Migrating Cylance Agents to a new Tenant

NOTE: You will want to pre-stage the new tenant with any needed zones, policies, and exclusions prior to migrating the devices. 

The recommended migration process is:

1. Push the new install token from your new tenant to your devices, using one of the methods in KB article 66577 below.
   • Currently our preferred method is to use an RMM tool to push the registry value with the new install token
2. Export a list of the devices you will want to migrate from the tenant they are currently registered in
3. Remove the devices from their current tenant (once the new install token has been pushed to at least a majority of the desired devices)
   1. Any devices removed that have the registry value with the new token will automatically register to the new tenant in the next 5 - 10 minutes
4. Compare the registered devices to your exported list and track down any stragglers.

 

---

Table of Contents

• Re-applying the Installation Token to one or more unregistered devices
  • For Windows:
  • For OS X / macOS:
  • For Linux:

Re-applying the Installation Token to one or more unregistered devices

ARTICLE NUMBER

000066577

ENVIRONMENT

• CylancePROTECT

OVERVIEW

A CylancePROTECT agent may become unregistered when the following occurs:

• After requesting an installation token
• After troubleshooting, the root cause is found to be an invalid installation token

CAUSE

Devices were unregistered or removed from the Cylance console, which is used to administer CylancePROTECT.

 

RESOLUTION

For Windows:

Resolution 1:

For the following Registry Key

HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop
Create a String (REG_SZ) value "InstallToken"=<your installation token here>

Your organization token is located by navigating to Settings > Application > Installation Token.

By default, restrictions are implemented on CylancePROTECT (referred to as Self Protection) so that the user on the device is not able to modify the CylancePROTECT registry hive. It may be necessary to take ownership of the registry hive before making the changes described above.

Resolution 2:

Use PsExec to elevate privilege and push the key down to all Windows devices in your organization. Those that don't require a key are not impacted, but those requesting the key immediately re-register and check into the console:

psexec -s @C:\temp\hosts.txt REG ADD HKLM\SOFTWARE\Cylance\Desktop /v InstallToken /t REG_SZ /d TOKEN /f

Where hosts.txt contains a list of all the hosts and TOKEN represents the Token found by navigating to Settings > Application > Installation Token.

Resolution 3

Use a preferred deployment mechanism (SCCM, BigFix, GPO, etc.) to write to the registry. Use the following format for the .reg file:

+++++
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop]
"InstallToken"="<your key here>"
+++++

 

Important:

• You do not need to restart the service or reboot for the change to take affect. 
• Systems that are already registered with the console are not impacted by adding the registry value. Since they are already registered, they ignore the extraneous registry value.

For OS X / macOS:

Stop the CylancePROTECT service:

Complete the following steps:

1. Open Terminal.
2. Type sudo launchctl unload /Library/LaunchDaemons/com.cylance.agent_service.plist, and click Return.
3. Type your password, and click Return.

Edit the values.xml file:

You can edit the values.xml file to include the new Installation Token. To edit the XML file, you can use TextEdit, the command line, or a bash script.

 

For Linux:

Resolution 1:

The following command can be used to re-register the agent

/opt/cylance/desktop/cylance -r token

 

WORKAROUND

Workaround 1: Using TextEdit

Complete the following workaround steps:

• Log in to the system as root.
• The values.xml file is located at the following location:

/Library/Application\ Support/Cylance/Desktop/registry/LocalMachine/Software/Cylance/Desktop

• Open the XML file using TextEdit.
• Add a line after <values>, then add the following:
  • <value name="InstallToken" type="string">[Installation_Token]</value>
  • Replace [Installation_Token] with the correct install token.
• Save the file.

Workaround 2: Using the command line

Complete the following workaround steps:

Note: Nano is used in this example, but you can also use vi or vim. 

1. Open Terminal.
2. Type sudo nano /Library/Application\ Support/Cylance/Desktop/registry/LocalMachine/Software/Cylance/Desktop/values.xml, and click Return.
3. Type your password, and click Return.
4. Using the arrow keys, place the cursor after <values>, then click Return to add a line.
5. Type <value name="InstallToken" type="string">[Installation_Token]</value>. Replace [Installation_Token] with the correct install token.
6. Click Command + X, click Y, and then click Return. This saves the file.

 

Workaround 3: Using a bash script

Use a bash script to push the key down to all OS X and macOS devices in your organization. Those that don't require a key are not impacted. Those that request the key immediately re-register and check into the console.

Complete the following workaround steps:

1. Create a file (CylanceReRegister.sh) with the following contents:

#!/usr/bin/bash

TOKEN=INSTALLTOKENHERE

FILE="/Library/Application Support/Cylance/Desktop/registry/LocalMachine/Software/Cylance/Desktop/values.xml"

sed -i '' 's/.*<values>.*/&\

<value name="InstallToken" type="string">'$TOKEN'<\/value>/' "$FILE"

 

Where INSTALLTOKENHERE represents the Token from Settings > Application > Installation Token.

 

2. Use a preferred deployment mechanism (Casper, etc.) to run the bash script using sudo, as follows: 

sudo bash ./CylanceReRegister.sh

 

ADDITIONAL INFORMATION

Start the CylancePROTECT service:

Complete the following steps:

1. Open Terminal.
2. Type sudo launchctl load /Library/LaunchDaemons/com.cylance.agent_service.plist, and click Return.
3. Type your password, and click Return.