- Jamf Nation Community
- Products
- Jamf Pro
- Cylance Asking for Security and Privacy Approval P...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2022 12:27 PM
Here's what I'm talking about:
I've tried several Configuration Profile configurations and followed the instructions as provided by Cylance, but what's pictured above still appears. For now, we've been manually hitting the "Allow" button to ensure that Cylance fully installs.
Any advice would be appreciated!
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2023 08:10 AM - edited 03-20-2023 08:10 AM
I resolved the issue myself. After several rounds of trial and error, I came up with this configuration profile. We currently just install Protect in our MacOS environment, so the Optics parts are probably unnecessary now, but hey, it's been working for a few months at this point.
Cylance Privacy Configuration Profile
“Content Filter” Settings
Filter Name: com.cylance.CyOpticsESF.extension
Identifier: com.cylance.CyOpticsESF.extension
Socket Filter
- Socket Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
- Socket Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
Network Filter
- Network Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
- Network Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
“Privacy Preferences Policy Control” Settings
App Access (x3)
1 - App Access
- Identifier: com.cylance.CylanceEndpointSecurity.extension
- Identifier Type: Bundle ID
- Code Requirement: identifier "com.cylance.CylanceEndpointSecurity.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
- App or Service: SystemPolicyAllFiles
- Access: Allow
2 - App Access
- Identifier: com.cylance.Optics
- Identifier Type: Bundle ID
- Code Requirement: identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "6ENJ69K633"identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633"
- App or Service: SystemPolicyAllFiles
- Access: Allow
3 - App Access
- Identifier: com.cylance.Agent
- Identifier Type: Bundle ID
- Code Requirement: identifier "com.cylance.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633"
- App or Service: SystemPolicyAllFiles
- Access: Allow
“System Extensions” Settings
Allowed Team IDs and System Extensions
Display Name: Cylance Endpoint Security Optics + Protect System Extension
System Extension Types: Allowed System Extensions
Team Identifier: 6ENJ69K633
Allowed System Extensions:
- com.cylance.CyOpticsESF.extension
- com.cylance.CylanceEndpointSecurity.extension
Sources
- https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/setup/setup/Steps-to-set-up-...
- https://support.blackberry.com/kb/articleDetail?articleNumber=000067335&language=en_US
- https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/cylanceprotect-desktop-upgra...
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-08-2022 04:19 PM
I had a similar issue with Crowdstrike, nothing I did would approve what appeared to be a system extension. However, it turned out that it was being caused by the enablement of a feature that provided some scanning of the bios, or something like that, which actually was using a kernel extension. We’ve since disabled this feature (which was not actually doing anything) and the prompt has been resolved.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-20-2022 01:27 PM
Hmm good to know. Unfortunately, the attribute that requires a pre-approved Kernel Extension is a vital piece of the software. But you bringing this up has given me an idea, so I appreciate it! I know know that I need to approve legacy kernel extension in Big Sur and up.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2022 05:36 AM
@cyborghere Is it possible to share how this could be resolved?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-14-2022 05:20 AM
I was going to try these instructions from Apple that detail legacy kernel extension approval: https://support.apple.com/en-us/HT211860
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2023 08:10 AM - edited 03-20-2023 08:10 AM
I resolved the issue myself. After several rounds of trial and error, I came up with this configuration profile. We currently just install Protect in our MacOS environment, so the Optics parts are probably unnecessary now, but hey, it's been working for a few months at this point.
Cylance Privacy Configuration Profile
“Content Filter” Settings
Filter Name: com.cylance.CyOpticsESF.extension
Identifier: com.cylance.CyOpticsESF.extension
Socket Filter
- Socket Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
- Socket Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
Network Filter
- Network Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
- Network Filter Designated Requirement: anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
“Privacy Preferences Policy Control” Settings
App Access (x3)
1 - App Access
- Identifier: com.cylance.CylanceEndpointSecurity.extension
- Identifier Type: Bundle ID
- Code Requirement: identifier "com.cylance.CylanceEndpointSecurity.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
- App or Service: SystemPolicyAllFiles
- Access: Allow
2 - App Access
- Identifier: com.cylance.Optics
- Identifier Type: Bundle ID
- Code Requirement: identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "6ENJ69K633"identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633"
- App or Service: SystemPolicyAllFiles
- Access: Allow
3 - App Access
- Identifier: com.cylance.Agent
- Identifier Type: Bundle ID
- Code Requirement: identifier "com.cylance.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "6ENJ69K633"
- App or Service: SystemPolicyAllFiles
- Access: Allow
“System Extensions” Settings
Allowed Team IDs and System Extensions
Display Name: Cylance Endpoint Security Optics + Protect System Extension
System Extension Types: Allowed System Extensions
Team Identifier: 6ENJ69K633
Allowed System Extensions:
- com.cylance.CyOpticsESF.extension
- com.cylance.CylanceEndpointSecurity.extension
Sources
- https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/setup/setup/Steps-to-set-up-...
- https://support.blackberry.com/kb/articleDetail?articleNumber=000067335&language=en_US
- https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/cylanceprotect-desktop-upgra...
