Skip to main content
 

Here's what I'm talking about:

 

I've tried several Configuration Profile configurations and followed the instructions as provided by Cylance, but what's pictured above still appears. For now, we've been manually hitting the "Allow" button to ensure that Cylance fully installs. 

Any advice would be appreciated!

I had a similar issue with Crowdstrike, nothing I did would approve what appeared to be a system extension. However, it turned out that it was being caused by the enablement of a feature that provided some scanning of the bios, or something like that, which actually was using a kernel extension. We’ve since disabled this feature (which was not actually doing anything) and the prompt has been resolved.

I had a similar issue with Crowdstrike, nothing I did would approve what appeared to be a system extension. However, it turned out that it was being caused by the enablement of a feature that provided some scanning of the bios, or something like that, which actually was using a kernel extension. We’ve since disabled this feature (which was not actually doing anything) and the prompt has been resolved.


Hmm good to know. Unfortunately, the attribute that requires a pre-approved Kernel Extension is a vital piece of the software. But you bringing this up has given me an idea, so I appreciate it! I know know that I need to approve legacy kernel extension in Big Sur and up.

@cyborghere Is it possible to share how this could be resolved? 

@cyborghere Is it possible to share how this could be resolved? 


I was going to try these instructions from Apple that detail legacy kernel extension approval: https://support.apple.com/en-us/HT211860

I resolved the issue myself. After several rounds of trial and error, I came up with this configuration profile. We currently just install Protect in our MacOS environment, so the Optics parts are probably unnecessary now, but hey, it's been working for a few months at this point.  

 

 

Cylance Privacy Configuration Profile

“Content Filter” Settings

  • Filter Name: com.cylance.CyOpticsESF.extension

  • Identifier: com.cylance.CyOpticsESF.extension

  • Socket Filter

    • Socket Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
    • Socket Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaflfield.1.2.840.113635.100.6.1.9] /* exists / or certificate 1tfield.1.2.840.113635.100.6.2.6] / exists / and certificate leaflfield.1.2.840.113635.100.6.1.13] / exists */ and certificate leaflsubject.OU] = "6ENJ69K633")

  • Network Filter

    • Network Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
    • Network Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaflfield.1.2.840.113635.100.6.1.9] /* exists / or certificate 1tfield.1.2.840.113635.100.6.2.6] / exists / and certificate leaflfield.1.2.840.113635.100.6.1.13] / exists */ and certificate leaflsubject.OU] = "6ENJ69K633")

“Privacy Preferences Policy Control” Settings

App Access (x3)

1 - App Access

  • Identifier: com.cylance.CylanceEndpointSecurity.extension
  • Identifier Type: Bundle ID
  • Code Requirement: identifier "com.cylance.CylanceEndpointSecurity.extension" and (certificate leafafield.1.2.840.113635.100.6.1.9] /* exists / or certificate 1ffield.1.2.840.113635.100.6.2.6] / exists / and certificate leafafield.1.2.840.113635.100.6.1.13] / exists */ and certificate leafasubject.OU] = "6ENJ69K633")
  • App or Service: SystemPolicyAllFiles
  • Access: Allow

2 - App Access

  • Identifier: com.cylance.Optics
  • Identifier Type: Bundle ID
  • Code Requirement: identifier "com.cylance.Optics" and anchor apple generic and certificate 1ffield.1.2.840.113635.100.6.2.6] /* exists / and certificate leafafield.1.2.840.113635.100.6.1.13] / exists / and certificate leafasubject.OU] = "6ENJ69K633"identifier "com.cylance.Optics" and anchor apple generic and certificate 1ffield.1.2.840.113635.100.6.2.6] / exists / and certificate leafafield.1.2.840.113635.100.6.1.13] / exists */ and certificate leafasubject.OU] = "6ENJ69K633"
  • App or Service: SystemPolicyAllFiles
  • Access: Allow

3 - App Access

  • Identifier: com.cylance.Agent
  • Identifier Type: Bundle ID
  • Code Requirement: identifier "com.cylance.Agent" and anchor apple generic and certificate 1ffield.1.2.840.113635.100.6.2.6] /* exists / and certificate leafafield.1.2.840.113635.100.6.1.13] / exists */ and certificate leafasubject.OU] = "6ENJ69K633"
  • App or Service: SystemPolicyAllFiles
  • Access: Allow

“System Extensions” Settings

Allowed Team IDs and System Extensions

Display Name: Cylance Endpoint Security Optics + Protect System Extension

System Extension Types: Allowed System Extensions

Team Identifier: 6ENJ69K633

Allowed System Extensions:

  • com.cylance.CyOpticsESF.extension
  • com.cylance.CylanceEndpointSecurity.extension

Sources

  1. https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/setup/setup/Steps-to-set-up-BlackBerry-Optics/Install-the-BlackBerry-Optics-agent-on-endpoint-devices/Configuration-requirements-for-macOS-Big-Sur-devices
  2. https://support.blackberry.com/kb/articleDetail?articleNumber=000067335&language=en_US
  3. https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/cylanceprotect-desktop-upgrade/Troubleshooting-cylanceprotect-desktop

 

Reply


Terms & ConditionsCookie settings