Configure and test memory protection Skip Navigation

Configure and test memory protection

CylancePROTECT Desktop
3.x introduces various memory protection enhancements and increased visibility into the activity of the applications and processes on a device. In some situations, applications perform operations that could be considered malicious, but are performed for legitimate purposes.
BlackBerry
recommends following the steps and best practices below to ensure the proper tuning of the
CylancePROTECT Desktop
3.x agent before you deploy it to your production environment. For more information about memory protection violation types, see Memory Protection in the
Cylance Endpoint Security
setup content.
  1. In the management console, on the menu bar, click
    Policies > Device Policy
    .
  2. Click the device policy for your test devices.
  3. On the
    Memory Actions
    tab, select the
    Memory Protection
    check box.
  4. In the
    Violation Type
    table, expand
    Exploitation
    ,
    Process Injection
    , and
    Escalation
    . For all violation types listed under
    Available for Agent Version 2.1.1580 and higher
    and
    Available for CylancePROTECT 3.0 and higher
    , select the
    ALERT
    action.
  5. Save the device policy.
  6. Run
    CylancePROTECT Desktop
    3.x on your test devices and review alerts to determine the risk of these exploits within your environment. If any of these alerts are low risk and will cause business impact, you can add targeted memory protection exclusions. For instructions and guidance, see Memory Protection.
After you review alerts and add the necessary exclusions, you can change the violation type actions in the device policy as necessary (for example, Block or Terminate).