Get the PDF

Configuring a new Cylance Endpoint Security tenant
- Default configuration settings for a new Cylance Endpoint Security tenant
- Export, import, or reset the configuration of a Cylance Endpoint Security tenant
Cylance Endpoint Security requirements
Accessing the management console and configuring authentication
Setting up administrators
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
Using RMM solutions to install the Cylance agents on devices
- Use Datto RMM to install or remove the Cylance agents
- Use Kaseya VSA 10 to install or remove the Cylance agents
Installing the BlackBerry Connectivity Node
Linking to your company directory
Adding users and devices
Setting up CylancePROTECT Mobile
Setting up CylanceGATEWAY
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up CylanceAVERT
Connecting Cylance Endpoint Security to external services
- Integrating Cylance Endpoint Security with Okta
  - Prerequisites for adding an Okta connector
  - Add and configure an Okta connector
- Integrating Cylance Endpoint Security with Mimecast
  - Prerequisites for adding a Mimecast connector
  - Add and configure a Mimecast connector

Requirements:
CylanceOPTICS

Agents

Agent	Requirements
CylancePROTECT Desktop agent	You must install the CylancePROTECT Desktop agent on a device before you install the CylanceOPTICS agent. The CylanceOPTICS agent requires the CylancePROTECT Desktop agent to function. BlackBerry recommends installing the latest available version of the CylancePROTECT Desktop agent to benefit from the latest features and fixes. For the CylanceOPTICS agent version 3.4, the minimum required version of the CylancePROTECT Desktop agent for Windows and Linux is 3.3.x. The minimum required version of the CylancePROTECT Desktop agent for macOS is 3.4.x. For the CylanceOPTICS agent version 3.3, the minimum required version of the CylancePROTECT Desktop agent is 3.1.x. The Windows sensors introduced in CylanceOPTICS 3.3 require CylancePROTECT Desktop agent for Windows is 3.2.x or later. The CylanceOPTICS agent version 3.2 and 3.1 require the following minimum versions of the CylancePROTECT Desktop agent: Windows : 2.1.1578.x macOS : 3.0.1000.x Linux : 2.1.1590.x Review the CylancePROTECT Desktop compatibility matrix and the CylancePROTECT Desktop requirements to verify that you install a supported CylancePROTECT Desktop agent and meet all other requirements.
CylanceOPTICS agent	BlackBerry recommends installing the latest available version of the CylanceOPTICS agent on each device. CylanceOPTICS agent version 3.x is required to support automatically storing collected data in the CylanceOPTICS cloud database. Earlier versions of the agent store CylanceOPTICS data in a local database on the device. In agent 3.x, the data that is collected by the CylanceOPTICS sensors is cached locally before it is sent to the CylanceOPTICS cloud database. If the device is offline, the data is cached until the device can connect to the cloud database. A maximum of 1 GB of data can be stored locally. If more than 1 GB of data is stored before it can be uploaded, the lowest priority data will be deleted so that higher priority data can be cached. See the Cylance Endpoint Security Release Notes for considerations when upgrading from CylanceOPTICS agent 2.x to 3.x. When you upgrade from version 2.x to 3.x, the full contents of the CylanceOPTICS local database are uploaded to the cloud database in batches. After you upgrade to version 3.x, you cannot downgrade the agent to version 2.x. If you want to install version 2.x, you must uninstall version 3.x, then install version 2.x.

Agent

Requirements

CylancePROTECT Desktop

agent

You must install the

CylancePROTECT Desktop

agent on a device before you install the

CylanceOPTICS

agent. The

CylanceOPTICS

agent requires the

CylancePROTECT Desktop

agent to function.

BlackBerry

recommends installing the latest available version of the

CylancePROTECT Desktop

agent to benefit from the latest features and fixes.

For the

CylanceOPTICS

agent version 3.4, the minimum required version of the

CylancePROTECT Desktop

agent for

Windows

and

Linux

is 3.3.x. The minimum required version of the

CylancePROTECT Desktop

agent for

macOS

is 3.4.x.

For the

CylanceOPTICS

agent version 3.3, the minimum required version of the

CylancePROTECT Desktop

agent is 3.1.x. The

Windows

sensors introduced in

CylanceOPTICS

3.3 require

CylancePROTECT Desktop

agent for

Windows

is 3.2.x or later.

The

CylanceOPTICS

agent version 3.2 and 3.1 require the following minimum versions of the

CylancePROTECT Desktop

agent:

Windows

: 2.1.1578.x

macOS

: 3.0.1000.x

Linux

: 2.1.1590.x

Review the CylancePROTECT Desktop compatibility matrix and the CylancePROTECT Desktop requirements to verify that you install a supported

CylancePROTECT Desktop

agent and meet all other requirements.

CylanceOPTICS

agent

BlackBerry

recommends installing the latest available version of the CylanceOPTICS agent on each device.

CylanceOPTICS

agent version 3.x is required to support automatically storing collected data in the

CylanceOPTICS

cloud database. Earlier versions of the agent store

CylanceOPTICS

data in a local database on the device.

In agent 3.x, the data that is collected by the

CylanceOPTICS

sensors is cached locally before it is sent to the

CylanceOPTICS

cloud database. If the device is offline, the data is cached until the device can connect to the cloud database. A maximum of 1 GB of data can be stored locally. If more than 1 GB of data is stored before it can be uploaded, the lowest priority data will be deleted so that higher priority data can be cached.

See the Cylance Endpoint Security Release Notes for considerations when upgrading from

CylanceOPTICS

agent 2.x to 3.x.

When you upgrade from version 2.x to 3.x, the full contents of the

CylanceOPTICS

local database are uploaded to the cloud database in batches.

After you upgrade to version 3.x, you cannot downgrade the agent to version 2.x. If you want to install version 2.x, you must uninstall version 3.x, then install version 2.x.

OS support and additional requirements

For information about the operating systems that

CylanceOPTICS

supports, see the Cylance Endpoint Security compatibility matrix. To view support timelines for all

BlackBerry

products, see the BlackBerry Enterprise Software Lifecycle Reference Guide.

The following table lists the supported operating systems that have additional requirements or considerations. Note that this table is not a comprehensive list of supported operating systems. If an operating system is not listed in the table, it means that there are no additional requirements or considerations.

OS	Additional requirements or considerations
Windows operating systems
Windows 8.1 Windows 7 SP1	See this Microsoft article for additional dependencies for .NetCore support.
macOS operating systems
macOS Sequoia (15.x) macOS Sonoma (14.x) macOS Ventura (13.x) macOS Monterey (12.x) macOS Big Sur (11.x)	Enable full disk access. For more information, see KB 66427. See Configuration requirements for macOS 11.x and later.
macOS Catalina (10.15)	Enable full disk access. For more information, see KB 66427.
Linux operating systems
All supported Linux systems	kernel-headers and kernel-devel are required, and the version must match the running kernel. During the installation, the package manager will indicate the versions that are required. For supported Ubuntu and Debian systems, linux-headers is the equivalent of kernel-headers. One of the following Linux sensor suites is required: eBPF, Netlink (with multicast Netlink socket support 3.16 or later, or audit daemon uninstalled), or Auditdsp (with the auditd and auditdsp plugins enabled to start on boot). eBPF is recommended for the best performance with the CylanceOPTICS agent. If eBPF is not available, the agent tries to use Netlink for the next best level of performance. If Netlink is not available, the agent tries to use Auditdsp. The available sensor suites vary depending on the version of your OS. The Microsoft .NET Framework runtime packages depend on libicu and libssl but are not listed as package dependencies because their names differ on different Linux distributions. For the exact package names, see https://github.com/dotnet/core/blob/master/Documentation/linux-prereqs.md. In the case that any required libraries are missing, Cylance TcpService reports the missing library and exits.
RHEL 9.x RHEL/CentOS 8.x RHEL/CentOS 7.x AlmaLinux 9.4 AlmaLinux 8.10 Rocky Linux 9.4 Rocky Linux 8.10	For RHEL/CentOS 8.x, ncurses-compat-libs is required unless devices are running CylanceOPTICS agent version 3.2.1140-x or later. Firewalld must be enabled and running to support the lockdown device feature. Firewalld is available by default with RHEL/CentOS, AlmaLinux, and Rocky Linux .
Amazon Linux 2023 Amazon Linux 2	ncurses-compat-libs is required unless devices are running CylanceOPTICS agent version 3.2.1140-15000 or later. Firewalld must be enabled and running to support the lockdown device feature.
Oracle Linux Server UEK 9 (64-bit) Oracle Linux Server 9 (64-bit) Oracle Linux Server UEK 8 (64-bit) Oracle Linux Server 8 (64-bit) Oracle Linux Server UEK 7 (64-bit) Oracle Linux Server 7 (64-bit)	ncurses-compat-libs is required unless devices are running CylanceOPTICS agent version 3.2.1140-37000 or later. Firewalld must be enabled and running to support the lockdown device feature. Firewalld is available by default with Oracle Linux .
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04	Ubuntu 20.04 requires libtinfo5 unless devices are running CylanceOPTICS agent version 3.2.1140-x or later. Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually for Ubuntu .
SUSE Enterprise Linux 15 SP4 SUSE Enterprise Linux 15 SUSE Enterprise Linux 12	policycoreutils is required. For SUSE 15.x, kernel-default-devel to match the kernel is required. libncurses5 is also required unless devices are running CylanceOPTICS agent version 3.2.1140-29000 or later. Firewalld must be enabled and running to support the lockdown device feature on SUSE 15.x. Firewalld is available by default with SUSE 15.x. The lockdown device feature is not supported for SUSE 12.
Debian 12 Debian 11 Debian 10	Debian 10 devices require iptables 1.8.5 or later to support the lockdown device feature. Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually for Debian.

Compatibility with other EDR solutions

The

CylanceOPTICS

agent is not compatible with other EDR (Endpoint Detection and Response) solutions installed on the same device. Remove any third-party EDR solutions from a device before you install and enable the

CylanceOPTICS

agent.

Hardware

Item	Requirements
Processor (CPU)	In general use, as low as 1% additional CPU For heavy sustained workloads, additional 5% to 25% CPU bursts can be required, depending on the workload
Memory (RAM)	The agent requires 0.2 to 1.0 GB of additional memory, depending on the workload.
Disk space (hard drive)	Minimum 1 GB For CylanceOPTICS agent 2.x and earlier, 1 GB minimum is required for the local database. For CylanceOPTICS 3.0 and later, 1 GB minimum is recommended for caching CylanceOPTICS sensor data before the device can upload the data to the CylanceOPTICS cloud database when it is online.

Virtual machines

CylanceOPTICS

is supported for virtual machines. For requirements, deployment guidance, and best practices, see Best practices for deploying CylancePROTECT Desktop on Windows virtual machines. If you use

CylanceOPTICS

on a virtual machine,

BlackBerry

recommends disabling the Advanced WMI visibility sensor to reduce the number of recorded events.

Section:

Cylance Endpoint Security requirements

Requirements: CylanceOPTICS

Agents

OS support and additional requirements

Compatibility with other EDR solutions

Hardware

Virtual machines

Requirements:
CylanceOPTICS