Skip Navigation

What's new in the Linux agent 1580 release for CylanceON-PREM

This version of the agent that is specific to
CylanceON-PREM
will be a separate download.
Do not
download the Linux agent from the Cylance console.
To download the release of the Linux agent 1580 for ON-PREM, create a support case to request the download links: https://support.blackberry.com/community/s/article/71037
This release of BlackBerry Protect Desktop agent 1580 applies to Linux operating systems only.
Build Numbers:
2.1.1580.315 - RHEL/CentOS 6
2.1.1580.715 - RHEL/CentOS 7
2.1.1580.2315  - RHEL 8/CentOS 8
2.1.1580.915  - Ubuntu 14.04 LTS
2.1.1580.1115  - Ubuntu 16.04 LTS
2.1.1580.1715  - Ubuntu 18.04 LTS
2.1.1580.1315  -
Amazon
Linux
1
2.1.1580.1515  -
Amazon
Linux
2
2.1.1580.1915 - SUSE
Linux
Enterprise Server/SLES 11
2.1.1580.2115 - SUSE
Linux
Enterprise Server/SLES 12

Memory Protection support for wildcards in exclusions on
Linux

Linux
now supports the * wildcard. This feature is available under
Policies >
select a policy
> Exclusions >  Add New Exclusion > Memory Violation Exclusion.
Review the following table for more information:
Wildcard
Description
*
Excludes executables and applications.
Matches zero or more characters, except the platform-specific path separator.
At this time, "*" escaping is not supported. For example, you cannot exclude a file that contains an asterisk "*" in the file name.
**
Excludes drives and directories.
Can be used to include child directories.
Matches zero or more layers of a directory (e.g. "/**/").
Note that "**" is not just a double "*", it is a special notation.
Note that "/**/" can appear in the pattern string multiple times, there is no limitation.
Examples
For the following path:
/Application/TestApp/MyApp/program.dmg
Examples of correct exclusions
  • /Application/**/MyApp/program.dmg
    • Excludes program.dmg as long as program.dmg is located under the "MyApp" child directory.
  • /Application/**/MyApp/*.dmg
    • Excludes any .dmg extension file as long as the executable is located under the "MyApp" child directory.
  • /Application/**/MyApp/*
    • Excludes any executable as long as the executable is located under the "MyApp" child directory.
  • /Application/TestApp/**/program.dmg
    • Excludes program.dmg as long as program.exe is located under any child directory that belongs to "TestApp" parent directory.
Examples of incorrect exclusions
  • /Application/TestA**.dmg
    • "**" is used for directories. Use a single asterisk "*" for executables.
  • /Application/**
    • "**" is used for directories. There is no single asterisk "*" specifying executables to exclude.
Not recommended exclusion:
  • /**/*
Would effectively exclude anything in any directory (including child directories).

RHEL\CentOS 7.9 Support

We are pleased to announce support for RHEL\CentOS 7.9. The following kernel versions are supported:
  • 3.10.0-1160.el7.x86_64

Additional
Linux
Kernel Support

Support for the following additional
Linux
kernels have been added to the agent version 1580 release. To view the full list of supported
Linux
kernels in the agent version 1580 release, download the Supported
Linux
Kernels spreadsheet: https://docs.blackberry.com/en/unified-endpoint-security/blackberry-protect-desktop/latest.
RHEL\CentOS 6
  • 2.6.32-279.33.1.el6.x86_64
  • 2.6.32-358.2.1.el6.x86_64
  • 2.6.32-431.el6.x86_64
  • 2.6.32-431.46.2.el6.x86_64
  • 2.6.32-431.64.1.el6.x86_64
  • 2.6.32-754.31.1.el6.i686
  • 2.6.32-754.31.1.el6.x86_64
  • 2.6.32-754.33.1.el6.i686
  • 2.6.32-754.33.1.el6.x86_64
  • 2.6.32-754.35.1.el6.i686
  • 2.6.32-754.35.1.el6.x86_64
RHEL\CentOS 7
  • 3.10.0-229.42.1.el7.x86_64
  • 3.10.0-514.51.1.el7.x86_64
  • 3.10.0-514.58.1.el7.x86_64
  • 3.10.0-514.61.1.el7.x86_64
  • 3.10.0-693.33.1.el7.x86_64
  • 3.10.0-693.39.1.el7.x86_64
  • 3.10.0-693.43.1.el7.x86_64
  • 3.10.0-862.25.3.el7.x86_64
  • 3.10.0-862.29.1.el7.x86_64
  • 3.10.0-862.51.1.el7.x86_64
  • 3.10.0-957.46.1.el7.x86_64
  • 3.10.0-957.58.2.el7.x86_64
  • 3.10.0-1062.31.2.el7.x86_64
  • 3.10.0-1127.13.1.el7.x86_64
  • 3.10.0-1127.18.2.el7.x86_64
  • 3.10.0-1127.19.1.el7.x86_64
  • 3.10.0-1160.el7.x86_64
  • 3.10.0-1160.2.1.el7.x86_64
  • 3.10.0-1160.2.2.el7.x86_64
  • 3.10.0-1160.6.1.el7.x86_64
  • 3.10.0-1160.11.1.el7.x86_64
RHEL\CentOS 8
  • 4.18.0-147.5.1.el8_1.x86_64
  • 4.18.0-147.8.1.el8_1.x86_64
  • 4.18.0-193.14.3.el8_2.x86_64
Amazon 1
  • 4.14.193-113.317.amzn1.x86_64
  • 4.14.200-116.320.amzn1.x86_64
  • 4.14.203-116.332.amzn1.x86_64
Amazon 2
  • 4.14.193-149.317.amzn2.x86_64
  • 4.14.198-152.320.amzn2.x86_64
  • 4.14.200-155.322.amzn2.x86_64
  • 4.14.203-156.332.amzn2.x86_64
  • 4.14.209-160.335.amzn2.x86_64
  • 4.14.209-160.339.amzn2.x86_64
Ubuntu 16.04
  • 4.15.0-115-generic (i686 and x86_64)
  • 4.15.0-117-generic (i686 and x86_64)
  • 4.15.0-118-generic (i686 and x86_64)
  • 4.15.0-120-generic (i686 and x86_64)
  • 4.15.0-122-generic (i686 and x86_64)
  • 4.15.0-123-generic (i686 and x86_64)
  • 4.15.0-128-generic (i686 and x86_64)
  • 4.15.0-129-generic (i686 and x86_64)
  • 4.4.0-189-generic (i686 and x86_64)
  • 4.4.0-190-generic (i686 and x86_64)
  • 4.4.0-193-generic (i686 and x86_64)
  • 4.4.0-194-generic (i686 and x86_64)
  • 4.4.0-197-generic (i686 and x86_64)
  • 4.4.0-198-generic (i686 and x86_64)
Ubuntu 18.04
  • 4.15.0-115-generic.x86_64
  • 4.15.0-117-generic.x86_64
  • 4.15.0-118-generic.x86_64
  • 4.15.0-121-generic.x86_64
  • 4.15.0-122-generic.x86_64
  • 4.15.0-123-generic.x86_64
  • 4.15.0-124-generic.x86_64
  • 4.15.0-128-generic.x86_64
  • 4.15.0-129-generic.x86_64
  • 4.15.0-130-generic.x86_64
  • 5.0.0-61-generic.x86_64
  • 5.0.0-62-generic.x86_64
  • 5.0.0-63-generic.x86_64
  • 5.3.0-66-generic.x86_64
  • 5.3.0-67-generic.x86_64
  • 5.3.0-68-generic.x86_64
  • 5.3.0-69-generic.x86_64
  • 5.4.0-45-generic.x86_64
  • 5.4.0-47-generic.x86_64
  • 5.4.0-48-generic.x86_64
  • 5.4.0-51-generic.x86_64
  • 5.4.0-52-generic.x86_64
  • 5.4.0-53-generic.x86_64
  • 5.4.0-54-generic.x86_64
  • 5.4.0-58-generic.x86_64
  • 5.4.0-59-generic.x86_64
  • 5.4.0-60-generic.x86_64

UEFI Secure Boot support for
Linux

We are pleased to announce support for UEFI Secure Boot for
Linux
in this release. To use this feature, you must use
BlackBerry Protect Desktop
’s Secure Boot CA certificate.
  1. Configure your
    Linux
    device to boot in UEFI mode. Secure boot should be enabled.
  2. Download the Secure Boot CA certificate (
    secure_boot.der
    ) to your device. See the BlackBerry Protect Desktop agent UEFI Secure Boot support for Linux KB on the Support site.
  3. Enroll the Secure Boot CA certificate in the EFI shim using MokManager. You will be prompted to create a certificate password as part of this process.
  4. Reboot the device. During reboot you will be prompted to enter the certificate’s password you created in the previous step.
  5. Enter the password to complete enrollment.
  6. Install
    BlackBerry Protect Desktop
    agent version 1580.