Best practices to deploy CylancePROTECT on servers

There is no special consideration in regards to devices in a server role (examples: SQL or Exchange) when installing CylanceProtect. It is best to not set any exclusions during deployment. In this way, if/when performance issues are detected, then exclusions can be configured gradually.

Some key points and observations to advise on:

- When "Watch For New Files" is enabled, exclude the logs folder (related to the SQL) so the performance is not greatly impacted during this activity.

- Depending on the policy settings assigned to the respective device (Exchange, SQL or other), and when auto quarantine (AQT) is enabled, executable files will be prevented from running until a Cylance Score can be calculated.

Normally this doesn't cause a problem but there are some scenarios where either the application doesn't like having other applications locking their files or due to timing, a process may fail to complete successfully.

As far as the Exchange server is concerned, having "Watch For New Files" enabled, may slow down system operations. Anytime a new file is added to the device, it will be scanned. Although the scanning of files is lightweight, scanning a large number of files at one time could cause the device to slow down.

  • Enable" Background Threat Detection" and have it Run Once.
  • Make sure Execution Control is enabled
  • Disable "Watch For New Files".

Cylance Protect Admin Guide can also be useful: