Configure compliance actions to take when malware is detected
When malware is detected on a user’s device,
UEM
considers the device to be out of compliance. You can configure and assign a compliance profile to users so that UEM
can take the appropriate action. For more information about creating and configuring compliance profiles, see Enforcing compliance rules for devices in the UEM
Administration content.
When you first implement malware detection, it is recommended to use the monitor and log option before you implement actions that are potentially more disruptive. After monitoring compliance activity for an appropriate amount of time, you can then implement the desired actions (for example, preventing users from using
BlackBerry
Dynamics
apps until the device is compliant).- In the management console, on the menu bar, clickPolicies and profiles > Compliance > Compliance.
- Create a new compliance profile or select and edit an existing compliance profile.
- On theAndroidtab, in theCylancePROTECTsection, do any of the following:TaskStepsConfigure the actions for system apps that are identified as malware
- Select theSystem app malware detectedcheck box.
- Configure the prompt settings.
- In theEnforcement action for devicedrop-down list, choose one of the following:
- To log information about the compliance issue without taking a compliance action, clickMonitor and log.
- To prevent the user from accessing work resources and apps on the device while it is out of compliance, clickUntrust. Note that this option does not impactBlackBerry Dynamicsapps. Data and apps are not deleted from the device.
- In theEnforcement action for BlackBerry Dynamics appsdrop-down list, choose one of the following options:
- To log information about the compliance issue without taking a compliance action forBlackBerry Dynamicsapps, clickMonitor and log.
- To prevent the user from accessingBlackBerry Dynamicsapps while the device is out of compliance, clickDo not allow BlackBerry Dynamics apps to run.
Configure the actions for non-system apps that are identified as malware- Select theMalicious app package detectedcheck box.
- Configure the prompt settings.
- In theEnforcement action for devicedrop-down list, choose one of the following:
- To log information about the compliance issue without taking a compliance action, clickMonitor and log.
- To prevent the user from accessing work resources and apps on the device while it is out of compliance, clickUntrust. Note that this option does not impactBlackBerry Dynamicsapps. Data and apps are not deleted from the device.
- In theEnforcement action for BlackBerry Dynamics appsdrop-down list, choose one of the following options:
- To log information about the compliance issue without taking a compliance action forBlackBerry Dynamicsapps, clickMonitor and log.
- To prevent the user from accessingBlackBerry Dynamicsapps while the device is out of compliance, clickDo not allow BlackBerry Dynamics apps to run.
- ClickAddorSave.
- Assign the profile to users and groups.
- Optionally, configure event notifications so that when a malware app is detected on a user’s device, administrators receive an email notification that identifies the user and the malware app. If the user removes the malware app from the device, or if the app is no longer considered to be malware (for example, it was added to the approved app list),UEMsends another notification.
- You can view information about compliance violations on the Managed devices screen (filter by compliance violations) or in a user's device details. You can also use the compliance event screen to monitor and track compliance events.