Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Setup
  4. Cylance Endpoint Security Setup Guide
  5. Cylance Endpoint Security requirements
  6. Requirements: CylanceOPTICS

Requirements:
CylanceOPTICS

Agents

Agent
Requirements
CylancePROTECT Desktop
 agent
  • You must install the
    CylancePROTECT Desktop
     agent on a device before you install the
    CylanceOPTICS
     agent. The
    CylanceOPTICS
     agent requires the
    CylancePROTECT Desktop
     agent to function.
  • BlackBerry
     recommends installing the latest available version of the
    CylancePROTECT Desktop
     agent to benefit from the latest features and fixes.
  • For the
    CylanceOPTICS
     agent version 3.3, the minimum required version of the
    CylancePROTECT Desktop
     agent is 3.1.x. If you want to use the new
    Windows
     sensors introduced in
    CylanceOPTICS
     3.3, the required minimum version of the
    CylancePROTECT Desktop
     agent for
    Windows
     is 3.2.x.
  • The
    CylanceOPTICS
     agent version 3.2 and 3.1 require the following minimum versions of the
    CylancePROTECT Desktop
     agent:
    • Windows
      : 2.1.1574.x
    • macOS
      : 3.0.1000.x
    • Linux
      : 2.1.1580.x
  • Review the CylancePROTECT Desktop compatibility matrix and the CylancePROTECT Desktop requirements to verify that you install a supported
    CylancePROTECT Desktop
     agent and meet all other requirements.
CylanceOPTICS
 agent
  • CylanceOPTICS
     agent version 3.x is required to support automatically storing collected data in the
    CylanceOPTICS
     cloud database. Earlier versions of the agent store
    CylanceOPTICS
     data in a local database on the device.
  • In agent 3.x, the data that is collected by the
    CylanceOPTICS
     sensors is cached locally before it is sent to the
    CylanceOPTICS
     cloud database. If the device is offline, the data is cached until the device can connect to the cloud database. A maximum of 1 GB of data can be stored locally. If more than 1 GB of data is stored before it can be uploaded, the lowest priority data will be deleted so that higher priority data can be cached.
  • See the Cylance Endpoint Security Release Notes for considerations when upgrading from
    CylanceOPTICS
     agent 2.x to 3.x.
  • When you upgrade from version 2.x to 3.x, the full contents of the
    CylanceOPTICS
     local database are uploaded to the cloud database in batches.
  • After you upgrade to version 3.x, you cannot downgrade the agent to version 2.x. If you want to install version 2.x, you must uninstall version 3.x, then install version 2.x.

OS support and additional requirements

For information about the operating systems that
CylanceOPTICS
 supports, see the Cylance Endpoint Security compatibility matrix. To view support timelines for all
BlackBerry
 products, see the BlackBerry Enterprise Software Lifecycle Reference Guide.
The following table lists the supported operating systems that have additional requirements or considerations. Note that this table is not a comprehensive list of supported operating systems. If an operating system is not listed in the table, it means that there are no additional requirements or considerations.
OS
Requirements or considerations
Windows
 operating systems
Windows
 8.1
Windows
 7 SP1
macOS
 operating systems
macOS
 Ventura (13.x)
macOS
 Monterey (12.x)
macOS
 Big Sur (11.x)
macOS
 Catalina (10.15)
Enable full disk access. For more information, see KB 66427.
Linux
 operating systems
All supported
Linux
 systems
  • kernel-headers and kernel-devel are required, and the version must match the running kernel. During the installation, the package manager will indicate the versions that are required. For supported
    Ubuntu
     and Debian systems, linux-headers is the equivalent of kernel-headers.
  • One of the following
    Linux
     sensor suites is required: eBPF, Netlink (with multicast Netlink socket support 3.16 or later, or audit daemon uninstalled), or Auditdsp (with the auditd and auditdsp plugins enabled to start on boot). eBPF is recommended for the best performance with the
    CylanceOPTICS
     agent. If eBPF is not available, the agent tries to use Netlink for the next best level of performance. If Netlink is not available, the agent tries to use Auditdsp. The available sensor suites vary depending on the version of your OS.
RHEL/CentOS 8.x
RHEL/CentOS 7.x
  • For RHEL/CentOS 8.x, ncurses-compat-libs is required unless devices are running
    CylanceOPTICS
     agent version 3.2.1140-x or later.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld is available by default with RHEL/CentOS.
Amazon
Linux
 2
  • ncurses-compat-libs is required unless devices are running
    CylanceOPTICS
     agent version 3.2.1140-15000 or later.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually on
    Amazon
    Linux
     2.
Oracle
Linux
 Server UEK 8 (64-bit)
Oracle
Linux
 Server 8 (64-bit)
Oracle
Linux
 Server 7 (64-bit)
  • ncurses-compat-libs is required unless devices are running
    CylanceOPTICS
     agent version 3.2.1140-37000 or later.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld is available by default with
    Oracle
    Linux
    .
Ubuntu
 20.04
Ubuntu
 18.04
  • Ubuntu
     20.04 requires libtinfo5 unless devices are running
    CylanceOPTICS
     agent version 3.2.1140-x or later.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually for
    Ubuntu
    .
SUSE Enterprise
Linux
 15 SP4
SUSE Enterprise
Linux
 15
SUSE Enterprise
Linux
 12
  • policycoreutils is required.
  • For SUSE 15.x, kernel-default-devel to match the kernel is required. libncurses5 is also required unless devices are running
    CylanceOPTICS
     agent version 3.2.1140-29000 or later.
  • Firewalld must be enabled and running to support the lockdown device feature on SUSE 15.x. Firewalld is available by default with SUSE 15.x. The lockdown device feature is not supported for SUSE 12.
Debian 11
Debian 10
  • Debian 10 devices require iptables 1.8.5 or later to support the lockdown device feature.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld must be installed manually for Debian.

Compatibility with other EDR solutions

The
CylanceOPTICS
 agent is not compatible with other EDR (Endpoint Detection and Response) solutions installed on the same device. Remove any third-party EDR solutions from a device before you install and enable the
CylanceOPTICS
 agent.

Hardware

Item
Requirements
Processor (CPU)
  • In general use, as low as 1% additional CPU
  • For heavy sustained workloads, additional 5% to 25% CPU bursts can be required, depending on the workload
Memory (RAM)
The agent requires 0.2 to 1.0 GB of additional memory, depending on the workload.
Disk space (hard drive)
Minimum 1 GB
  • For
    CylanceOPTICS
     agent 2.x and earlier, 1 GB minimum is required for the local database.
  • For
    CylanceOPTICS
     3.0 and later, 1 GB minimum is recommended for caching
    CylanceOPTICS
     sensor data before the device can upload the data to the
    CylanceOPTICS
     cloud database when it is online.

Virtual machines

CylanceOPTICS
 is supported for virtual machines. For requirements, deployment guidance, and best practices, see Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines. If you use
CylanceOPTICS
 on a virtual machine,
BlackBerry
 recommends disabling the Advanced WMI visibility sensor to reduce the number of recorded events.