- Cylance Endpoint Security requirements
- Requirements: Cylance console
- Requirements: CylancePROTECT Desktop
- Requirements: CylanceOPTICS
- Requirements: CylancePROTECT Mobile app
- Requirements: BlackBerry Connectivity Node
- Requirements: CylanceGATEWAY Connector
- Requirements: CylanceGATEWAY agents
- Requirements: CylanceAVERT
- Cylance Endpoint Security network requirements
- Cylance Endpoint Security proxy requirements
- Logging in to the management console
- Installing the BlackBerry Connectivity Node
- Linking to your company directory
- Setting up administrators
- Adding users and devices
- Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Setting up CylancePROTECT Desktop
- Testing your CylancePROTECT Desktop deployment
- Using device policies to manage CylancePROTECT Desktop devices
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Require users to provide a password to remove the CylancePROTECT Desktop agent
- Setting up CylancePROTECT Mobile
- Setting up CylanceOPTICS
- Setting up CylanceGATEWAY
- Defining your private network
- Setting up the CylanceGATEWAY Connector
- Install the CylanceGATEWAY Connector to a vSphere environment
- Install the CylanceGATEWAY Connector to an ESXi environment
- Prerequisites to install CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Hyper-V environment
- Install the CylanceGATEWAY Connector to an AWS environment
- Configure the CylanceGATEWAY Connector in the VM environment
- Access the CylanceGATEWAY Connector using OpenSSH
- Configure your firewall for the CylanceGATEWAY Connector
- Enroll the CylanceGATEWAY Connector with the BlackBerry Infrastructure
- View details for an enrolled CylanceGATEWAY Connector
- Configure the CylanceGATEWAY Connector
- Managing CylanceGATEWAY Connectors
- Manage CylanceGATEWAY Connectors
- Update a CylanceGATEWAY Connector
- UDP connectivity test responses
- Specify your private network
- Specify your private DNS
- Specify your DNS suffixes
- Specify private CylanceGATEWAY agent IP ranges
- Bring your own IP addresses (BYOIP)
- Setting up the CylanceGATEWAY Connector
- Network Address Translation with CylanceGATEWAY
- Define network services
- Controlling network access
- Configuring network protection
- Searching ACL rules and Network Services
- Using source IP pinning
- Configuring the Gateway service options
- Gateway Service policy parameters
- Configure Gateway service options
- Specifying how devices activated with an EMM solution use the CylanceGATEWAY tunnel
- Specify which apps use CylanceGATEWAY on iOS devices
- Specify which apps use CylanceGATEWAY on iOS devices in a Microsoft Intune environment
- Specify CylanceGATEWAY options on Android Enterprise devices
- Specify CylanceGATEWAY options on Chromebook devices
- Specify CylanceGATEWAY options on Android Enterprise devices in your Microsoft Intune environment
- Connecting Cylance Endpoint Security to MDM solutions to verify whether devices are managed
- Installing the CylanceGATEWAY agent
- Defining your private network
- Setting up CylanceAVERT
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Connecting Cylance Endpoint Security to external services
- Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
- BlackBerry Docs
- Cylance Endpoint Security
- Setup
- Cylance Endpoint Security Setup Guide
- Cylance Endpoint Security requirements
- Cylance Endpoint Security proxy requirements
Cylance Endpoint Security proxy requirements
Cylance Endpoint Security
proxy requirementsConfiguring a proxy for the CylancePROTECT Desktop and CylanceOPTICS agents
CylancePROTECT Desktop
and CylanceOPTICS
agents- If you want to configure both theCylancePROTECT Desktopagent and theCylanceOPTICSagent on a device to use a proxy server for outbound communication toBlackBerryservers, in the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop and create String Value REG_SZ:
- Value Name = ProxyServer
- Value Data =<proxyIP:port>(for example, http://123.45.67.89:8080)
- The proxy must accept unauthorized requests. SSL inspection is not supported and must be bypassed for all agent traffic (*.cylance.com).
Proxy options for the CylanceOPTICS agent
CylanceOPTICS
agent- TheCylanceOPTICSagent is proxy aware and will query the .NET framework to identify and use the available proxy settings. If you configured the ProxyServer value in the registry, theCylanceOPTICSagent will use the specified proxy. TheCylanceOPTICSagent will try to communicate first as the Local System, then as the currently logged in user.
- If you configure theCylanceOPTICSagent to use a proxy and the agent cannot communicate with the cloud services, the agent will attempt to bypass the proxy to make a direct connection. OnWindowsdevices, you can disable this proxy bypass. Before you install theCylanceOPTICSagent on a device, in HKLM\SOFTWARE\Cylance\Optics\, create String Value REG_SZ:
- Value Name = DisableProxyBypass
- Value Data = True
- WhenCylanceOPTICScreates a detection event that involves a signed file as an artifact, it uses a command from theWindowsAPI to validate the signature or certificate. The command sends a validation request to an OCSP server. The OCSP server address is determined byWindows. If your proxy server reports attempts to send external traffic to an OCSP server, update the proxy settings on devices to allow connections with the OCSP server.
Linux: Configure the CylancePROTECT Desktop and CylanceOPTICS agents to use a proxy server
Linux
: Configure the CylancePROTECT Desktop
and CylanceOPTICS
agents to use a proxy serverOn supported versions of RHEL,
CentOS
, Ubuntu
, Amazon
Linux
2, and SUSE 15, use the following commands to configure the agents to use an unauthenticated or authenticated proxy. You can use these commands before you install the agents. The commands below configure a proxy for the CylancePROTECT Desktop
agent. To set a proxy for the CylanceOPTICS
agent:
- Replace all instances of "cylancesvc" with "cyoptics"
- Duplicate each http_proxy line and replace "http_proxy" with "https_proxy". In most cases https_proxy will use the same value as http_proxy because HTTPS traffic is tunneled using TCP Connect, but if your organization uses an HTTPS termination proxy server, specify the appropriate value for https_proxy.
Unauthenticated proxy:
mkdir /etc/systemd/system/cylancesvc.service.d echo "[Service]" > /etc/systemd/system/cylancesvc.service.d/proxy.conf echo "Environment=http_proxy=http://proxyaddress:port" >> /etc/systemd/system/cylancesvc.service.d/proxy.conf systemctl stop cylancesvc systemctl daemon-reload systemctl start cylancesvc
Authenticated proxy:
mkdir /etc/systemd/system/cylancesvc.service.d echo "[Service]" > /etc/systemd/system/cylancesvc.service.d/proxy.conf echo "Environment=http_proxy=user:password@proxyaddress:port" >> /etc/systemd/system/cylancesvc.service.d/proxy.conf systemctl stop cylancesvc systemctl daemon-reload systemctl start cylancesvc