Skip Navigation

CylanceV settings

To change the CylanceV settings, go to
Options > Settings
.

Settings

Item
Description
Authentication key
Enter the authentication key
Available local models
Select the local model
  • ELF - The local model for ELF analysis
  • Mach-O - The local model for Mach-O analysis
  • OLE - The local model for Microsoft Office Document analysis
  • OOXML - The local model for Office Open XML document analysis
  • PE - The local model for portable executable analysis
  • PDF - The local model for PDF analysis

File inspection

Item
Description
Files to inspect
  • Executables - Analyzes executable files, for Windows, macOS, and Linux, for malicious payloads; for example, malware contained within the executable file
  • Documents
    • Office binary - Analyzes Microsoft Office documents for malicious payloads; for example, malware contained within a document
    • Office XML - Analyzes Microsoft Office Open XML documents for malicious playloads; for example, malware contained within a document
  • Signatures - Performs signature validation when inspecting files
Cylance file analysis
  • Max file size to submit to Infinity - This is the maximum file size allowed to upload to Cylance cloud server (in MB). CylanceV will only upload files that the Cylance cloud has not analyzed before. The maximum file size to submit to the Cylance cloud server is 50MB and the minimum is 1MB. The default setting is 50MB.
  • Max file size to examine - This is the maximum file size that CylanceV will analyze (in MB). Files larger than this will not be examined. The maximum file size to examine localy is 1500MB and the minimum is 1MB. The default setting is 50MB.
  • Valid file types to submit to Infinity - If everything is unchecked, then no files are uploaded to the Cylance cloud.
    • Windows executable files - Select to submit Windows executable files to the Cylance cloud for analysis if Cylance has never seen this file before

Alerts

Item
Description
Detection threshold
This sets the range for the Cylance cloud score for abnormal files. Increasing or decreasing the threshold for abnormal files also affects the ranges for safe and unsafe files. Enter a number between 0.00 and 0.95, or use the slider to change the range.
Syslog (Watcher only)
  • Send unsafe file detection events to syslog server - This option to configure server settings to have unsafe file detection events sent to a syslog server.
  • Server - Enter the IP address for the syslog server. Example: 123.45.67.89
  • Port - Enter the port number for the syslog server.
  • Facility - The syslog facility, an information field in the syslog message to provide a general idea of what part of the system the message originated from.
  • Severity - Select the event to log. Examples: Selecting Emergency (0) results in only severe events being logged, while selecting Debug (7) means all events are logged. The more information added to the log file, the larger the log file could get, depending upon the number of events. Enabling debug logging will result in the largest log files.

Proxy config

If you are using a proxy on your network, you need to configure CylanceV with your proxy information to allow CylanceV to verify the authentication key.
Item
Description
No proxy
This setting means there is no proxy used on your network. This is the default setting.
Auto-detect proxy settings
This setting allows CylanceV to detect the proxy settings.
Manually specify proxy settings
This allows you to configure your proxy settings. The user, password, and domain are not needed if no authorization is selected.
  • Proxy type - Select no auth, basic, digest, or NTLM
  • Proxy URI - Enter the proxy URI, which includes the scene; for example, http://<proxy-address> or https://<proxy-address>
  • User - Enter the user name for the proxy
  • Password - Enter the password for the proxy user
  • Domain - Enter the domain name for the proxy server
Ignore certificate validation failure
This setting means CylanceV will ignore any certificate validation failure messages.

Certificates

Occasionally certificates might be compromised. You can configure CylanceV to alert on files signed with a compromised certificate.
Item
Description
Name
The name of the compromised certificate
Thumb print
The thumbprint value for the compromised certificate

Archive files

CylanceV will attempt to analyze archive files. If the archives are protected with a password, enter the password here to have CylanceV analyze those archives. When entering multiple passwords, enter one password per line; use the Enter key to add a new line for another password.
Remember to save your password list.

Watcher

Configure CylanceV to watch for new files that are added to a specific directory. You can also configure what happens to safe, unsafe, and abnormal file types.