Cylance Endpoint Security requirements
Logging in to the management console
- Custom authentication
- Enhanced authentication sign in
  - Sign in to the Cylance Endpoint Security management console using enhanced authentication
  - Generate a new SSO callback URL
Installing the BlackBerry Connectivity Node
Linking to your company directory
Setting up administrators
Adding users and devices
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylancePROTECT Mobile
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
Setting up CylanceGATEWAY
Setting up CylanceAVERT
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Connecting Cylance Endpoint Security to external services
- Integrating Cylance Endpoint Security with Okta
  - Prerequisites for adding an Okta connector
  - Add and configure an Okta connector
- Integrating Cylance Endpoint Security with Mimecast
  - Prerequisites for adding a Mimecast connector
  - Add and configure a Mimecast connector
Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines

Wildcards in script control exclusions

You can use the asterisk (*) as a wildcard when specifying exclusions in the

Script Control

tab.

Using wildcards in script control exclusions reduces the number of alerts displayed in your console while allowing users to run certain scripts that match the exclusion path and filename. For example, you can exclude a specific script by using its full name when you use a wildcard in the directory path, or you can use the wildcard to match a group of scripts that share a similar name by using it as part of the file name itself.

Although the use of wildcards in exclusions provides flexibility, it can also lower your security stance if your exclusions are too broad. For example, avoid excluding entire folders such as

/windows/temp

. Instead, use a wildcard while specifying the full or partial filename of the script that you want to exclude (for example,

/windows/temp/myscript*.vbs

The following table describes the rules of script control exclusions:

Item	Description
Supported wildcard characters	Only the asterisk (*) is supported as a wildcard for script control exclusions. The wildcard represents one or more characters.
Unix-style slashes	If you are using wildcards, exclusions must use Unix-style slashes (even for Windows systems). Example: /windows/system/
Folder exclusions	When you want to exclude a folder, the exclusion must have a wildcard at the end of the path to distinguish the exclusion as a folder (and not a file). For example: /windows/system32/* /windows//test/ /windows/system32/test/
File exclusions	When you want to exclude a file, the exclusion must end with a file extension to distinguish the exclusion as a file (and not a folder). For example: /windows/system32/.vbs /windows/system32/script.vbs /windows/system32//script.vbs Each wildcard represents one folder level only. The number of folder levels represented in the exclusion must match the level of the file that you are trying to exclude. For example, /folder//script.vbs matches \folder\test\script.vbs, but does not match \folder\test\001\script.vbs. This would require either /folder//001/script.vbs or /folder///script.vbs. The wildcard would need to persist down per level to where the script resides. Two or more wildcards per level are not allowed. For example, /folder/file*.ext is not allowed.
Process exclusions	Process exclusions with a wildcard must have a file extension to distinguish it as a process exclusion (and not a folder). To specify a process regardless of the directory that it's in, refer to the following examples: /my.exe (local drive) //my.exe (network drive) To specify a process that's in a specific directory, refer to the following examples: /directory/child/my.exe (local drive) //directory/child/my.exe (network drive)
Examples of full and partial matches in exclusions	Wildcards support full and partial exclusions. /folder//script.vbs /folder/test/script.vbs
Absolute paths	Absolute paths are not supported in script control exclusions.
Relative paths	If you can identify a common relative path, you can exclude Universal Naming Convention (UNC) paths with a wildcard. For example, if you use device names in a path such as "DC01" to "DC24": /dc/path/to/script/
Network paths	Network paths can be excluded. For example: //hostname/application/* //host/application/ //name//application/* //hostname/*

Section:

Script control