Skip Navigation

CylancePROTECT Mobile
alerts

This option is visible only if
CylancePROTECT Mobile
is enabled. When this option is turned on, the mobile alerts that are detected by the CylancePROTECT Mobile app on users’ devices are sent to your organization’s syslog server.
Field
Value
Description
Alert Id
[varies]
This is the unique ID associated with the mobile alert.
Alert Name
maliciousApplication: [app name]
This is the name of the malicious app that the
CylancePROTECT Mobile
app detected.
sideLoadedApplication for
Android
: [app name]
This is the name of the sideloaded app that the
CylancePROTECT Mobile
app detected.
sideLoadedApplication for
iOS
: [signing ID]
This is the signing ID of the sideloaded app that the
CylancePROTECT Mobile
app detected.
jailbrokenOrRooted for
Android
: Rooted
The
CylancePROTECT Mobile
app detected that the device is rooted.
jailbrokenOrRooted for
iOS
: Jailbroken
The
CylancePROTECT Mobile
app detected that the device is jailbroken.
deviceEncryption: Encryption disabled
The
CylancePROTECT Mobile
app detected that encryption is not enabled on the device.
deviceScreenlock: Screenlock disabled
The
CylancePROTECT Mobile
app detected that a screen lock is not enabled on the device.
iOsIntegrityFailure: iOS App Integrity Check
The
CylancePROTECT Mobile
app failed an integrity check.
androidSafetyNetFailure: Android SafetyNet
The
CylancePROTECT Mobile
app failed a SafetyNet attestation check.
androidHWFailure: Android Hardware
The
CylancePROTECT Mobile
app failed hardware certificate attestation.
unsupportedSecurityPatch: [patch version] OR Untrusted (attestation certificate verification failed) OR Unknown (attestation info is missing)
The version of the unsupported security patch that the
CylancePROTECT Mobile
app detected.
unsupportedOS: [OS name], [OS version]
The name and version of the supported OS that the
CylancePROTECT Mobile
app detected.
unsupportedModel: [model name]
The name of the unsupported device model that the
CylancePROTECT Mobile
app detected.
unsafeMessage: Malicious SMS OR Feature disabled by user
The
CylancePROTECT Mobile
app detected a text message with a potentially unsafe URL.
compromisedNetwork: [Network_type]
The type of the potentially unsafe network that the
CylancePROTECT Mobile
app detected.
insecureWiFi: [SSID] OR Feature disabled by user
The SSID of the potentially insecure
Wi-Fi
access point that the
CylancePROTECT Mobile
app detected.
androidKnoxFailure: Android KNOX Attestation OR Feature disabled by user
Using
Samsung Knox
Enhanced Attestation,
CylancePROTECT Mobile
has identified a potential security issue with the user's device.
developerMode: Developer mode is enabled
The
CylancePROTECT Mobile
app detected that developer mode is enabled on the user's device.
Alert Status
New
The mobile alert is not yet resolved.
Resolved
The mobile alert is resolved.
Alert Type
maliciousApplication
The
CylancePROTECT Mobile
app detected a malicious app.
sideLoadedApplication
The
CylancePROTECT Mobile
app detected a sideloaded app.
jailbrokenOrRooted
The
CylancePROTECT Mobile
app detected that the device is jailbroken or rooted.
deviceEncryption
The
CylancePROTECT Mobile
app detected that encryption is not enabled on the device.
deviceScreenlock
The
CylancePROTECT Mobile
app detected that a screen lock is not enabled on the device.
iOsIntegrityFailure
The
CylancePROTECT Mobile
app failed an integrity check.
androidSafetyNetFailure
The
CylancePROTECT Mobile
app failed a SafetyNet attestation check.
androidHWFailure
The
CylancePROTECT Mobile
app failed hardware certificate attestation.
unsupportedSecurityPatch
Based on the administrator configuration of the
CylancePROTECT Mobile
policy, the
CylancePROTECT Mobile
app detected an unsupported security patch.
unsupportedOS
Based on the administrator configuration of the
CylancePROTECT Mobile
policy, the
CylancePROTECT Mobile
app detected that the device has an unsupported OS.
unsupportedModel
Based on the administrator configuration of the
CylancePROTECT Mobile
policy, the
CylancePROTECT Mobile
app detected that the device is an unsupported model.
unsafeMessage
The
CylancePROTECT Mobile
app detected a text message with a potentially unsafe URL.
compromisedNetwork
The
CylancePROTECT Mobile
app detected a potentially unsafe network.
insecureWiFi
The
CylancePROTECT Mobile
app detected a potentially insecure
Wi-Fi
access point.
androidKnoxFailure
Using
Samsung Knox
Enhanced Attestation,
CylancePROTECT Mobile
has identified a potential security issue with the user's device.
developerMode
The
CylancePROTECT Mobile
app detected that developer mode is enabled on the user's device.
Application Sha256
[SHA256 hash]
This is the SHA256 hash of a malicious or sideloaded
Android
app that the
CylancePROTECT Mobile
app detected.
Application Name
[app name]
This is the name of a malicious or sideloaded
Android
app that the
CylancePROTECT Mobile
app detected.
Attestation Rule Failure
[attestation rules]
These are the rules that failed when an attestation check occurred for the
CylancePROTECT Mobile
app.
Attestation State
[attestation state]
This is the attestation state of the
CylancePROTECT Mobile
app.
Attestation SubType
[attestation sub-type]
This is the sub-type of the attestation check for the
CylancePROTECT Mobile
app.
Attestation Type
[attestation type]
This is the type of the attestation check for the
CylancePROTECT Mobile
app.
Description
maliciousApplication: [package name], [package version], [SHA256 hash]
These are the details of the malicious app that was detected.
sideLoadedApplication for
Android
: [package name], [package version], [installer source], [SHA256 hash]
These are the details of the sideloaded app that was detected.
sideLoadedApplication for
iOS
: empty string
This field is not supported for
iOS
.
jailbrokenOrRooted: [OS name], [OS version]
This is the OS name and version of the jailbroken or rooted device.
deviceEncryption: [OS name], [OS version]
This is the OS name and version of the device that does not have encryption enabled.
deviceScreenlock: [OS name], [OS version]
This is the OS name and version of the device that does not have a screen lock enabled.
iOsIntegrityFailure: [attestation type], [attestation state]
These are the details of the failed
iOS
integrity check.
androidSafetyNetFailure: [attestation type]
These are the details of the failed SafetyNet attestation check.
androidHWFailure: [attestation type], [attestation state], [rule failure]
These are the details of the failed hardware certificate attestation.
unsupportedOS: [OS name], [OS version]
This is the OS name and version of the device with an unsupported OS.
unsafeMessage: [list of URLs]
The list of potentially unsafe URLs that were detected.
compromisedNetwork: [SSID]
The SSID of the potentially unsafe network.
insecureWiFi: [
Wi-Fi
access algorithms]
The
Wi-Fi
access algorithms of the potentially insecure access point.
androidKnoxFailure: Knox, Device Failure
Using
Samsung Knox
Enhanced Attestation,
CylancePROTECT Mobile
has identified a potential security issue with the user's device.
developerMode: [OS name], [OS version]
The name and version of the device OS on which developer mode has been detected.
Detected
[varies]
This is the date and time the alert was detected.
Device Id
[varies]
This is the unique ID of the user’s device.
Device Model
[model]
This is the model of the user's mobile device.
Device Name
[varies]
This is the name of the user’s mobile device.
Event Type
MobileAlert
This is the defined event type for mobile alerts.
Event Name
ProtectMobileAlert
This is the defined event name for mobile alerts.
First Name
[varies]
This is the first name of the device user.
Installer Source
[package name]
This is the package name of a sideloaded
Android
app that the
CylancePROTECT Mobile
app detected.
Last Name
[varies]
This is the last name of the device user.
Malicious URLs
[URLs]
This is the list of potentially unsafe URLs detected in a text message.
Network Type
[network type]
This is the type of a potentially unsafe network.
Os Name
[OS name]
This is the OS of the device.
Os Version
[OS version]
This is the device's OS version.
Package Name
[package name]
This is the package name of a malicious or sideloaded
Android
app that the
CylancePROTECT Mobile
app detected.
Package Version
[package version]
This is the package version of a malicious or sideloaded
Android
app that the
CylancePROTECT Mobile
app detected.
Signing Identity
[signing ID]
This is the signing ID of a sideloaded
iOS
app that the
CylancePROTECT Mobile
app detected.
Signing Identity Sha256
[signing ID hash]
This is the signing ID hash of a sideloaded
iOS
app that the
CylancePROTECT Mobile
app detected.
Ssid
[SSID]
This is the SSID of a potentially unsafe network.
Example syslog message
May 31 17:34:04 sysloghost CylancePROTECT Event Type: MobileAlert, Event Name: ProtectMobileAlert, Alert Type: sideLoadedApplication, Alert Name: Protect, Description: com.blackberry.protect, 1.4.397 (Installer Source: com.google.android.packageinstaller), 1234ABCD5678EFGH1234ABCD5678EFGH1234ABCD5678EFGH1234ABCD5678EFGH, Detected: 5/31/2021 2:32:12 PM, Alert Status: New, Device Name: Galaxy S9 SM-G960F, First Name: John, Last Name: Smith, Device Id: 1abc2345-67d8-9123-45ef-g45hi67j8kl9, Alert Id: a1b23456-789c-12d3-e45f-g6h7i8jk9123, Application Sha245: 1234ABCD5678EFGH1234ABCD5678EFGH1234ABCD5678EFGH1234ABCD5678EFGH, Application Name: Protect, Installer Source: com.google.android.packageinstaller, Package Name: com.blackberry.protect, Package Version: 1.4.397