Cylance: Directories, Files, and Processes to Exclude
Description
- This document lists recommended Cylance Directories, Files, and Processes to exclude if you are running another AV or security product alongside Cylance.
- CylancePROTECT is designed to be a lightweight endpoint protection security control. As CylancePROTECT is Microsoft approved, it can be a complete anti-virus, anti-malware, and anti-spyware (as a group, AV) replacement. Alternatively, it can complement other host security controls.
- In most situations, Cylance software runs alongside legacy AV with no issues. However, in certain situations it may be necessary to configure your legacy AV or agent-less hypervisor scanner to not monitor the Cylance directories shown below. This may be required to avoid third-party products clashing with Cylance software.
Windows
CylancePROTECT directories, files, or processes to exclude in Windows:
| Windows Version | Path | Notes |
| Windows (all) | C:\Program Files\Cylance | Default installation location |
| Windows (all) | C:\ProgramData\Cylance | Program data and quarantine folder for newer Windows versions |
| Windows (all) | C:\Documents and Settings\All Users\Application Data\Cylance\Desktop\q | Quarantine folder for earlier Windows versions Recommended for later versions of Windows as well due to some third-party software following the junction or CSIDL path |
| Windows (all) | C:\Windows\System32\Drivers\CyProtectDrv*.sys | Cylance driver |
| Windows (all) | C:\Windows\System32\Drivers\CyDevFlt*.sys | Cylance Device Control driver |
| Windows (all) | C:\Windows\CyProtect.cache | Cache file |
| Windows (all) | C:\Windows\System32\Drivers\CylanceDrv*.sys | Cylance driver |
| Windows (all) | C:\Windows\CylanceUD.cache | Cache file |
| Windows (all) | C:\Windows\Temp\CylanceDesktopArchive | Archive files are decompressed and analyzed here |
| Windows (all) | C:\Windows\Temp\CylanceDesktopRemoteFile | Files from file shares are analyzed here |
| Windows (all) | C:\Program Files\Cylance\Desktop\CylanceSvc.exe | Core program |
| Windows (all) | C:\Program Files\Cylance\Desktop\CylanceUI.exe | User interface |
| Windows (all) | C:\Program Files\Cylance\Desktop\CyUpdate.exe | Cylance Agent update |
| Windows (all) | C:\Program Files\Cylance\Desktop\LocalePkg.exe | Localization program |
MacOS
CylancePROTECT directories to exclude in macOS:
| MacOS Version | Path |
| OS X (10.9 - 10.11) macOS 10.12 and later | /Library/Application Support/Cylance/Desktop/q |
| OS X (10.9 - 10.11) macOS 10.12 and later | /Library/Application Support/Cylance/ |
| OS X (10.9 - 10.11) macOS 10.12 and later | /System/Library/Extensions/CyProtectDrvOSX.kext/ |
| OS X (10.9 - 10.11) macOS 10.12 and later | /private/tmp/CylanceDesktopArchive |
| OS X (10.9 - 10.11) macOS 10.12 and later | /private/tmp/CylanceDesktopRemoteFile |
Linux
CylancePROTECT directories to exclude in Linux:
| Linux Version | Path |
| RedHat/CentOS 6.6 - 6.10 RedHat/CentOS 7.0 - 7.6 | /opt/cylance |
| RedHat/CentOS 6.6 - 6.10 RedHat/CentOS 7.0 - 7.6 | /usr/lib/systemd/system/cylancesvc.service |
| RedHat/CentOS 6.6 - 6.10 RedHat/CentOS 7.0 - 7.6 | /etc/sysconfig/modules/cylance.modules |
| RedHat/CentOS 6.6 - 6.10 RedHat/CentOS 7.0 - 7.6 | /usr/src/CyProtectDrv-1.2 |
| RedHat/CentOS 6.6 - 6.10 RedHat/CentOS 7.0 - 7.6 | /tmp/CylanceDesktopArchive |
| RedHat/CentOS 6.6 - 6.10 RedHat/CentOS 7.0 - 7.6 | /tmp/CylanceDesktopRemoteFile |
CylancePROTECT directories, files, or processes to exclude
Windows
C:\Program Files\Cylance
C:\ProgramData\Cylance
C:\Documents and Settings\All Users\Application Data\Cylance\Desktop\q
C:\Windows\System32\Drivers\CyProtectDrv*.sys
C:\Windows\System32\Drivers\CyDevFlt*.sys
C:\Windows\CyProtect.cache
C:\Windows\System32\Drivers\CylanceDrv*.sys
C:\Windows\CylanceUD.cache
C:\Windows\Temp\CylanceDesktopArchive
C:\Windows\Temp\CylanceDesktopRemoteFile
C:\Program Files\Cylance\Desktop\CylanceSvc.exe
C:\Program Files\Cylance\Desktop\CylanceUI.exe
C:\Program Files\Cylance\Desktop\CyUpdate.exe
C:\Program Files\Cylance\Desktop\LocalePkg.exe
MacOS
/Library/Application Support/Cylance/Desktop/q
/Library/Application Support/Cylance/
/System/Library/Extensions/CyProtectDrvOSX.kext/
/private/tmp/CylanceDesktopArchive
/private/tmp/CylanceDesktopRemoteFile
Linux
/opt/cylance
/usr/lib/systemd/system/cylancesvc.service
/etc/sysconfig/modules/cylance.modules
/usr/src/CyProtectDrv-1.2
/tmp/CylanceDesktopArchive
/tmp/CylanceDesktopRemoteFile