Cylance Endpoint Security requirements
Logging in to the management console
- Custom authentication
- Enhanced authentication sign in
  - Sign in to the Cylance Endpoint Security management console using enhanced authentication
Installing the BlackBerry Connectivity Node
Linking to your company directory
Setting up administrators
Adding users and devices
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylancePROTECT Mobile
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
  - CylanceOPTICS sensors
  - Data structures that CylanceOPTICS uses to identify threats
Setting up CylanceGATEWAY
Setting up CylanceAVERT
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines

Requirements:
CylanceOPTICS

With

CylanceOPTICS

version 3.0 and later, the

CylanceOPTICS

agent sends the device data that it collects to a centralized cloud architecture to be stored in a secure cloud database instead of storing the data locally on the device. This new architecture makes

CylanceOPTICS

cloud-enabled.

To manage this significant change for customers,

BlackBerry

is using the following approach to manage releases of the 3.x agent:

For customers who have already contacted

BlackBerry

and have been granted the entitlement for

CylanceOPTICS

3.x, the latest 3.x version of the agent is available in the management console.

For customers who have

CylanceOPTICS

agent 2.x and do not have the entitlement for

CylanceOPTICS

3.x, contact your

BlackBerry

Sales representative (or use the Contact Sales form) to request the latest 3.x agent and the entitlement for 3.x.

Agent version 2.5.x is still supported, but new features will require the latest 3.x agent. For more information about

CylanceOPTICS

agent 2.5.x, see the 2.5.x Administration Guide and Release Notes.

Agents

Agent	Requirements
CylancePROTECT Desktop agent	You must install the CylancePROTECT Desktop agent on a device before you install the CylanceOPTICS agent. The CylanceOPTICS agent requires the CylancePROTECT Desktop to function. BlackBerry recommends installing the latest available version of the CylancePROTECT Desktop agent to benefit from the latest features and fixes. The CylanceOPTICS agent version 3.1 and 3.2 require the following minimum versions of the CylancePROTECT Desktop agent. Depending on the device OS, a later minimum version might be required, and there may be other requirements for that OS. Review the compatibility matrix and the CylancePROTECT Desktop requirements to verify that you install a supported CylancePROTECT Desktop agent and meet all other requirements. Windows : 2.1.1574.x macOS : 3.0.1000.x Linux : 2.1.1580.x
CylanceOPTICS agent	BlackBerry recommends installing the latest available version of the CylanceOPTICS agent on each device. The latest version of the agent is 3.2, and is available by contacting BlackBerry Sales to transition from CylanceOPTICS 2.x tenant services to CylanceOPTICS 3.x tenant services. CylanceOPTICS agent version 3.x is required to support automatically storing collected data in the CylanceOPTICS cloud database. Earlier versions of the agent store CylanceOPTICS data in a local database on the device. In agent 3.x, the data that is collected by the CylanceOPTICS sensors is cached locally before it is sent to the CylanceOPTICS cloud database. If the device is offline, the data is cached until the device can connect to the cloud database. A maximum of 1 GB of data can be stored locally. If more than 1 GB of data is stored before it can be uploaded, the lowest priority data will be deleted so that higher priority data can be cached. See the Cylance Endpoint Security Release Notes for considerations when upgrading from CylanceOPTICS agent 2.x to 3.x. When you upgrade from version 2.x to 3.x, the full contents of the CylanceOPTICS local database are uploaded to the cloud database in batches. After you upgrade to version 3.x, you cannot downgrade the agent to version 2.x. If you want to install version 2.x, you must uninstall version 3.x, then install version 2.x.

Agent

Requirements

CylancePROTECT Desktop

agent

You must install the

CylancePROTECT Desktop

agent on a device before you install the

CylanceOPTICS

agent. The

CylanceOPTICS

agent requires the

CylancePROTECT Desktop

to function.

BlackBerry

recommends installing the latest available version of the

CylancePROTECT Desktop

agent to benefit from the latest features and fixes.

The

CylanceOPTICS

agent version 3.1 and 3.2 require the following minimum versions of the

CylancePROTECT Desktop

agent. Depending on the device OS, a later minimum version might be required, and there may be other requirements for that OS. Review the compatibility matrix and the CylancePROTECT Desktop requirements to verify that you install a supported

CylancePROTECT Desktop

agent and meet all other requirements.

Windows

: 2.1.1574.x

macOS

: 3.0.1000.x

Linux

: 2.1.1580.x

CylanceOPTICS

agent

BlackBerry

recommends installing the latest available version of the CylanceOPTICS agent on each device. The latest version of the agent is 3.2, and is available by contacting

BlackBerry

Sales to transition from

CylanceOPTICS

2.x tenant services to

CylanceOPTICS

3.x tenant services.

CylanceOPTICS

agent version 3.x is required to support automatically storing collected data in the

CylanceOPTICS

cloud database. Earlier versions of the agent store

CylanceOPTICS

data in a local database on the device.

In agent 3.x, the data that is collected by the

CylanceOPTICS

sensors is cached locally before it is sent to the

CylanceOPTICS

cloud database. If the device is offline, the data is cached until the device can connect to the cloud database. A maximum of 1 GB of data can be stored locally. If more than 1 GB of data is stored before it can be uploaded, the lowest priority data will be deleted so that higher priority data can be cached.

See the Cylance Endpoint Security Release Notes for considerations when upgrading from

CylanceOPTICS

agent 2.x to 3.x.

When you upgrade from version 2.x to 3.x, the full contents of the

CylanceOPTICS

local database are uploaded to the cloud database in batches.

After you upgrade to version 3.x, you cannot downgrade the agent to version 2.x. If you want to install version 2.x, you must uninstall version 3.x, then install version 2.x.

OS support and additional requirements

For information about the operating systems that

CylanceOPTICS

supports, see the Cylance Endpoint Security compatibility matrix. To view support timelines for all

BlackBerry

products, see the BlackBerry Software Lifecycle Overview.

The following table lists the supported operating systems that have additional requirements or considerations. Note that this table is not a comprehensive list of supported operating systems. If an operating system is not listed in the table, it means that there are no additional requirements or considerations.

OS	Requirements or considerations
Windows
Windows 8.1 Windows 7 SP1	See this Microsoft article for additional dependencies for .NetCore support.
macOS
macOS Ventura (13.x) macOS Monterey (12.x) macOS Big Sur (11.x)	Enable full disk access. For more information, see KB 66427. See Configuration requirements for macOS 11.x and later.
macOS Catalina (10.15)	Enable full disk access. For more information, see KB 66427.
Linux
All supported Linux systems	kernel-headers and kernel-devel are required, and the version must match the running kernel. During the installation, the package manager will indicate the versions that are required. For supported Ubuntu and Debian systems, linux-headers is the equivalent of kernel-headers. One of the following Linux sensor suites is required: eBPF, Netlink (with multicast Netlink socket support 3.16 or later, or audit daemon uninstalled), or Auditdsp (with the auditd and auditdsp plugins enabled to start on boot). eBPF is recommended for the best performance with the CylanceOPTICS agent. If eBPF is not available, the agent tries to use Netlink for the next best level of performance. If Netlink is not available, the agent tries to use Auditdsp. The available sensor suites vary depending on the version of your OS.
RHEL/CentOS 8.x RHEL/CentOS 7.x	For RHEL/CentOS 8.x, ncurses-compat-libs is required unless devices are running CylanceOPTICS agent version 3.2.1140-x or later. Firewalld must be enabled and running to support the lockdown device feature. Firewalld is available by default with RHEL/CentOS.
Amazon Linux 2	ncurses-compat-libs is required unless devices are running CylanceOPTICS agent version 3.2.1140-15000 or later. Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually on Amazon Linux 2.
Oracle Linux Server UEK 8 (64-bit) Oracle Linux Server 8 (64-bit) Oracle Linux Server 7 (64-bit)	ncurses-compat-libs is required unless devices are running CylanceOPTICS agent version 3.2.1140-37000 or later. Firewalld must be enabled and running to support the lockdown device feature. Firewalld is available by default with Oracle Linux .
Ubuntu 20.04 Ubuntu 18.04	Ubuntu 20.04 requires libtinfo5 unless devices are running CylanceOPTICS agent version 3.2.1140-x or later. Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually for Ubuntu .
SUSE Enterprise Linux 15 SP4 SUSE Enterprise Linux 15 SUSE Enterprise Linux 12	policycoreutils is required. For SUSE 15.x, kernel-default-devel to match the kernel is required. libncurses5 is also required unless devices are running CylanceOPTICS agent version 3.2.1140-29000 or later. Firewalld must be enabled and running to support the lockdown device feature on SUSE 15.x. Firewalld is available by default with SUSE 15.x. The lockdown device feature is not supported for SUSE 12.
Debian 11 Debian 10	Debian 10 devices require iptables 1.8.5 or later to support the lockdown device feature. Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually for Debian.

Compatibility with other EDR solutions

The

CylanceOPTICS

agent is not compatible with other EDR (Endpoint Detection and Response) solutions installed on the same device. Remove any third-party EDR solutions from a device before you install and enable the

CylanceOPTICS

agent.

Hardware

Item	Requirements
Processor (CPU)	In general use, as low as 1% additional CPU For heavy sustained workloads, additional 5% to 25% CPU bursts can be required, depending on the workload
Memory (RAM)	The agent requires 0.2 to 1.0 GB of additional memory, depending on the workload.
Disk space (hard drive)	Minimum 1 GB For CylanceOPTICS agent 2.x and earlier, 1 GB minimum is required for the local database. For CylanceOPTICS 3.0 and later, 1 GB minimum is recommended for caching CylanceOPTICS sensor data before the device can upload the data to the CylanceOPTICS cloud database when it is online.

Virtual machines

CylanceOPTICS

is supported for virtual machines. For requirements, deployment guidance, and best practices, see Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines. If you use

CylanceOPTICS

on a virtual machine,

BlackBerry

recommends disabling the WMI enhance introspection sensor to reduce the number of recorded events.

Section:

Cylance Endpoint Security requirements

Requirements: CylanceOPTICS

Agents

OS support and additional requirements

Compatibility with other EDR solutions

Hardware

Virtual machines

Requirements:
CylanceOPTICS