- Cylance Endpoint Security requirements
- Requirements: Cylance console
- Requirements: CylancePROTECT Desktop
- Requirements: CylanceOPTICS
- Requirements: CylancePROTECT Mobile app
- Requirements: BlackBerry Connectivity Node
- Requirements: CylanceGATEWAY Connector
- Requirements: CylanceGATEWAY agents
- Requirements: CylanceAVERT
- Cylance Endpoint Security network requirements
- Cylance Endpoint Security proxy requirements
- Logging in to the management console
- Installing the BlackBerry Connectivity Node
- Linking to your company directory
- Setting up administrators
- Adding users and devices
- Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Setting up CylancePROTECT Desktop
- Testing your CylancePROTECT Desktop deployment
- Using device policies to manage CylancePROTECT Desktop devices
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Require users to provide a password to remove the CylancePROTECT Desktop agent
- Setting up CylancePROTECT Mobile
- Setting up CylanceOPTICS
- Setting up CylanceGATEWAY
- Defining your private network
- Setting up the CylanceGATEWAY Connector
- Install the CylanceGATEWAY Connector to a vSphere environment
- Install the CylanceGATEWAY Connector to an ESXi environment
- Prerequisites to install CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Hyper-V environment
- Install the CylanceGATEWAY Connector to an AWS environment
- Configure the CylanceGATEWAY Connector in the VM environment
- Access the CylanceGATEWAY Connector using OpenSSH
- Configure your firewall for the CylanceGATEWAY Connector
- Enroll the CylanceGATEWAY Connector with the BlackBerry Infrastructure
- View details for an enrolled CylanceGATEWAY Connector
- Configure the CylanceGATEWAY Connector
- Managing CylanceGATEWAY Connectors
- Manage CylanceGATEWAY Connectors
- Update a CylanceGATEWAY Connector
- UDP connectivity test responses
- Specify your private network
- Specify your private DNS
- Specify your DNS suffixes
- Specify private CylanceGATEWAY agent IP ranges
- Bring your own IP addresses (BYOIP)
- Setting up the CylanceGATEWAY Connector
- Network Address Translation with CylanceGATEWAY
- Define network services
- Controlling network access
- Configuring network protection
- Searching ACL rules and Network Services
- Using source IP pinning
- Configuring the Gateway service options
- Gateway Service policy parameters
- Configure Gateway service options
- Specifying how devices activated with an EMM solution use the CylanceGATEWAY tunnel
- Specify which apps use CylanceGATEWAY on iOS devices
- Specify which apps use CylanceGATEWAY on iOS devices in a Microsoft Intune environment
- Specify CylanceGATEWAY options on Android Enterprise devices
- Specify CylanceGATEWAY options on Chromebook devices
- Specify CylanceGATEWAY options on Android Enterprise devices in your Microsoft Intune environment
- Connecting Cylance Endpoint Security to MDM solutions to verify whether devices are managed
- Installing the CylanceGATEWAY agent
- Defining your private network
- Setting up CylanceAVERT
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Connecting Cylance Endpoint Security to external services
- Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
- BlackBerry Docs
- Cylance Endpoint Security
- Setup
- Cylance Endpoint Security Setup Guide
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
CylancePROTECT Desktop
and CylanceOPTICS
agentsYou can use update rules to manage updates of the
CylancePROTECT Desktop
and CylanceOPTICS
agents on devices. Update rules allow you to configure Cylance Endpoint Security
to automatically push updates to a specific version or the latest available version, or you can turn off automatic updates so that you can manage the software distribution using your organization’s preferred method. Zones are associated with update rules, so that devices and users that are part of those zones receive updates accordingly (also known as zone-based updating). Any devices that are not in a zone with an update rule associated are assigned the Production update rule. By default, the Test, Pilot, and Production update rules are available but you can also add additional update rules to manage agent updates based on your organization's needs.The agent version on the device is always updated to the version that is specified in the update rule. You can use update rules to install an earlier version of an agent, even if the device is already using a newer version.
If the
Linux
driver on a device was previously updated manually on a device, the driver is not automatically updated as part of the agent update. This is to prevent the automated system from overwriting an action taken by an administrator.When you are testing agent updates, consider the following:
- BlackBerryrecommends that you test agent update rules using update rules and zones that were created for testing purposes (for example, using the Test and Pilot update rules) before using other update rules that you added for production deployment. When testing updates, consider using devices that are reserved for testing and evaluation purposes.
- Create zones for testing agent updates and add devices that are reserved for testing to them. Associate the zones that you created with the Test and Pilot update rules. For more information about creating zones, see Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS.
- Make sure that all test devices are in a zone that you are testing. The Production update rule applies to all devices that are not in a zone with another update rule associated.
How update rules work with zones
- Devices are associated with zones either by zone rules or by manual assignment.
- Devices can be associated with multiple zones.
- Zones are assigned to update rules. Devices that are assigned to those zones will follow the update rules.
- Update rules are not specific to an operating system (OS) platform, but you can create zones to manage the updates of devices with specific OS platforms. If the agent version that is specified in the update rule is not available for a platform, the device receives the update as soon as it becomes available for the platform.
- Update rules are ranked. If a device is associated with multiple zones and update rules, the update rule that is closer to the top of the list takes precedence.
Examples of update rules
The following examples illustrate update rules that are assigned zones that were created specifically for zone-based updates.
Update rule example | Assigned zones |
---|---|
Windows Server - Test |
|
Windows Server - Pilot |
|
Windows Server - Production |
|