Skip to main content
Solved

Cylance Asking for Security and Privacy Approval Post-Installation (Big Sur and Monterey)

  • September 29, 2022
  • 5 replies
  • 36 views
C
Forum|alt.badge.img+6
 

Here's what I'm talking about:

 

I've tried several Configuration Profile configurations and followed the instructions as provided by Cylance, but what's pictured above still appears. For now, we've been manually hitting the "Allow" button to ensure that Cylance fully installs. 

Any advice would be appreciated!

Best answer by cyborghere

I resolved the issue myself. After several rounds of trial and error, I came up with this configuration profile. We currently just install Protect in our MacOS environment, so the Optics parts are probably unnecessary now, but hey, it's been working for a few months at this point.  

 

 

Cylance Privacy Configuration Profile

“Content Filter” Settings

  • Filter Name: com.cylance.CyOpticsESF.extension

  • Identifier: com.cylance.CyOpticsESF.extension

  • Socket Filter

    • Socket Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
    • Socket Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")

  • Network Filter

    • Network Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
    • Network Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")

“Privacy Preferences Policy Control” Settings

App Access (x3)

1 - App Access

  • Identifier: com.cylance.CylanceEndpointSecurity.extension
  • Identifier Type: Bundle ID
  • Code Requirement: identifier "com.cylance.CylanceEndpointSecurity.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
  • App or Service: SystemPolicyAllFiles
  • Access: Allow

2 - App Access

  • Identifier: com.cylance.Optics
  • Identifier Type: Bundle ID
  • Code Requirement: identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "6ENJ69K633"identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633"
  • App or Service: SystemPolicyAllFiles
  • Access: Allow

3 - App Access

  • Identifier: com.cylance.Agent
  • Identifier Type: Bundle ID
  • Code Requirement: identifier "com.cylance.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633"
  • App or Service: SystemPolicyAllFiles
  • Access: Allow

“System Extensions” Settings

Allowed Team IDs and System Extensions

Display Name: Cylance Endpoint Security Optics + Protect System Extension

System Extension Types: Allowed System Extensions

Team Identifier: 6ENJ69K633

Allowed System Extensions:

  • com.cylance.CyOpticsESF.extension
  • com.cylance.CylanceEndpointSecurity.extension

Sources

  1. https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/setup/setup/Steps-to-set-up-BlackBerry-Optics/Install-the-BlackBerry-Optics-agent-on-endpoint-devices/Configuration-requirements-for-macOS-Big-Sur-devices
  2. https://support.blackberry.com/kb/articleDetail?articleNumber=000067335&language=en_US
  3. https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/cylanceprotect-desktop-upgrade/Troubleshooting-cylanceprotect-desktop

 

    5 replies

    B
    Forum|alt.badge.img+5
    • btowns
    • Contributor
    • 26 replies
    • October 8, 2022

    I had a similar issue with Crowdstrike, nothing I did would approve what appeared to be a system extension. However, it turned out that it was being caused by the enablement of a feature that provided some scanning of the bios, or something like that, which actually was using a kernel extension. We’ve since disabled this feature (which was not actually doing anything) and the prompt has been resolved.

    C
    Forum|alt.badge.img+6
    • cyborghere
    • Author
    • New Contributor
    • 7 replies
    • October 20, 2022

    I had a similar issue with Crowdstrike, nothing I did would approve what appeared to be a system extension. However, it turned out that it was being caused by the enablement of a feature that provided some scanning of the bios, or something like that, which actually was using a kernel extension. We’ve since disabled this feature (which was not actually doing anything) and the prompt has been resolved.


    Hmm good to know. Unfortunately, the attribute that requires a pre-approved Kernel Extension is a vital piece of the software. But you bringing this up has given me an idea, so I appreciate it! I know know that I need to approve legacy kernel extension in Big Sur and up.

    S
    Forum|alt.badge.img
    • sf-identify
    • New Contributor
    • 1 reply
    • November 8, 2022

    @cyborghere Is it possible to share how this could be resolved? 

    C
    Forum|alt.badge.img+6
    • cyborghere
    • Author
    • New Contributor
    • 7 replies
    • November 14, 2022

    @cyborghere Is it possible to share how this could be resolved? 


    I was going to try these instructions from Apple that detail legacy kernel extension approval: https://support.apple.com/en-us/HT211860

    C
    Forum|alt.badge.img+6
    • cyborghere
    • Author
    • New Contributor
    • 7 replies
    • Answer
    • March 20, 2023

    I resolved the issue myself. After several rounds of trial and error, I came up with this configuration profile. We currently just install Protect in our MacOS environment, so the Optics parts are probably unnecessary now, but hey, it's been working for a few months at this point.  

     

     

    Cylance Privacy Configuration Profile

    “Content Filter” Settings

    • Filter Name: com.cylance.CyOpticsESF.extension

    • Identifier: com.cylance.CyOpticsESF.extension

    • Socket Filter

      • Socket Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
      • Socket Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")

    • Network Filter

      • Network Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
      • Network Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")

    “Privacy Preferences Policy Control” Settings

    App Access (x3)

    1 - App Access

    • Identifier: com.cylance.CylanceEndpointSecurity.extension
    • Identifier Type: Bundle ID
    • Code Requirement: identifier "com.cylance.CylanceEndpointSecurity.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
    • App or Service: SystemPolicyAllFiles
    • Access: Allow

    2 - App Access

    • Identifier: com.cylance.Optics
    • Identifier Type: Bundle ID
    • Code Requirement: identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "6ENJ69K633"identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633"
    • App or Service: SystemPolicyAllFiles
    • Access: Allow

    3 - App Access

    • Identifier: com.cylance.Agent
    • Identifier Type: Bundle ID
    • Code Requirement: identifier "com.cylance.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633"
    • App or Service: SystemPolicyAllFiles
    • Access: Allow

    “System Extensions” Settings

    Allowed Team IDs and System Extensions

    Display Name: Cylance Endpoint Security Optics + Protect System Extension

    System Extension Types: Allowed System Extensions

    Team Identifier: 6ENJ69K633

    Allowed System Extensions:

    • com.cylance.CyOpticsESF.extension
    • com.cylance.CylanceEndpointSecurity.extension

    Sources

    1. https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/setup/setup/Steps-to-set-up-BlackBerry-Optics/Install-the-BlackBerry-Optics-agent-on-endpoint-devices/Configuration-requirements-for-macOS-Big-Sur-devices
    2. https://support.blackberry.com/kb/articleDetail?articleNumber=000067335&language=en_US
    3. https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/cylanceprotect-desktop-upgrade/Troubleshooting-cylanceprotect-desktop

     


    Terms & ConditionsCookie settingsAccessibility statement