Skip Navigation

Configure compliance actions to take when malware is detected

When malware is detected on a user’s device,
UEM
considers the device to be out of compliance. You can configure and assign a compliance profile to users so that
UEM
can take the appropriate action. For more information about creating and configuring compliance profiles, see Enforcing compliance rules for devices in the
UEM
Administration content.
When you first implement malware detection, it is recommended to use the monitor and log option before you implement actions that are potentially more disruptive. After monitoring compliance activity for an appropriate amount of time, you can then implement the desired actions (for example, preventing users from using
BlackBerry Dynamics
apps until the device is compliant).
If the
UEM Client
or the
BlackBerry Dynamics
app that performs malware scanning is a version that was released in February or March 2020 but does not meet the latest software requirements, note the following:
  • System apps are scanned by default on the user's device regardless of the "Scan system apps" setting in the
    BlackBerry Protect
    profile.
  • The "Malicious app package detected" compliance settings apply to both system apps and non-system apps.
  • The "Malicious system app detected" compliance settings are not applicable.
  1. In the management console, on the menu bar, click
    Policies and profiles > Compliance > Compliance
    .
  2. Create a new compliance profile or select and edit an existing compliance profile.
  3. On the
    Android
    tab, in the
    BlackBerry Protect
    section, do any of the following:
    Task
    Steps
    Configure the actions for system apps that are identified as malware
    1. Select the
      System app malware detected
      check box.
    2. Configure the prompt settings.
    3. In the
      Enforcement action for device
      drop-down list, choose one of the following:
      • To log information about the compliance issue without taking a compliance action, click
        Monitor and log
        .
      • To prevent the user from accessing work resources and apps on the device while it is out of compliance, click
        Untrust
        . Note that this option does not impact
        BlackBerry Dynamics
        apps. Data and apps are not deleted from the device.
    4. In the
      Enforcement action for BlackBerry Dynamics apps
      drop-down list, choose one of the following options:
      • To log information about the compliance issue without taking a compliance action for
        BlackBerry Dynamics
        apps, click
        Monitor and log
        .
      • To prevent the user from accessing
        BlackBerry Dynamics
        apps while the device is out of compliance, click
        Do not allow BlackBerry Dynamics apps to run
        .
    Configure the actions for non-system apps that are identified as malware
    1. Select the
      Malicious app package detected
      check box.
    2. Configure the prompt settings.
    3. In the
      Enforcement action for device
      drop-down list, choose one of the following:
      • To log information about the compliance issue without taking a compliance action, click
        Monitor and log
        .
      • To prevent the user from accessing work resources and apps on the device while it is out of compliance, click
        Untrust
        . Note that this option does not impact
        BlackBerry Dynamics
        apps. Data and apps are not deleted from the device.
    4. In the
      Enforcement action for BlackBerry Dynamics apps
      drop-down list, choose one of the following options:
      • To log information about the compliance issue without taking a compliance action for
        BlackBerry Dynamics
        apps, click
        Monitor and log
        .
      • To prevent the user from accessing
        BlackBerry Dynamics
        apps while the device is out of compliance, click
        Do not allow BlackBerry Dynamics apps to run
        .
  4. Click
    Add
    or
    Save
    .
  • Assign the profile to users and groups.
  • Optionally, configure event notifications so that when a malware app is detected on a user’s device, administrators receive an email notification that identifies the user and the malware app. If the user removes the malware app from the device, or if the app is no longer considered to be malware (for example, it was added to the approved app list),
    UEM
    sends another notification.
  • You can view information about compliance violations on the Managed devices screen (filter by compliance violations) or in a user's device details.