Cylance Endpoint Security requirements
Logging in to the management console
- Custom authentication
- Enhanced authentication sign in
  - Sign in to the Cylance Endpoint Security management console using enhanced authentication
  - Generate a new SSO callback URL
Configuring a new Cylance Endpoint Security tenant
- Default configuration settings for a new Cylance Endpoint Security tenant
- Export, import, or reset the configuration of a Cylance Endpoint Security tenant
Installing the BlackBerry Connectivity Node
Linking to your company directory
Setting up administrators
Adding users and devices
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylancePROTECT Mobile
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
Setting up CylanceGATEWAY
Setting up CylanceAVERT
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Connecting Cylance Endpoint Security to external services
- Integrating Cylance Endpoint Security with Okta
  - Prerequisites for adding an Okta connector
  - Add and configure an Okta connector
- Integrating Cylance Endpoint Security with Mimecast
  - Prerequisites for adding a Mimecast connector
  - Add and configure a Mimecast connector
Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
Appendix: Using RMM solutions to install the Cylance agents on devices
- Use Datto RMM to install or remove the Cylance agents

Configuration requirements for
macOS
11.x and later

To install

CylanceOPTICS

agent version 3.0 or later on devices with

macOS

Big Sur (11.x) or later, note the following configuration requirements. The requirements depend on whether devices are managed by an MDM solution (for example, Jamf Pro).

MDM managed devices

The information below uses Jamf Pro as the MDM solution, but it is applicable to other MDM solutions.

Requirement	Steps
Enable full disk access for CylanceOPTICS .	Create a configuration profile and configure the following privacy preferences: Identifier: com.cylance.Optics Identifier Type: Bundle ID Code Requirement: identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633" SystemPolicyAllFiles service: Allow
Enable the CylanceOPTICS system extension.	Create a configuration profile and configure the following privacy preferences: Display Name: Cylance Endpoint Security Optics System Extension System Extension Types: Allowed System Extensions Team Identifier: 6ENJ69K633 Allowed System Extensions: com.cylance.CyOpticsESF.extension
Enable the CylanceOPTICS system extension full disk access.	Create a configuration profile and configure the following privacy preferences: Identifier: com.cylance.CyOpticsESF.extension Identifier Type: Bundle ID Code Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633") SystemPolicyAllFiles service: Allow
Enable the CylanceOPTICS network extension.	Create a configuration profile and configure the following content filter settings: Filter Name: com.cylance.CyOpticsESF.extension Identifier: com.cylance.CyOpticsESF.extension Socket Filter Bundle Identifier: com.cylance.CyOpticsESF.extension Socket Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "6ENJ69K633") Network Filter Bundle Identifier: com.cylance.CyOpticsESF.extension Network Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] / exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
Restart after installation.	After you complete the configuration steps above and install the CylanceOPTICS agent, restart the device.

Devices that are not MDM managed

After you install the

CylanceOPTICS

agent:

Restart the device.

Go to the Security & Privacy settings and approve CyOpticsESFLoader.

When you are prompted, allow the

CylanceOPTICS

network filter.

If System Integrity Protection (SIP) is enabled on the device, on the Privacy tab, click Full Disk Access and verify that CyOpticsESFLoader is selected. If CyOpticsESFLoader is not in the list, click +, navigate to /Library/Application Support/Cylance/Optics, and select CyOptics.

Restart the device again.

To verify that the system extension is loaded:

Run

$ systemextensionsctl list

and confirm that the output includes

com.cylance.CyOpticsESF.extension

Run

$ ps aux | grep -i extension | grep -i Cylance

and confirm that the output includes

com.cylance.CyOpticsESF.extension.systemextension

Section:

Install the CylanceOPTICS agent on devices

Configuration requirements for macOS 11.x and later

MDM managed devices

Devices that are not MDM managed

Configuration requirements for
macOS
11.x and later