- Cylance Endpoint Security requirements
- Requirements: Cylance console
- Requirements: CylancePROTECT Desktop
- Requirements: CylanceOPTICS
- Requirements: CylancePROTECT Mobile app
- Requirements: BlackBerry Connectivity Node
- Requirements: CylanceGATEWAY Connector
- Requirements: CylanceGATEWAY agents
- Requirements: CylanceAVERT
- Cylance Endpoint Security network requirements
- Cylance Endpoint Security proxy requirements
- Logging in to the management console
- Installing the BlackBerry Connectivity Node
- Linking to your company directory
- Setting up administrators
- Adding users and devices
- Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Setting up CylancePROTECT Desktop
- Testing your CylancePROTECT Desktop deployment
- Using device policies to manage CylancePROTECT Desktop devices
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Require users to provide a password to remove the CylancePROTECT Desktop agent
- Setting up CylancePROTECT Mobile
- Setting up CylanceOPTICS
- Setting up CylanceGATEWAY
- Defining your private network
- Setting up the CylanceGATEWAY Connector
- Install the CylanceGATEWAY Connector to a vSphere environment
- Install the CylanceGATEWAY Connector to an ESXi environment
- Prerequisites to install CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Hyper-V environment
- Install the CylanceGATEWAY Connector to an AWS environment
- Configure the CylanceGATEWAY Connector in the VM environment
- Access the CylanceGATEWAY Connector using OpenSSH
- Configure your firewall for the CylanceGATEWAY Connector
- Enroll the CylanceGATEWAY Connector with the BlackBerry Infrastructure
- View details for an enrolled CylanceGATEWAY Connector
- Configure the CylanceGATEWAY Connector
- Managing CylanceGATEWAY Connectors
- Manage CylanceGATEWAY Connectors
- Update a CylanceGATEWAY Connector
- UDP connectivity test responses
- Specify your private network
- Specify your private DNS
- Specify your DNS suffixes
- Specify private CylanceGATEWAY agent IP ranges
- Bring your own IP addresses (BYOIP)
- Setting up the CylanceGATEWAY Connector
- Network Address Translation with CylanceGATEWAY
- Define network services
- Controlling network access
- Configuring network protection
- Searching ACL rules and Network Services
- Using source IP pinning
- Configuring the Gateway service options
- Gateway Service policy parameters
- Configure Gateway service options
- Specifying how devices activated with an EMM solution use the CylanceGATEWAY tunnel
- Specify which apps use CylanceGATEWAY on iOS devices
- Specify which apps use CylanceGATEWAY on iOS devices in a Microsoft Intune environment
- Specify CylanceGATEWAY options on Android Enterprise devices
- Specify CylanceGATEWAY options on Chromebook devices
- Specify CylanceGATEWAY options on Android Enterprise devices in your Microsoft Intune environment
- Connecting Cylance Endpoint Security to MDM solutions to verify whether devices are managed
- Installing the CylanceGATEWAY agent
- Defining your private network
- Setting up CylanceAVERT
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Connecting Cylance Endpoint Security to external services
- Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
Add allowed and trusted domains
You specify domains so that you can list browser and email addresses that you trust to safely upload files to. After you add domains, you will need to enable them to be used in the information protection policies. When you specify an allowed domain for a policy, that domain will not trigger any policy violations when it is scanned for sensitive file uploads if the domain has been validated against an added certificate and become a trusted domain. If you don't specify any domains in the information protection settings or add any domains for use in your policies, all domains will be treated as untrusted.
- All USB device domains are considered as untrusted.
- After you specify an allowed domain, any subdomains will also be considered as allowed as long as their trusted certificates are added.
Verify that you have upload a trusted certificate. For a domain to be considered as trusted, a trusted certificate must be uploaded. If a trusted certificate is not uploaded and the allowed domain is used in a policy, it will still trigger an exfiltration event. For more information, see Verify domains using trusted certificates.
- In the management console, on the menu bar, clickSettings > Information Protection.
- Click theAllowed Domainstab.
- To add a new browser domain, click theAdd New Domainbutton.
- In theAdd allowed domaindialog box, type a name and description for the domain in the text fields. Wildcard characters are not supported in the domain name field.
- Optionally, turn on the ability to use this domain in a policy.
- ClickVerifyto check if this domain uses an existing trusted certificate. If you have not uploaded a certificate, add the certificate now. For instructions, see Verify domains using trusted certificates.
- ClickAdd.
- If you would like to add a new email domain, type the domain in theAllowed Email Domainssection and use a comma to separate it from the previously entered domains.
To delete an allowed domain, in the
Allowed Domains
list, click the check box beside the domain that you want to delete and click Delete
.