Cylance - Support Collection Tool

Description

Overview

The BlackBerry Collection Tool, which is attached to this article for download, collects BlackBerry Protect, BlackBerry Optics and BlackBerry Persona Desktop product data and system information from your device to help Support analyze and resolve issues more efficiently.

How to use the BlackBerry Collection Tool

Windows

Complete the following steps to use the BlackBerry Collection Tool on Windows: 

  1. Enable Verbose logging on the device - Enable Debug/Verbose Logging (SonicWall)
  2. Wait 10 minutes for the logging setting to take effect.
  3. Download the attached file, BlackBerry Collection Tool for Windows and decompress all of the files and folders onto the device that you want to collect the product information from.
  4. Download the required Sysinternals tool from Microsoft.
    • All the tools can be obtained from the SysInternals Suite.
    • Extract the content of the SysinternalsSuite.zip and only copy the executables below into the tools folder of the BlackBerry Collection Tool extracted in Step 3.
      • autorunsc.exe
      • ListDLLs.exe
      • LoadOrdC.exe
      • Procmon.exe
      • psloglist.exe
      • sigcheck.exe
      • sigcheck64.exe
  5. Run the Support Collection Tool for Windows.
    • Copy the BlackBerry-Collection-Tool-for-Windows folder to a known location
      • Right-click BlackBerry-Collection-Tool-for-Windows.bat and run as administrator
      • OR Open a Command Prompt as Administrator, then invoke BlackBerry-Collection-Tool-for-Windows.bat
  6. The compressed file is created in the same location as the tool.
  7. Send the archived file to your SonicWall Cylance Security Engineer.

macOS

Complete the following steps to use the BlackBerry Collection Tool on macOS:

  1. Enable Verbose logging on the device - Enable Debug/Verbose Logging (SonicWall)
  2. Wait 10 minutes for the logging setting to take effect.
  3. Open System Preferences > Security & Privacy > Privacy > Full Disk Access. Click the lock to authenticate if needed. Click the + button. Navigate to the Applications > Utilities directory, select Terminal.app and click Open. If prompted to choose to quit Terminal.app, click Quit Now.
  4. Download the attached BlackBerry Collection Tool for macOS file, and decompress all of the files and folders onto the device you want to collect the product information from.
  5. Run the BlackBerry Collection Tool for macOS: 
    1. Open Terminal, navigate to the collection tool folder, and enter the following command:
    2. sudo bash BlackBerry_Collection_Tool_for_macOS.sh
    3. Provide your password when prompted.
  6. The compressed file is created in the same location as the tool.
  7. Open System Preferences > Security & Privacy > Privacy > Full Disk Access. Click the lock to authenticate if needed. Click on Terminal.app and click the - button.
  8. Send the archived file to your SonicWall Cylance Security Engineer.

Linux

Complete the following steps to use the BlackBerry Collection Tool on Linux: 

  1. Enable Verbose logging on the device - Enable Debug/Verbose Logging (SonicWall)
  2. Wait 10 Minutes for the logging setting to take effect.
  3. Download the attached file, BlackBerry Collection Tool for Linux and decompress all of the files onto the device that you want to collect the product information from.
    1. Open Terminal, navigate to the folder to decompress the collection tool, then enter the following command
      1. tar xvf BlackBerry_Collection_Tool_for_Linux.tgz
  4. Run the BlackBerry Collection Tool for Linux.
    1. Open Terminal, navigate to the extracted folder, then enter the following command
      1. sudo ./BlackBerry_Collection_Tool_for_Linux.sh
    2. Provide your password when prompted.
  5. The compressed file is created in the same location as the tool.
  6. Send the archived file to your SonicWall Cylance Security Engineer.

Troubleshooting

Windows Troubleshooting

Issue 1:

The Process Monitor may display the following error when attempting to run the BlackBerry Collection Tool for Windows:

Unable to load Process Monitor device driver

Complete the one of the following options:

  1. Install Microsoft Security Update KB3033929.
  2. Disable Application Control or set the change window to OPEN prior to decompressing or running the Support Collection Tool for Windows.

Issue 2:

The Process Monitor may display the following error when attempting to run the BlackBerry Collection Tool for Windows:

An error occurred opening the snapshot.

This issue is caused by Windows Defender Controlled Folder Access. 

Complete one of the following options to resolve this issue:

  • Move the BlackBerry Collection Tool for Windows outside of the Documents, Desktop, Pictures, Videos, Music, or Favorites folders, and attempt to run the BlackBerry Collection Tool for Windows again.
  • Run the following PowerShell cmdlet, then attempt to run the BlackBerry Collection Tool for Windows again:
    • Set-MpPreference -EnableControlledFolderAccess Disabled
  • Navigate to Settings > Update & Security > Windows Security > Virus & threat protection and complete the following steps:
    1. Under Virus & threat protection settings, click Manage settings.
    2. Scroll down to Controlled folder access and click Manage Controlled folder access.
    3. Toggle Controlled folder access to Off.
    4. Attempt to run the BlackBerry Collection Tool for Windows again.
    5. For additional information, see the Enable controlled folder access Microsoft article.

Issue 3:

The Process Monitor may display the following error when attempting to run the BlackBerry Collection Tool for Windows:

Process monitor required Administrators group membership.

Complete the following resolution steps:

  1. Check if the logged in user running the BlackBerry Collection Tool is a member of the local Administrators group: net localgroup administrators.
  2. Check if the logged in user running the BlackBerry Collection Tool has the SeLoadDriverPrivilege user right. This check can be performed using AccessChk, which is not included in Windows by default. You can download AccessChk from Sysinternals.
    • 32-bit versions of Windows
      • accesschk.exe /accepteula -q -a SeLoadDriverPrivilege
    • 64-bit versions of Windows
      • accesschk64.exe /accepteula -q -a SeLoadDriverPrivilege

macOS

  • macOS 10.13 virtual machines in VMware may unexpectedly restart when running the BlackBerry Collection Tool for macOS. This is caused by running the sysctl command, and is a known issue for macOS 10.13. 

Linux

  • Disable Application Control or set the change window to OPEN prior to decompressing or running the BlackBerry Collection Tool for Linux.
  • If the BlackBerry Collection Tool for Linux is unresponsive for a long period of time, update to the latest version available in this article. If the issue persists, rebuild your package database, verify that no other applications are holding a lock on the package manager, and then run the BlackBerry Collection Tool for Linux again.

Downloads

Windows

BB_Collection_Tool_for_Windows.zip

macOS

BB_Collection_Tool_for_macOS.tar

Linux

BB_Collection_Tool_for_Linux.tgz

Related Articles

  • CS : Child CID Provisioning
    Read More
  • Cylance - Uninstalling Agent
    Read More
  • NDR: Virtual Sensor Deployment (OCI)
    Read More

Categories

Managed Security Services
Endpoint Managed Detection and Response
MDR for Cylance
not finding your answers?
Ask the Community
was this article helpful?
YesNo