranked. If a device is associated with multiple zones and update rules, the update rule that is closer to the top of the list takes precedence.
Examples of update rules
The following examples illustrate update rules that are assigned zones that were created specifically for zone-based updates.
Update rule example
WindowsServer - Test
WindowsServer - Pilot
WindowsServer - Production