Skip Navigation

How
CylancePROTECT Desktop
collects and uses data

For complete information about this product, see the Cylance Endpoint Security docs.
Item
Data collection and use
Malware detection and remediation
  • CylancePROTECT Desktop
    uses machine learning to analyze executable files to:
    • Prevent malware from executing on device endpoints
    • Conduct malware risk scoring
    • Classify malware
    • Improve the effectiveness of
      BlackBerry
      products
  • The collection of potentially malicious executable files is based on your configuration of the product. You can configure the product to allow or prevent the transfer of the following data:
    • Hostname
    • FQDN
    • IP address
    • MAC address
    • File owner
    • File path
    • Username
  • When a potentially malicious executable file is uploaded, it is transferred to the
    CylancePROTECT
    cloud services (located in Northern Virginia, US) for scoring. These files are stored separately from your organization’s tenant, and any attribution data is de-identified prior to analysis.
  • BlackBerry
    does not share collected files with third parties.
Customer administrator information
BlackBerry
collects the following information to deliver customer support:
  • First name
  • Last name
  • Email address
  • Phone number
Collection of endpoint data
BlackBerry
collects and processes the following endpoint data to identify and protect the device from threats:
  • Device name
  • Hostname
  • FQDN
  • IP addresses
  • MAC addresses
  • Name of the user most recently logged in
Application inventory
BlackBerry
collects the following application information to identify and protect customer endpoints against threats:
  • Application name
  • Version
  • Vendor name
  • Hot fixes installed
  • Installation date
  • Hostname
  • Username
Threat events
BlackBerry
collects the following threat information to manage the resolution of detected events:
  • Threat details
  • Status
  • Date time
  • Assigned user
Customer administrative login activity
BlackBerry
collects the following customer login information to audit authentication activity and manage risks:
  • Login activity from administrators of a customer's tenant (including date and time)
  • User's unique identifier
  • User status
  • User account name
Data storage
  • BlackBerry
    uses the data described above to facilitate the performance of the license agreement under which
    BlackBerry
    ’s services and products are offered. The data is shared only with necessary third-party services that are needed to fulfill the intended purpose of the services.
  • BlackBerry
    will not sell, lease, or otherwise distribute this information.
  • Endpoint data is removed at the end of the contract. Administrators can remove data using the management console.
  • Potentially malicious executables are retained indefinitely. No data is retained that can be used to associate the executable with an individual or organization.
  • The endpoint data that is collected is stored in one of the following subprocessors:
    • Amazon Web Services
      ; Asia Pacific (Australia, Japan), Europe (Germany), North America (United States), South America (Brazil)
    • Databricks: Asia Pacific (Australia), Europe (Germany), North America (United States)
    • MessageBird (email address data only): United States

Data retention

Personal data processed
Data retention period
Customer administration information
Personal data may be deleted upon request.
Endpoint data
All endpoint data is removed 30 days after the end of the contract. Data for inactive devices may be automatically removed based on customer configured policies. Customer administrators may also remove data through the console or provide instructions to customer support to remove endpoint data.
Potentially malicious portable executables and scripts
Data is de-identified and retained indefinitely.
Potentially malicious files uploaded through management console
Data is de-identified and retained indefinitely.
Application inventory
Data is removed 30 days after the end of the contract.
Threat events
Data is stored for up to 37 days.
Customer administrative login activity
Data is stored for 1 year.
Email delivery activity
Data is stored for 30 days.