Requirements: CylanceOPTICS Skip Navigation

Requirements:
CylanceOPTICS

Agents

Agent
Requirements
CylancePROTECT Desktop
agent
  • You must install the
    CylancePROTECT Desktop
    agent on a device before you install the
    CylanceOPTICS
    agent. The
    CylanceOPTICS
    agent requires the
    CylancePROTECT Desktop
    agent to function.
  • BlackBerry
    recommends installing the latest available version of the
    CylancePROTECT Desktop
    agent to benefit from the latest features and fixes.
  • For the
    CylanceOPTICS
    agent version 3.3, the minimum required version of the
    CylancePROTECT Desktop
    agent is 3.1.x. If you want to use the new
    Windows
    sensors introduced in
    CylanceOPTICS
    3.3, the required minimum version of the
    CylancePROTECT Desktop
    agent for
    Windows
    is 3.2.x.
  • The
    CylanceOPTICS
    agent version 3.2 and 3.1 require the following minimum versions of the
    CylancePROTECT Desktop
    agent:
    • Windows
      : 2.1.1574.x
    • macOS
      : 3.0.1000.x
    • Linux
      : 2.1.1580.x
  • Review the CylancePROTECT Desktop compatibility matrix and the CylancePROTECT Desktop requirements to verify that you install a supported
    CylancePROTECT Desktop
    agent and meet all other requirements.
CylanceOPTICS
agent
  • CylanceOPTICS
    agent version 3.x is required to support automatically storing collected data in the
    CylanceOPTICS
    cloud database. Earlier versions of the agent store
    CylanceOPTICS
    data in a local database on the device.
  • In agent 3.x, the data that is collected by the
    CylanceOPTICS
    sensors is cached locally before it is sent to the
    CylanceOPTICS
    cloud database. If the device is offline, the data is cached until the device can connect to the cloud database. A maximum of 1 GB of data can be stored locally. If more than 1 GB of data is stored before it can be uploaded, the lowest priority data will be deleted so that higher priority data can be cached.
  • See the Cylance Endpoint Security Release Notes for considerations when upgrading from
    CylanceOPTICS
    agent 2.x to 3.x.
  • When you upgrade from version 2.x to 3.x, the full contents of the
    CylanceOPTICS
    local database are uploaded to the cloud database in batches.
  • After you upgrade to version 3.x, you cannot downgrade the agent to version 2.x. If you want to install version 2.x, you must uninstall version 3.x, then install version 2.x.

OS support and additional requirements

For information about the operating systems that
CylanceOPTICS
supports, see the Cylance Endpoint Security compatibility matrix. To view support timelines for all
BlackBerry
products, see the BlackBerry Enterprise Software Lifecycle Reference Guide.
The following table lists the supported operating systems that have additional requirements or considerations. Note that this table is not a comprehensive list of supported operating systems. If an operating system is not listed in the table, it means that there are no additional requirements or considerations.
OS
Requirements or considerations
Windows
operating systems
Windows
8.1
Windows
7 SP1
macOS
operating systems
macOS
Ventura (13.x)
macOS
Monterey (12.x)
macOS
Big Sur (11.x)
macOS
Catalina (10.15)
Enable full disk access. For more information, see KB 66427.
Linux
operating systems
All supported
Linux
systems
  • kernel-headers and kernel-devel are required, and the version must match the running kernel. During the installation, the package manager will indicate the versions that are required. For supported
    Ubuntu
    and Debian systems, linux-headers is the equivalent of kernel-headers.
  • One of the following
    Linux
    sensor suites is required: eBPF, Netlink (with multicast Netlink socket support 3.16 or later, or audit daemon uninstalled), or Auditdsp (with the auditd and auditdsp plugins enabled to start on boot). eBPF is recommended for the best performance with the
    CylanceOPTICS
    agent. If eBPF is not available, the agent tries to use Netlink for the next best level of performance. If Netlink is not available, the agent tries to use Auditdsp. The available sensor suites vary depending on the version of your OS.
RHEL/CentOS 8.x
RHEL/CentOS 7.x
  • For RHEL/CentOS 8.x, ncurses-compat-libs is required unless devices are running
    CylanceOPTICS
    agent version 3.2.1140-x or later.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld is available by default with RHEL/CentOS.
Amazon
Linux
2
  • ncurses-compat-libs is required unless devices are running
    CylanceOPTICS
    agent version 3.2.1140-15000 or later.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually on
    Amazon
    Linux
    2.
Oracle
Linux
Server UEK 8 (64-bit)
Oracle
Linux
Server 8 (64-bit)
Oracle
Linux
Server 7 (64-bit)
  • ncurses-compat-libs is required unless devices are running
    CylanceOPTICS
    agent version 3.2.1140-37000 or later.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld is available by default with
    Oracle
    Linux
    .
Ubuntu
20.04
Ubuntu
18.04
  • Ubuntu
    20.04 requires libtinfo5 unless devices are running
    CylanceOPTICS
    agent version 3.2.1140-x or later.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually for
    Ubuntu
    .
SUSE Enterprise
Linux
15 SP4
SUSE Enterprise
Linux
15
SUSE Enterprise
Linux
12
  • policycoreutils is required.
  • For SUSE 15.x, kernel-default-devel to match the kernel is required. libncurses5 is also required unless devices are running
    CylanceOPTICS
    agent version 3.2.1140-29000 or later.
  • Firewalld must be enabled and running to support the lockdown device feature on SUSE 15.x. Firewalld is available by default with SUSE 15.x. The lockdown device feature is not supported for SUSE 12.
Debian 11
Debian 10
  • Debian 10 devices require iptables 1.8.5 or later to support the lockdown device feature.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually for Debian.

Compatibility with other EDR solutions

The
CylanceOPTICS
agent is not compatible with other EDR (Endpoint Detection and Response) solutions installed on the same device. Remove any third-party EDR solutions from a device before you install and enable the
CylanceOPTICS
agent.

Hardware

Item
Requirements
Processor (CPU)
  • In general use, as low as 1% additional CPU
  • For heavy sustained workloads, additional 5% to 25% CPU bursts can be required, depending on the workload
Memory (RAM)
The agent requires 0.2 to 1.0 GB of additional memory, depending on the workload.
Disk space (hard drive)
Minimum 1 GB
  • For
    CylanceOPTICS
    agent 2.x and earlier, 1 GB minimum is required for the local database.
  • For
    CylanceOPTICS
    3.0 and later, 1 GB minimum is recommended for caching
    CylanceOPTICS
    sensor data before the device can upload the data to the
    CylanceOPTICS
    cloud database when it is online.

Virtual machines

CylanceOPTICS
is supported for virtual machines. For requirements, deployment guidance, and best practices, see Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines. If you use
CylanceOPTICS
on a virtual machine,
BlackBerry
recommends disabling the Advanced WMI visibility sensor to reduce the number of recorded events.