Cylance FAQs

macOS Mojave introduced a security feature that allows third-party applications to access protected user data. Cylance recommends that customers running macOS Mojave or later allow the Full Disk Access permission for both the Cylance Smart Antivirus service. Not enabling Full Disk Access could affect how the Agents function, such as Background Threat Detection and Memory Protection.

There are two methods to ensure that the Cylance Smart Antivirus service have the full disk access they need:

Create a Privacy Preferences Policy Control (PPPC) profileand deploy the profile to enrolled devices via MDM.

Make a manual exception in System Preferences > Security & Privacy > Privacy tab > Full disk access.

Privacy Preferences Policy Control (PPPC) Profile

A PPPCconfiguration profile can only be installed on a device that is either:

Enrolled in a Mobile Device Management (MDM) solution using an Apple Device Enrollment Program (DEP)

Enrolled in an MDM solution using a User Approved MDM enrollment

If you attempt to install the Privacy Preferences Policy Control Payload profile without an MDM, you will receive the following message:

Createa PPPCfor Cylance Products Using Jamf Pro:

The following steps show how to create a PPPC configuration profile using a popular MDM solution, Jamf Pro. These steps allow administrators to deploy the PPPC configuration profile to a targeted scope of enrolled computers.

1. Login to Jamf Pro.

2. Click onComputers, thenConfiguration Profiles.

3. ClickNew. A New macOS Configuration Profile window displays with the General Page selected.

4. In the Name field:

For Cylance Smart Antivirus, enter: CylanceSvc (PPPC)

5. In the Description field:

For Cylance Smart Antivirus, enter:Allow CylanceSvc full disk access.

6. In the Distribution Method drop down, choose "Install Automatically".

7. In the Level drop down, choose "Computer Level".

8. In the pane, scroll down and click on the Privacy Preferences Policy Control tab.

Cylance Smart Antivirus Example:

9. ClickConfigure.

10. In the Identifier field:

For Cylance Smart Antivirus, enter:com.cylance.Agent

11. In the Identifier Type drop down, choose "Bundle ID".

12. In the Code Requirement field:

For Cylance Smart Antivirus, enter:identifier "com.cylance.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6ENJ69K633"

13. Leave "Validate the Static Code Requirement" unchecked.

If checked, macOS statically validates the code requirement of the app or service on-disk.

If unchecked, macOS verifies the app in-memory while it is running.

Unchecked is the default setting. This should only be checked if the process invalidates its dynamic code signature.

14. ClickAdd.

Cylance Smart AntivirusExample:

15. Under App or Service, chooseSystemPolicyAllFiles.

Cylance Smart Antivirus Example:

16. Under Access, chooseAllowand then clickSave.

17. Click the Scope tab at the top of the page.

18. Ensure the Configuration Profile is properly scoped and will be applied to any macOS device running Cylance Smart Antivirus.

19. Once finished, clickSaveand then clickDone.

Create a Manual Exceptionin System Preferences

To allowthe Cylance Smart Antivirus service Full Disk Access, administrators can createa manual exception.These steps will need to be performed on each device not enrolled in an MDM:

1. ClickApple > System Preferences > Security & Privacy > Privacy tab.

2.Click on the lock in the lower left of the dialog to make changes and authenticate.

3.On the left pane of the dialog, click onFull Disk Access.

4. Click the+icon.

5. Browse to and select:

For Cylance Smart Antivirus select:/Library/Application Support/Cylance/Desktop/CylanceSvc.app

6. ClickOpen.

Cylance Smart Antivirus Example:

Certain major updates on Windows 10 have caused a duplicate device to appear on the Dashboard.Major Windows updates often change the device serial number which forces the Cylance fingerprint to be recalculated which will create a logically new device in the Dashboard with the same name. You are welcome to remove the duplicate device that is offline as it is not communicating with the Dashboard.

Most of the time, a failed log in is the result of a misspelled username, email, or password. Please check that your email address and password are properly typed. If you still cannot log in, please follow the instructions to reset your password:

1. From your Dashboard, click the Forgot Your Password? button:

[email protected]

2. Now type in your email address, then click Send Secure Link. This will send an email with a link to reset your password.

Note:The emailaddress will be your PERSONAL email address that you used when you registered,NOT your company email address.

If you still have an issue logging in, please send an email to for further assistance.

Offline Mode indicates the Cylance Smart Antivirus Agentinstalled on your system is not able to contact your Dashboard.

The Agent must be able to reach the management console (Dashboard) in order to report status updates and receive policy updates. If for whatever reason internet is not available, the system may display Offline Mode. Although it is displaying Offline Mode,the Agent will continue to function as configured and will protect your device. However, it is recommended that you establish an internet connection so that your system is up-to-date with yourDashboard.

[email protected]

If yourAgent is still displayingOffline Mode with internet connection, please email us at .

Once a file is quarantined, you have two choices of action (three for Windows users) that you can take:

1) Safelist the file.

If you believe it to be safe and deem it necessary to perform everyday actions on the device, then safelist the file. Here are the instructions: How To Safelist a File.

2) Let the file stay quarantined.

If you choose to allow the file to stay quarantined it will be deleted from the quarantine folder on a monthly basis to ensure it does not take up space on the machine.

For Windows:

3) Delete the quarantined file.

If you would like to remove the quarantine files from your machine for any reason, please follow these instructions to do so: How to - Delete Quarantine Files.

There are a few different ways to check if Smart AV is running (Cylance UI, Dashboard, etc). The methods to find the Cylance UI will differ slightly for Mac OS and Windows.

Offline Issues

If offline issues persist, please visit our articles on How to - Uninstall Cylance Smart Antivirus and How to - Install Cylance Smart Antivirus

For Mac OS agent issues, please refer to the above uninstall and install articles in addition to FAQ - Application Compatibility Error on Mac and Common Issues - Security Feature on High Sierra Version 10.13.2 and Higher

Dashboard

Check to see if a device is online. If offline, please refer to FAQ - What is Offline Mode ?

Windows

CylanceUI

Check the Windows Taskbar to see if the icon is present.

2. Find the About option and click on it.

3. In the About window, there will be information about Smart AV and will indicate the status as Online (if its working correctly).

Mac OS

Check the Mac OS Toolbar for a Cylance Icon and click on the About option.

2. In the About window, there will be information about Smart AV and will indicate the status as Online (if its working correctly).

Windows Defender is Microsoft's anti-virus program that comes with the operating system (Windows 8, 8.1, and 10).

When another anti-virus program is installed, Windows Defender is disabled to prevent any conflicts between the two anti-virus programs. This happens when you install Cylance Smart Antivirus.

If you uninstall Cylance Smart Antivirus and you want to use Windows Defender, you must manually re-enable Windows Defender.

Enable Windows Defender

Right-click the Start menu, then click Settings.

Click Update & security.

Under Update & security, select Windows Defender.

Click Turn on Windows Defender Antivirus.

NOTE:Windows 10 1709 (Fall Creators) updateintroduced new functionality to the Windows Defender Security Center for Anti-Viruses to report further information. This is not implemented in Cylance Smart AntiVirus at this time, and there is no issue with the Cylance Smart AntiVirus Agent.

Quick Start Guide for Cylance Smart Antivirus that will walk you through the initial setup and installation process.

Customers can turn off Auto Renewal in the following way:

1. Login to your Cylance Smart Antivirus Dashboard.

2. Click on your email address located at the upper-right corner of the page and selectMy Account:

3. From the Accountpage, click on theManage Subscription & Billing button:

4. This will take you to your account settings for the subscription you purchased from Digital River. From here, you can select Cancel Subscription.

Note:We understand there is noAuto Renewalbutton; however, you will be able to use the product until the end of your initial subscription length and you will NOT be charged again.

If you would like to allow a file to run, without the Cylance agent blocking it, you can add the file to the Safelist. Here are the steps to do so:

Note: If the files show up on your Device Detail page you can select them and choose "ALLOW" to allow them to run.

Otherwise:

1. Go to your Cylance Smart Antivirus Dashboard and log in with your credentials.

2. From the Cylance Smart Antivirus Dashboard, navigate to Settingslocated at the upper-left corner of the page:

FAQ - Do I Need to Delete Quarantined Files?

3. You will now see two tabs,Device Protection andGlobal Lists. Select theGlobal Liststab.

4. You should now see a list of files, of which are part of theQuarantined Files list. This is one of two lists that you will be able to view underGlobal Lists. You can switch between theQuarantined Files list and theSafe List via the upper-right corner of the page:

5. From theQuarantinedFiles list, select the file you wish to move to theSafeList by clicking on the white underlined file name under theFile Name column.

6. You will now be looking under theThreat Detail of the file and at the upper-right corner of the page, you will see anAdd to Safe List button:

7. You will now be prompted with anAction Confirmationwindow in which you are required to give a reason for adding it to yourSafe List.

Note: By confirming the addition of a file to your safe list, you leave yourself and your machine vulnerable to the file's intent. Please be careful and certain of your choice.

After entering a reason, you will now be able toConfirm and successfully add the file to yourSafe List:

8. You can now return to yourGlobal Listsand select theSafe Listtab to confirm that the file has been moved.

NOTE:Quarantined threats will be removed from the device automatically. More details can be found in this article: .

Note:Uninstalling Cylance Smart Antivirus on the device does not remove it from your Cylance Dashboard. You must manually remove the device from the Dashboard.

Windows

To uninstall Cylance Smart Antivirus on a Windows 7 system:

Select Start > Control Panel.

Click Uninstall a Program. If you have Icons selected instead of Categories, click Programs and Features to see Uninstall a Program.

Select Cylance Smart Antivirus

Then click Uninstall. If User Account Control (UAC) is enabled, click Yes to continue to uninstall.

For Modify Setup, click Uninstall. When the process completes, click Close.

To uninstall Cylance Smart Antivirus on a Windows 8.1 or 10 system:

Right-click the Start icon (lower-left corner)

Click Apps and Features. A list of applications installed on your system display. If you do not see Apps, click System, then click Apps & features.

Select Cylance Smart Antivirus

Then click Uninstall. If User Account Control (UAC) is enabled, click Yes to continue to uninstall.

For Modify Setup, click Uninstall. When the process completes, click Close.

Mac OS X and macOS

1. OpenSpotlight Searchand search forUninstall CylancePROTECT:

2. Once you hitEnter, you will be prompted if you want to uninstall Cylance, in which you will selectYes.

3. You will then be prompted for your device password, in which you will input it and selectOK.

Depending on your macOS version and system permissions, the above method may not be available. Alternatively, to uninstall Cylance Smart Antivirus on a macOS system (including OS X):

1. Open theTerminalapplication by searching 'Terminal' inSpotlight Search:

2. Type in:

sudo launchctl unload /Library/LaunchDaemons/com.cylance.agent_service.plist

Note:It will prompt you for your device password and will not display it on the screen when you're typing. Trust that you're typing in the correct password and pressEnter.

3. Type in:

sudo rm /Library/Application\ Support/Cylance/Desktop/registry/LocalMachine/Software/Cylance/Desktop/values.xml

4. Type in:

sudo /Applications/Cylance/Uninstall\ CylancePROTECT.app//Contents/MacOS/Uninstall\CylancePROTECT

5. Re-run uninstaller

sudo /Applications/Cylance/Uninstall\ CylancePROTECT.app/Contents/MacOS/Uninstall\ CylancePROTECT

YourTerminal window should look similar to this:

6. These instructions should allow you to successfully uninstall Cylance Smart Antivirus with the password being your device admin password.

Note: We sincerely apologize to all our macOS users, but there is currently no option to delete quarantined files manually. However, for both operating systems, the quarantined folder will be emptied and all its contents will be deleted on a monthly basis.

For Windows:In the case that you would prefer to remove the quarantined files instead of waiting for them to be removed monthly, please follow these steps:

1. You will first have to enableAdvanced UI Mode. If you need help to do this step, please refer to the following article and come back: How to - Cylance Agent - Advanced UI Mode.

2. After enabling Advanced UI Mode, right-click theCylance Agent in your system tray:

3. At the very bottom of the list, click onThreat Management. You will now see the optionDelete Quarantined and may click to do so:

4. You will be prompted to confirm the deletion of the quarantined files in which you will clickYes. After, you will have successfully removed the quarantined files.

Cylance Smart Antivirus Use can not be installed on a system with any other version of the Cylance Smart Antivirus Agent:

Enterprise

DELL ESSE

Dell Threat Defense

Etc.

The install will fail with errors.

You can only have one version of the Agent installed at any given time.

At this time, Cylance Smart Antivirus only supports computers running Windows 7 or later and Macs running Mac OS Mavericks (10.9) or later. This means we do not currently work on iPhones, iPads, or Android tablets and phones.

Please see the list of our System Requirements in the article below:

System Requirements for Cylance Smart AV

System Requirements

Operating System:

Windows 7, 8, 8.1 and 10

Mac OSX 10.9, 10.10 and 10.11

MacOS 10.12, 10.13, 10.14 and 10.15

RAM: 2GB Minimum (Available)

Available Hard Drive Space: 300MB

Additional Requirements: Microsoft .NET Framework 3.5 SP1 or higher (Windows Only)

Languages Supported: Only supported in English at this time

Cylance Smart Antivirus works on the following operating systems:

Windows 7

Windows 8

Windows 8.1

Windows 10

Mac OS X 10.9 Mavericks

Mac OS X 10.10 Yosemite

Mac OS X 10.11 El Capitan

macOS 10.12 Sierra

macOS 10.13 High Sierra

macOS 10.14 Mojave (Support introduced in 2.0.1483.508)

macOS 10.15 Catalina

macOS Current Version: 2.1.1553.502

Windows Current Version: 2.0.1533.2

Support for New and Major Updates to Operating Systems (applies to Windows and macOS platforms)

Cylance strives to support new operating systems as soon as the OSes are released, to help ensure coverage for our customers. To support a new OS or a major update to an existing OS, our Engineering and QA teams need access to a build and run through a full suite of tests to ensure there are no issues. Cylance tests using beta builds of the OS, but changes between the beta and the final release of the OS can introduce new issues that must be addressed and fully tested.

Cylance requires 30 days after the public release to verify that the Agent operates as expected. If conflicts or bugs are discovered while testing the public release, Cylance will announce a new timeline for support of the new OS or major update.

In situations where substantial OS or Feature changes occur, full functionality may take longer than 30 days. In these circumstances, Cylance will provide either viable workarounds or conclusive notifications where service may be limited.

Starting with the 10.13.2 update for macOS High Sierra, a new security feature requires users to approve new applications that interact with the kernel, a core part of the operating system. Cylance Smart Antivirus, like many other antivirus products, will now require additional steps to install on the latest versions of macOS.

Note: This should only affect new installations of the Cylance Smart Antivirus Agent on macOS High Sierra version 10.13.2 (and higher). This should not affect Agents already installed on macOS systems that were then upgraded to macOS High Sierra version 10.13.2 (and higher).

For help on finding what macOS version you are using, please read What's my macOS Version?

This new security feature in macOS High Sierra requires you to manually approve new applications that require access to the kernel, through something called Kernel Extensions. When installing Cylance Smart Antivirus on macOS High Sierra for the first time, you might see the following message:

Figure 1: User alert to allow new kernel extension

To approve the extension and continue with the installation:

Click the Open Security Preferences.The Security Preferences window will open.

If you don't see this message, click the Apple icon in the left corner of your screen and select System Preferences.

Click Security & Privacy. The Security & Privacy window will open and the General tab should display.

Click Allow. The Allow button is next to the statement "System software from developer "Cylance, Inc." was blocked from loading."

Figure 2: Approved UI for new kernel extensions

After allowing Cylance Smart Antivirus to access the kernel, the installation process will finish and Cylance Smart Antivirus will run.

Things to Know:

The User Alert (Figure 1) and the Application Approval Option (Figure 2) will only be available for 30 minutes after attempting to install the product. This behavior is by design, according to Apple's documentation.

If you wait longer than 30 minutes or cancel the installation, the User Alert will not be shown again. Only the Application Approval Option will re-appear in the Security & Privacy screen (Figure 2).

If the Allow button is no longer available, perform one of the following actions to make the Allow button re-appear.

Uninstall and re-install the Cylance Smart Antivirus Agent.

Open Application > Utilities > Terminal and run the following command:

sudo kextload /System/Library/Extensions/CyProtectDrvOSX.kext

After performing one of the above actions, go to System Preferences > Security & Privacy. Click the Allow button to allow loading the Cylance Smart Antivirus Agent extension.

If you do not approve the extension, the Cylance shield icon will show a red dot. If you click on the Cylance shield icon and choose Show Details, you will see the message "Driver Failed To Connect, Device Not Protected." While in this state, the Cylance Smart Antivirus Agent is not providing system protection.

Figure 3: Cylance Smart Antivirus cannot protect the system when Kernel Extensions are not allowed.

This article shows a step-by-step guide on how to install Cylance Smart AV on both Windows and macOS, respectively:

1. The first step for both Operating Systems (OS) is to visit your Cylance Smart AV Dashboard and log in with your credentials.

2. In yourDashboardhomepage, underMy Devices, you will seeAdd a Deviceand click it:

Common Issues - Security Feature on High Sierra Version 10.13.2 and Higher

3. You will be redirected to theAdd Devices page where you will see bothDirect Download packages, in in which you will choose the appropriate one, and your Installation Token:

Note:You can also share your protection among friends and family by sending them an invite to use one of your account licenses.

Please select the appropriate OS to continue with the installation guide:

Windows

macOS

For Windows:

4. When you run the downloaded .EXE file, you will see the Cylance Smart Antivirus Setupwindow, in which you will selectInstall:

5. You will now see theUser Account Control window, in which you will selectYes:

6. You will now be prompted for anInstallation Token and can retrieve this token from yourDashboard by clicking on the greenCopy Token button. After you have entered your token, you can press Next:

7. You will now be given the option to choose a folder path for theCylancefolder. You can choose to store it where you'd like, but the standard folder path option is available. After selecting that, the installation will be completed, and your device will now be protected.

8. You should check yourDashboard to confirm that your device has been added. You should also see theCylance Icon in your system tray located in the lower-right corner of yourWindows Taskbar:

For macOS:

4. When you run the downloaded .DMG file (which can be located in yourDownloads folder), you will see aCylancePROTECT window with instructions toDouble Click The Shield To Install. Do so:

5. Double-clicking the shield will bring up the following window with an explanation of determining the installation eligibility of the file. SelectContinue:

6. You will now be prompted for anInstallation Token and can retrieve this token from yourDashboard by clicking on the greenCopy Token button. After you have entered your token, you can selectContinue:

7.You will now be taken to a window that displays the file size ofCylance Smart AV. You will clickInstall, and if you have a adminpassword, you will be prompted to enter it.

8. If it is the first time you are installing Cylance Smart AV on this device, you will see aSystem Extension Blockedwindow in which you will selectOpen Security Preferences:

9. This will redirect you to yourSecurity & Privacysettings. You will then clickAllow forCylance Inc. to run on your device:

10. If everything is set up correctly, you should see:

11. Your installation should now be completed, and your device will now be protected. You should check yourDashboard and confirm that your device has been added. You should also see theCylance Iconlocated in the upper-right corner of yourToolbar:

IMPORTANT NOTE:Starting with the 10.13.2 update for macOS High Sierra, a new security feature requires users to approve new applications that interact with the kernel, a core part of the operating system. Cylance Smart Antivirus, like many other antivirus products, will now require additional steps to install on the latest versions of macOS. Please refer to for more information and steps to take.

If Windows is reporting that Cylance Smart Antivirus is currently not registered as a security provider, you can use the following instructions to register Cylance Smart with Windows Security Center:

1. Access the Windows Command Prompt. You can do this by searching Command Prompt in your system using the search bar on the bottom-left corner of your screen and selecting the application:

2. Now, navigate to the following directory: C:\Program Files\Cylance\Desktop.You can do this by typing in:

cd "\Program Files\Cylance\Desktop"

Note:cd stands forChangeDirectory and allows for navigation in theCommand Prompt.

3. Once in the directory, type the following command:

CylanceSvc.exe /register /enable

4. You will be prompted by a User Account Control window in which you will select Yes.

5. You have now successfully registered Cylance Smart Antivirus with Windows Security Center.

If there is a file that is being blocked on your device that you would like us to look into please give us the following information:

Device name

The SHA256 of the file being blocked

The SHA256 can be found by clicking on the file being blocked on the Dashboard and looking at the threat details.

How to - Get the SHA256 of a File

In the meantime if you trust the files, please add them to your Safe List.

https://home-support.cylance.com/hc/en-us/articles/360004856873-How-To-Safelist-a-File

If you are not able to locate the SHA256 of the files to safelist you can temporarily disable protection to allow the files to run:

Full User's Manual for Cylance Smart Antivirus.

Cylance Smart AVperforms a single initial scan of the drive when theAgentis first installed. After the initial scan, theAgent will only scan new incoming Portable Executables and modified files. This is to prevent high usage of system resources unlike traditional antivirus. TheAgentwill not perform another full scan on your drive unless manually enabled.

If you would like to perform a manual scan, please refer to How to - Cylance Agent - Advanced UI, and search for theRun a Detection setting.

All False Positive inquiries from Virus Total can be submitted to [email protected].

Please include the following details in the body of the email, if any detail is not provided your request may not be reviewed. Additionally only one VirusTotal link will be accepted per email submission. If you have multiple inquiries please send a separate email for each inquiry.

Submission Details (Required):

VirusTotal link to the file needing review (only 1 VirusTotal link per email submission):

File Name:

File Functionality (What is the purpose of this file?):

Relationship to file (are you the developer of the file or a user?)

The Cylance Smart Antivirus Agents report to and are managed in your Dashboard (cloud-based) for Policies and Updates.

The Cylance Smart Antivirus Dashboard is hosted by Amazon Web Services (AWS). Due to the nature of AWS and frequently changing IP addresses, it is not possible to identify which IPs are being used when and they can't be whitelisted (exceptions for certain IPs) that are used for running Cylance Smart AV.

CylancePROTECT is a full-featured enterprise product that we offer to businesses and our partners, whereas Cylance Smart Antivirus is for our home users. The main difference between PROTECT and Smart Antivirus, is that PROTECT allows more functionality such as system reports, system views, script control, and memory protection. This is because unlike a regular home user, PROTECT is for system administrators of a business to manage, monitor, and protect their systems. With the extra functionality, it gives these system administrators power over what is and what is NOT allowed on their business's systems. All of this functionality is not necessary for a home user and would make using our product complicated and hard to manage. We provide the same protection to our home users that we do for our clients, but more simplified and easier to use.

If your Cylance Icon has a yellow triangle on it with the error message of "Device is not Registered", and your Cylance AgentUI is requesting an installation token such as:

Cylance Dashboard

Then it's because your device was removed from your Cylance Dashboard. Please follow these instructions to re-register your device:

Note:All these instructions apply to macOS users as well.

1. Log into your with your credentials.

2. Click on + Add a Devicelocated under yourEnvironment status:

3. You will now see your Installation Token to the right of the page. Click on the buttonCopy Token:

4. You will then paste that token into the Cylance AgentUI prompt and you will have successfully re-registered your device with your Cylance Dashboard.

SHA256 is a Secure Hash Algorithm that hashes the contents of a file into a 64-bit value. Sometimes, we will request this value to evaluate a file's intention and behavior.

Note: Please note that if you are sending us a quarantined file from your system, that you can locate the SHA256 value from your Dashboard. You can do this by selecting the quarantined file and it will direct you to the file's Threat Detail. UnderThreat Information, you will see a sequence of numbers and letters underSHA256.

To get the SHA256 of a file, here are the following steps for the appropriate Operating System (OS):

Windows

Mac OS

For Windows

1. Open your File Explorer and locate the file you wish to get the SHA256 of:

2. Next, you will copy the path of the file location. This can be done by right clicking the path where the file is located and selecting the Copy address as text option:

3. Then at the bottom-left corner of your screen, you will see a search bar. Enter command prompt and select the application associated with that name:

4. You will be presented with a black window and with a file path. You will now need to type the following command:

CertUtil -hashfile <file location> SHA256

Earlier, you were told to copy the file location. After typing CertUtil -hashfile, you can right click next to the unfinished command and it will paste that location for you. However, you are not finished yet with this location. You will also need to add the file you wanted. You will insert a backslash ( \ ) and add the name of the file after the backslash. After that, don’t forget to add SHA256 and hit Enter:

5. You should now have successfully acquired the SHA256 of your file:

6. You can highlight the SHA256 with your cursor and right click to copy it to your clipboard.

If you still have an issue gathering the SHA256 of your file, please email [email protected].

For Mac OS

1. Open your Terminal.Open Launchpad (rocket icon) by clicking on it:

2. Open the folder titled Other by clicking on it:

3. Click on the application called Terminal (black box icon) and a screen will appear as such:

4. Copy and paste a similar version of this command into Terminal:

shasum -a 256 <file location>

Note: The path to the file location can be obtained by dragging and dropping the file into the Terminal window after the first part of the command (shasum -a 256) has been copied and pasted.

5. When the above command is copied and pasted with the appropriate file location, you will see something similar to:

6. As seen above, the red box identifies the SHA256 value. Double click on the value for it to be highlighted and click copy for it to be copied on your clipboard.

If you have still have an issue gathering the SHA256 of your file, please email [email protected]

During troubleshooting we will at times request logs from the device. A way we gather logs is through Advanced UI. Here are the steps to enableAdvanced UI and enable logging.

The Cylance Smart Antivirus Agent can be enabled in Advanced UI mode for additional functionality and features.

To enable Advanced UI mode, follow the steps below:

1. Disable/Exit the Agent UI

Windows: Right-click the Agent icon (system tray), then selectExit.

Mac OS X: Right-click the Agent icon (top menu), then selectExit.

2. Open the command prompt, then do the following:

Windows:

Change the directory to: C:\Program Files\Cylance\Desktop

TypeCylanceUI.exe -a

Mac OS X:

Type:sudo /Applications/Cylance/CylanceUI.app/Contents/MacOS/CylanceUI -a

Note:This is the default install path for Cylance. You may need to edit the path to match your environment accordingly.

3. The Agent UI will now appear with additional options for the user

Logging- provides user ability to set agent logging level (Error, Warning, Information, All)

Run a Detection- provides ability to start and stop an on-demand scan (across the entire device or within a specified folder)

Threat Management- allows user to delete all Quarantined files within that device (currently only available on Windows)

Enable Debug Logging via Advanced UI Options

Right-click the Agent icon.

SelectLogging > All.

Debug logging is now enabled. Replicate the problem.If it is a connectivity issue, wait for 15 minutes to collect the connection attempts.

Collect the current day's log from:

Windows:C:\Program Files\Cylance\Desktop\log\

Mac:/Library/Application Support/Cylance/Desktop/log/

Disable debug logging when you are done troubleshooting. Debug logs can result in a large file size. The default level is Information.

Note: Advanced UI will need to be re-enabled every time the machine is shutdown or rebooted. The default UI will not contain any of the Advanced options until it is enabled.

Smart Antivirus (AV) is a consumer AV released by Cylance designed for simplistic usage and running silently in the background. An AV is used to make sure that malware is scanned for and quarantined upon detection. Smart AV works by scanning Portable Executable files to prevent them from executing if they're seen as MALICIOUS. If Smart AV detects any Portable Executable files that are deemed MALICIOUS, they will be quarantined, thus, not allowing them to run.

When Cylance Smart Antivirus quarantines a file, the file is moved from its original location to the Cylance Smart Antivirus quarantine folder. The file is renamed by adding ".quarantine" to the end of the filename, thus changing the extension (e.g. malware.exe to malware.quarantine). The file is modified to prevent the file from being used, so it cannot be launched or run.

Once a file has been quarantined, either through Auto Quarantine or adding the file to the Global Quarantine list, Cylance Smart Antivirus will continue to prevent that file from running on your devices. If the filename is changed or if the file is copied to a new location on the device, Cylance will continue to block the file.

What happens if the malicious action keeps adding the same file to the same location?

Once a file has been quarantined, if a copy of the original file is placed in the original location, that copy will not be moved to the quarantine folder. Instead the file attributes are modified so the file is hidden and cannot be used. This is done to prevent the malicious action from placing the same file in the same location over and over again. This type of malicious action, also known as a Dropper, checks the original file location, and if it does not find it there, puts a copy of the file in that folder.

How do I stop a file from being quarantined?

To allow a file that has been quarantined to run please follow the steps outlined in this article:

How to - Safelist a File

If there is ever a time where the Cylance service has not started after installation, you can open the Terminal in MacOS and run the following command:

Start Cylance Service

sudo launchctl load /Library/launchdaemons/com.cylance.agent_service.plist

Stop Cylance Service

sudo launchctl unload /Library/launchdaemons/com.cylance.agent_service.plist

Note:You should use the autocomplete when typing the directory just to make sure there are no spelling errors in your command and this can be done by hitting theTab key on your keyboard.

There are times when you no longer want to provide protection for a device and want to reclaim the Cylance Smart Antivirus license it is using. For instance, if you purchase a new computer, you may want to move the license from your old system to the new one. Uninstalling the Cylance Smart Antivirus program removes protection from the device, but does not reclaim the license. To remove a device and reclaim the license, please follow these steps:

1. Go to your Cylance Smart Antivirus Dashboard and sign in with your credentials.

2. Once signed in, click on the device name under theDevice Namecolumn thatyou wish to remove:

3. From the Device Detail page, click Remove This Device:

4. You will now be asked toConfirmthe removal of this device from your account. By selectingConfirm, you will have successfully removed the device from your account and reclaimed a license.

Note: If you remove a device in the Dashboard, but do not first uninstall the software, Cylance Smart Antivirus will prompt for an Installation Token on the device. The device will remain unprotected until you provide the token. If you accidentally remove a device you did not intend to, simply copy the Installation Token from the Add Devices page and provide it to the Cylance Smart Antivirus program.

No. Cylance Smart Antivirus was designed to make security as smart and simple as possible. The software updatesautomatically so you will always be protected with the latest product features and security capabilities that Cylance has to offer.

Note:Their is a known issue with Mac devices where a uninstall and reinstall might be required in order to get the latest version of the agent. More details can be found here:

https://home-support.cylance.com/hc/en-us/articles/360021755034-Application-Compatibility-Error-on-Mac-

At this time, Cylance Smart Antivirus is only for sale in the United States, United Kingdom, Canada, Ireland, Wales, South Africa, Australia, and New Zealand. The product is only available in the English language. We are looking to expand support for additional languages and countries in the near future.

Cylance Smart Antivirusonly scans Portable Executable Files (PE), such as .exe, .dll etc.

Cylance Smart Antivirusdoes not do a traditional background threat detection, and will only scanactive and opened files and processes. If a file on a secondary drive like an external hard drive is opened/copied/moved, this will trigger a process attached to the file at while point theCylance Smart Antivirus Agent would scan it.

Cylance Smart Antivirus licenses are easily transferable to another computer. If you no longer wish to provide protection for your old system, please follow these instructions:

1. First, uninstall the application. If you need help uninstalling the program, please see: How to - Uninstall Cylance Smart Antivirus.

2. Then, log into your Dashboard and remove the old device. If you need help removing the device from your device, please see: How to - Remove a Device From My Account.

3. You will now have one device license that will be free to use when you proceed to install Cylance Smart Antivirus on your new computer.

The steps to find the agent version of Smart AV will differ slightly depending on the OS used (Mac OS or Windows).

Windows

Check the Windows Taskbar for the Smart AV icon.

2. Find the About option and click on it.

3. In the About window, there will be information about Smart AV including the version number.

Mac OS

Check the Mac OS Toolbar for a Cylance Icon and click on the About option.

2. In the About window, there will be information about Smart AV including the version number.

If your employer has bought licenses for its employees (you), then you may check your eligibility at: https://home-registration.cylance.com/#/. You check your eligibility by inputting your work email address. If you are eligible, you will receive an email with the next step to register your account where you can use either your work orpersonal email address. Otherwise, you will be notified that you are not eligible either because your company does not offer the service or because they ran out of licenses. If you believe that you should be eligible, please contact us at [email protected].

Note:Prior to contacting us, please make sure to check with your IT administrator. Also, if you have not received an email, please check your junk/spam folders of your mailbox. Thank you!

If you have reached your maximum allowed installed devices and need to put Cylance Smart Antivirus on additional computers, in most cases, you can upgrade your subscription.

Note:The highest subscription package we offer is up to 25 devices, but is recommended for our Power Users and small businesses.

Please follow the instructions to upgrade your subscription:

1. Go to your Cylance Smart Antivirus Dashboard and log in with your credentials.

2. Then, click on your email address located at the upper-right corner of the page and select My Account:

3. From theSubscription & Billingsection, click on the Manage Subscription & Billingbutton*:

4. A new tab will open and will show any available upgrade options:

5. Chose the subscription you want to upgrade to and select theCheckoutbutton beneath that plan. You will be charged the pro-rated difference between your current subscription and the new plan selected.

6. Once you have completed your upgrade purchase, you can close the upgrade plans tab and return to the Dashboard. Once your new subscription details are reflected into your account, you can start adding more devices.

Note:There can occasionally be a small delay from time of upgrade purchase to when your new subscription details appear in the Dashboard.

*Depending on your subscription type, you may not see this button or have the option to upgrade. If you received a subscription at no cost from your employer, this button will NOT appear. For paid subscriptions, if you have already reached the highest subscription level, you will not have any further upgrade options presented when you click the button.

If you have Cylance Smart Antivirus installed on a Mac device you might see the following error message:

How to - Install Cylance Smart Antivirus

This error means that an update is needed for your Smart Antivirus on your Mac machine. The latest version of the Mac application (1513.505) resolves this issue.

In order to update to this latest version you will need to uninstall Cylance Smart Antivirus and reinstall with the latest version of the Mac installer located in your console.

Here are the instructions to uninstall Cylance Smart Antivirus:

How to - Uninstall Cylance Smart Antivirus

Then follow these instructions to reinstall the latest version ofCylance Smart Antivirus:

After installing please go to the Cylance Icon on your Toolbarand make sure you have the latest version(1513.505) by clicking about:

Note:You will not need to do this in the future as updates are pushed automatically for Cylance Smart AntiVirus.

Your Cylance Smart Antivirus subscription determines the number of devices installs allowed by your license. Each unique operating system will require the use of one device license. For example, if you have a dual boot Mac running Windows and macOS, you would need to use two of your licenses, one for each OS.

The same would apply if you are using VMWare or another virtualization platform. Each virtual machine (VM) instance would require an installation of Cylance Smart Antivirus and therefore will use one device license. VMs that are suspended or not running will still hold on to one license, just like a physical computer does when it is turned off. If you no longer need a VM, you can reclaim the license by uninstalling Cylance Smart Antivirus and removing this device in your Dashboard ( https://mydashboard.cylance.com ).

Use the Community to connect with other users, Technical Support, Engineering, and Product Managers.

NOTE: For tracking purposes, open a support ticket for any technical issues or problems by emailing us at [email protected].

Login to your Cylance Smart Antivirus Console.

Clickthe down arrow on your User Name(at the top, right):

Select Support.

This authenticates you into the support site.

You can confirm you are logged in by confirming your name displays in the top, right corner (see #1 below).

ClickJoin the conversation (#2 below):

Summary

The CylancePROTECT Support Collection Tool collects Cylance Smart Antivirus product data and system information from your device to help Support analyze and resolve issues more efficiently.

Using the Cylance Smart Antivirus Support Collection Tool

Enable verbose logging on the device using the method specified in the below article: Cylance Agent - Advanced UI Mode

Wait for 10 minutes for the logging setting to take effect.

Download the CylancePROTECT Support Collection Tool and decompress all of the files and folders ontothe device you want to collect the product information from.

Run the collection tool.

For Windows, copySupport-Collection-Tool-v3.7.bat.renameand thetoolsfolder to a known location. RenameSupport-Collection-Tool-v3.7.bat.renametoSupport-Collection-Tool-v3.7.bat. Open a Command Prompt as Administrator, then invokeSupport-Collection-Tool-v3.7.bat. Data will be collected for Cylance SMART Antivirus on Windows.

For macOS, open Terminal, navigate to the collection tool folder, then enter the commandsudo bash GetCylanceInfo.sh. Provide your password when prompted. Data will be collected for Cylance SMART Antivirus.

Trying to install MAC devices with special characters in the title such as '! @ $ \% ^ & * ( ) ' will halt the installation. We recommend removing the special characters in the device name and rebooting the machine and trying the installation again.

When you have questions about or suggestions for the Cylance Smart Antivirus product, you can post these to the Community.

Note: Please search the community posts before you submit; there may already be something posted. You can find your answer or vote for a suggestion.

To submit a question:

Go to the Cylance Smart Antivirus Community page.

Click New Post.

Type a title for your post.

Type in the Details about your post.

Select the community topic you want to submit your question to.

Feature Requests: Suggest a new feature or an enhancement to an existing feature. If the feature is already posted, you can vote for it to support the idea.

General Discussion: Use for questions about the product. Like "How do I use the Support site?" or "How do I quarantine a file?"

Technical Support: Use for technical questions or issues using the product. Like "Can't get a device to show as Online."

Click Submit.

To see what version of macOS your system is using, click the Apple icon in the upper-left corner of your screen, then click About This Mac.

Installing on macOS High Sierra 10.13.2 or higher

You will see a new window open with information about your Mac computer. The first line will have the name of the macOS operating system, like macOS High Sierra.

Below the name of the operating system is the version number, like 10.13.2.

Note: If you are using macOS High Sierra version 10.13.2 or higher, you might need to do some additional steps when installing Cylance Smart Antivirus. Please read the for more information.

Cylance Smart Antivirus is now available to the general public. Please visit our public storefront at https://shop.cylance.com for current subscription options and pricing.

If you work for an organization that may be interested in purchasing Cylance Smart Antivirus for employees to protect personal devices, please reach out to your Cylance Account Manager and ask about our Volume licensing options. Volume licenses are a cost-effective way to provide protection for BYOD/"extended network".

Files that have been analyzed by Cylance will have a Classification (like Malware, Dual Use, or PUP - Potentially Unwanted Program). File classifications can be seen on the Threat Details page or the Device Details page (under Threat Activity).

Below is a list of possible classifications for each threat, along with a brief description.

UNKNOWN (Blank Entry)

The file has not been analyzed by the Cylance research team yet. Once the file is analyzed, the classification for the file will be updated.

Trusted - Local

The file has been analyzed by the Cylance research team and it is considered safe (not malicious). You can add a file classified as Trusted - Local to your Safe List (Settings > Global Lists). This will allow the file to run on any of your devices and will not generate any additional alerts.

PUP

A Potentially Unwanted Program (PUP) is a file that itself may not be malicious, but it can be used in a way that puts you at risk. If you trust the file, you can allow it to run or block it on a per device basis (Allow or Quarantine Threat). You can also add the file to the Safe List to allow it to run on any device you manage. PUPs are divided into subclasses to help you determine if the file should be allowed to run or blocked.

Subclass

Definition

Examples

Adware

Technologies that provide annoying advertisements (example: pop-ups) or provide bundled third-party add-ons when installing an application. This usually occurs without adequate notification to the user about the nature or presence of the add-on, control over installation, control over use, or the ability to fully uninstall the add-on.

Gator, Adware Info

Corrupt

Any executable file that is malformed and unable to run.

Game

Technologies that create an interactive environment with which a player can play.

Steam Games, League of Legends

Generic

Any PUP that does not fit into an existing category.

HackingTool

Technologies that are designed to assist hacking attempts.

Cobalt Strike, MetaSp0it

Portable Application

Program designed to run on a computer independently, without needing installation.

Turbo

Scripting Tool

Any script that is able to run as if it were an executable.

AutoIT, py2exe

Toolbar

Technologies that place additional buttons or input boxes on-screen within a UI.

Nasdaq Toolbar, Bring Me Sports

Other

Is a category for things that don't fit anything else, but are still PUPs. There are a lot of different PUPs, most of which aren't malicious but several that should still be brought to your attention, usually because the files have potentially negative uses or can negatively impact your systems.

Dual Use

Dual Use is a file that can be used for malicious and non-malicious purposes. Use caution if you allow this type of file to run on your devices. For example: PsExec.exe is an IT tool that can gain remote access to another computer to help troubleshoot issues, but it can also be used to execute malicious files on another system. If you find PsExec.exe on your devices, and you did not intentionally put it there, the file should be quarantined just like malware.

Subclass

Definition

Examples

Crack

Technologies that can alter (or crack) another application in order to bypass licensing limitations or Digital Rights Management protection (DRM).

Generic

Any Dual Use tool that does not fit into an existing category.

KeyGen

Technologies which can generate or recover/reveal product keys that can be used to bypass Digital Rights Management (DRM) or licensing protection of software and other digital media.

MonitoringTool

Technologies that track a user's online activities without awareness of the user by logging and possibly transmitting logs of one or more of the following:

user keystrokes

email messages

chat and instant messaging

web browsing activity

screenshot captures

application usage

Veriato 360, Refog Keylogger

Pass Crack

Technologies that can reveal a password or other sensitive user credentials either by cryptographically reversing passwords or by revealing stored passwords.

l0phtcrack, Cain & Abel

RemoteAccess

Technologies that can access another system remotely and administer commands on the remote system, or monitor user activities without user notification or consent.

Putty, PsExec, TeamViewer

Tool

Programs that offer administrative features but can be used to facilitate attacks or intrusions.

Nmap, Nessus, P0f

Malware

The Cylance research team has definitively identified the file as malware, the file should be removed or quarantined as soon as possible. Malware is divided into subclasses (see below).

Subclass

Definition

Examples

Backdoor

Malware that provides unauthorized access to a system, bypassing security measures.

Back Orifice, Eleanor

Bot

Malware that connects to a central Command and Control (C&C) botnet server.

QBot, Koobface

Downloader

Malware that downloads data to the host system.

Staged-Downloader

Dropper

Malware that installs other malware on a system.

Exploit

Malware that attacks a specific vulnerability on the system.

FakeAlert

Malware that masquerades as legitimate security software to trick the user into fixing fake security problems at a price.

Fake AV White Paper

Generic

Any malware that does not fit into an existing category.

InfoStealer

Malware that records login credentials and/or other sensitive information.

Snifula

Ransom

Malware that restricts access to system or files and demands payment for removal of restriction, thereby holding the system for ransom.

CryptoLocker, CryptoWall

Remnant

Any file that has Malware remnants after trying to remove it.

Rootkit

Malware that enables access to a computer while shielding itself or other files to avoid detection and/or removal by administrators or security technologies.

TDL, Zero Access Rootkit

Trojan

Malware that disguises itself as a legitimate program or file.

Zeus

Virus

Malware that propagates by inserting or appending itself to other files.

Sality, Virut

Worm

Malware that propagates by copying itself to another device.

Code Red, Stuxnet

The Cylance Smart Antivirus Dashboard supports the following web browsers:

Google Chrome (latest version)

Mozilla Firefox (latest version)

Microsoft Edge (latest version)

Microsoft Internet Explorer version 10 or higher (with latest updates)

Cylance Smart Antivirus identifies threats as either Abnormal or Suspicious.

Abnormal - A file with enough resemblance to a malicious file that it would be safer to block this file instead of allowing it to run on your device.

Suspicious - A file that is most likely a malicious file (Malware, Potentially Unwanted Program (PUP), or Dual Use) and should be quarantined.

Note: It is recommended that you allow Cylance Smart Antivirus to quarantine Suspicious and Abnormal files. If a file you know and trust is blocked by Cylance Smart Antivirus, you can allow that file to run.