Cylance Endpoint Security requirements
Logging in to the management console
- Custom authentication
- Enhanced authentication sign in
  - Sign in to the Cylance Endpoint Security management console using enhanced authentication
Installing the BlackBerry Connectivity Node
Linking to your company directory
Setting up administrators
Adding users and devices
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylancePROTECT Mobile
- Create a CylancePROTECT Mobile policy
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
  - CylanceOPTICS sensors
  - Data structures that CylanceOPTICS uses to identify threats
Setting up CylanceGATEWAY
Setting up CylanceAVERT
Integrating Cylance Endpoint Security with Microsoft Intune to respond to mobile threats
- Connect Cylance Endpoint Security to Intune
- Create a risk assessment policy
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines

File actions

The following settings can be found in the

File Actions

tab in a device policy. They specify how the

CylancePROTECT Desktop

agent handles a file when it detects a threat that it considers to be unsafe or abnormal.

Option	Description
Auto Quarantine with Execution Control	This setting specifies whether to automatically quarantine unsafe or abnormal files to prevent them from executing. If you want to quarantine abnormal files, you must first select the option to quarantine unsafe files. Unsafe files contain significantly more malware attributes and are more likely to be malware than abnormal files. When a file is quarantined, the following occurs: The file is renamed with a .quarantine extension. The file is moved from its original location to one of the following quarantine directories: For Windows devices: C:\ProgramData\Cylance\Desktop\q For macOS devices: /Library/Application Support/Cylance/Desktop/q For Linux devices: /opt/cylance/desktop/q The Access Control List (ACL) for the file is modified to prevent to prevent the user from interacting with the file. Some malware is designed to create files in other directories and continues to do so until it is successful. Instead of removing the files, CylancePROTECT Desktop modifies them so that the malware doesn't try to create them again and so that they could not be executed.
Enable auto-delete for quarantined files	This setting specifies whether to automatically delete quarantined files after a specified number of days. For example, you can set it so that a file is deleted after it has been quarantined for 14 days. The number of days can range from 14 to 365. When the file is deleted, the following occurs: The action is included in the agent log file for verification and auditing purposes. The file is removed from the quarantine list in the agent UI.
Auto Upload	Make sure that you enable Auto Upload for all available file types. If the agent finds a file that CylancePROTECT cloud services has never analyzed before, it requests to upload the file for analysis. CylancePROTECT Desktop only uploads and analyzes unknown files such as Portable Executable (PE), Executable and Linkable Format (ELF) and Mach Object file format (Mach-O) files. If the same unknown file is discovered on multiple devices in the organization, CylancePROTECT Desktop uploads one file only from a single device for analysis, not one file per device.
Policy Safe List	Add files that you consider to be safe to the policy safe list to allow them to run. The policy safe list takes precedence over the global safe list or global quarantine list. For example, a file that is added to the policy safe list is allowed to run on a device that is assigned the policy, even if that file is in the global quarantine list which blocks files from running on all devices.

Section:

Using device policies to manage CylancePROTECT Desktop devices

Add files to the policy safe list