Installing CylancePROTECT

Last Updated : Aug 29, 2022 |

About this task

To install CylancePROTECT for Avaya Analytics on CSP.

Procedure

  1. Copy the Cylance tar CylancePROTECT.centos8.tar file to the Cluster Control Manager (CCM) folder.You need to copy the tar file to the customer folder For example: /home/cust location.
    This tar file contains the following packages that must be installed

    • CylancePROTECTOpenDriver-3.0.1005-2344.el8.x86_64.rpm

    • CylancePROTECTDriver-3.0.1005-2344.el8.x86_64.rpm

    • CylancePROTECT.el8.rpm

  2. Untar the tar file using the command, tar -xvf CylancePROTECT.centos8.tar
  3. Before installing RPM, create the following file:

    /opt/cylance/config_defaults

    The file contains the following configuration:

    InstallToken=QFyc1OvU9DhT7K5fqZQ8rf08
SelfProtectionLevel=2
LogLevel=2
VenueZone=LABS-CSP-prasannak
UiMode=2
    Note:

    The above example depicts the installation token and zone information allocated to CSP. Adopting products need to obtain their own tokens and zones created by the Avaya antivirus team.

    The config_defaults is available at the location /opt/cylance/. If you are unaware of VenueZone, do not add to the configuration file.

  4. To install Cylance on Cluster Control Manager (CCM), use the below command 
    rpm -ivh CylancePROTECTOpenDriver-3.0.1005-2344.el8.x86_64.rpm
rpm -ivh CylancePROTECTDriver-3.0.1005-2344.el8.x86_64.rpm
rpm -ivh CylancePROTECT.el8.rpm
  5. Use the following command from the SSH to the node where you want to install Cylance:

    cluster_ssh

  6. Copy the cylance rpm from the CCM to the /var/vcap/data folder on each of the nodes using the below commands (assuming the CCM IP is 10.30.7.51 where customer is the customer user).
    Note:

    Before proceeding, take a snapshot and remove it within 72 hours of completing the process.Take a backup of Analytics data and also a backup of the CCM.

    scp cust@10.30.7.51:/home/cust/CylancePROTECTOpenDriver-3.0.1005-2344.el8.x86_64.rpm
scp cust@10.30.7.51:/home/cust/CylancePROTECTDriver-3.0.1005-2344.el8.x86_64.rpm
scp cust@10.30.7.51:/home/cust/CylancePROTECT.el8.rpm

    When prompted, enter the password for the customer account on CCM.

  7. Create the file /opt/cylance/config_defaults.txt similar to step 3.
  8. To install Cylance use the following command: 
    cd /var/vcap/data
    rpm -ivh CylancePROTECTOpenDriver-3.0.1005-2344.el8.x86_64.rpm
    rpm -ivh CylancePROTECTDriver-3.0.1005-2344.el8.x86_64.rpm
    rpm -ivh CylancePROTECT.el8.rpm
  9. If you view a failure message during rpm installation, use the following command to uninstall rpm and reinstall using the following commands:
    1. To find the rpm version, use rpm -qa|grep Cylance

      You view the following output is displayed:

      [root@ data]# rpm -qa|grep Cylance

      CylancePROTECTOpenDriver-3.0.1005-2344.el8.x86_64

      CylancePROTECTDriver-3.0.1005-2344.el8.x86_64

    2. Uninstall the rpm using the following command.The value passed after -e in the command above is the name obtained in step 1. (After the command, not before)

      rpm -e CylancePROTECT-3.0.1005-2335.x86_64

      rpm -e CylancePROTECTDriver-3.0.1005-2344.el8.x86_64

      rpm -e CylancePROTECTOpenDriver-3.0.1005-2344.el8.x86_64

    If a node is recreated or a new node is added to the k8s cluster, Cylance needs to be installed manually.

  10. Repeat steps 4 to 8 for each of the nodes.