Skip Navigation

Key features of
CylancePROTECT Mobile

Feature
Description
Malware detection for
Android
devices
The
CylancePROTECT Mobile
app can detect malware on an
Android
device and direct the user to uninstall malicious apps. The
CylancePROTECT Mobile
app scans the apps on a user’s device and uploads the app files to the
CylancePROTECT
cloud services, which use AI and machine learning to analyze the app package and produce a confidence score that it returns to the
CylancePROTECT Mobile
app. The confidence score determines whether the scanned app is safe or potentially malicious.
When the
CylancePROTECT
services determine that an app is potentially malicious, the app notifies the user and provides further details. The user can tap a fix option in the app to navigate to the device settings and uninstall the malicious app.
An app is uploaded to the
CylancePROTECT
services if it has a hash that the services have not processed previously. If the device scan finds an app that has been analyzed previously, it uses the confidence score that the
CylancePROTECT
services have already generated for that unique app hash. Whenever an app has a new hash (for example, for a new version) the app is uploaded to the
CylancePROTECT
services for analysis and scoring (if it has not already been uploaded from another device).
Sideload detection for
iOS
and
Android
devices
Sideloaded apps don’t follow the same restrictions or protections as apps distributed through official app stores. The
CylancePROTECT Mobile
app can detect the presence of a sideloaded app on a user’s device, alert the user, and guide the user to uninstall it.
On
iOS
, the
CylancePROTECT Mobile
app can detect only sideloaded app developer certificates that the user has chosen to trust in the device settings. A user can't use a sideloaded app unless the app developer certificate has been trusted.
On
Android
, the
CylancePROTECT Mobile
app identifies sideloaded apps based on the installation source. The
CylancePROTECT
cloud services and the
CylancePROTECT Mobile
app consider official app sources, such as
Google Play
, the
Amazon Appstore
, and the
Samsung Galaxy
Store, to be trusted. Apps that were installed from untrusted sources are considered sideloaded.
Sideload detection is not supported for
iOS
17.5 and later.
Scanning URLs in SMS text messages on
iOS
devices
CylancePROTECT Mobile
can warn users of potentially malicious URLs in SMS text messages.
New incoming text messages from known contacts are automatically considered to be safe and only messages from unknown senders are scanned and assessed. When a user receives an SMS text message that contains a URL, the
CylancePROTECT Mobile
app sends the entire message to the
CylancePROTECT
cloud services in real time. The
CylancePROTECT
services use advanced machine-learning capabilities and accumulated knowledge from threat intelligence feeds to provide an instant assessment of the safety of the message. When an unsafe URL in a text message is detected, the message is filtered to the junk folder.
To protect user privacy, only messages that contain URLs are assessed. No additional metadata or user identifiers are collected or stored.
Scanning URLs in SMS text messages on
Android
devices
CylancePROTECT Mobile
can warn users of potentially malicious URLs in SMS text messages.
When a user receives an SMS text message that contains a URL, the unaltered URL is sent to the
CylancePROTECT
cloud services in real time. SMS scanning is limited to the default SMS app on the device. New incoming text messages from known contacts and unknown senders are scanned and assessed.
The
CylancePROTECT
services use advanced machine-learning capabilities and accumulated knowledge from threat intelligence feeds to provide an instant assessment of the safety of the URL. If a URL is determined to be unsafe, the
CylancePROTECT Mobile
app alerts the user, provides details, and guides the user to delete the text message.
To protect user privacy, only messages that contain URLs are assessed. No additional metadata or user identifiers are collected or stored.
Unsafe network and insecure
Wi-Fi
checks
CylancePROTECT Mobile
defends against the following network threats:
  • Unsafe network connections: On
    iOS
    and
    Android
    devices, the
    CylancePROTECT Mobile
    app will periodically try to connect to the
    CylancePROTECT
    cloud services. If the connection is not successful,
    CylancePROTECT Mobile
    determines that the network is not safe.
  • Insecure
    Wi-Fi
    access points: On
    Android
    devices, the
    CylancePROTECT Mobile
    app periodically checks the properties of the current
    Wi-Fi
    access point to determine if it is secure. You can configure which
    Wi-Fi
    access algorithms your organization considers secure and insecure.
When the
CylancePROTECT Mobile
app detects an unsafe network or insecure
Wi-Fi
access point, it is reported in the app and in the management console.
Device security checks
The
CylancePROTECT Mobile
app checks specific device conditions and security settings and notifies the user about potential vulnerabilities to cyber threats. The app checks the following:
  • Whether developer mode is enabled (
    Android
    only)
  • Whether disk encryption is enabled (
    Android
    only)
  • Whether a screen lock is enabled (for example, a password or fingerprint)
  • Whether the device is rooted or jailbroken
  • Whether the device is running an OS version that you do not want to support
  • Whether the device model is one that you do not want to support
If the app detects a vulnerability, it indicates the potential risk level and provides guidance for the user to resolve the issue.
Attestation checks
The
CylancePROTECT
cloud services can regularly perform attestation checks to verify the integrity and security of the
CylancePROTECT Mobile
app on each user’s device.
On
Android
devices, the
CylancePROTECT
cloud services use
Play Integrity
attestation,
SafetyNet
attestation, and hardware certificate attestation to validate the
CylancePROTECT Mobile
app.
Play Integrity
attestation replaces
SafetyNet
attestation. Older versions of the app will continue to support
SafetyNet
attestation until Google removes support. Attestation checks occur daily. You can also enforce a minimum security patch level on devices. If the app detects that the device does not meet the required patch level, it can alert the user to check for updates.
On
iOS
devices, the
CylancePROTECT
cloud services check the integrity of the app using the
Apple
DeviceCheck framework. Integrity checks occur daily.
On
Samsung
devices, the
CylancePROTECT
cloud services can also use
Samsung Knox
Enhanced Attestation in regular intervals to validate the integrity of devices.
Knox
Enhanced Attestation is hardware-based and can detect device tampering, rooting, OEM unlock, and IMEI or serial number falsification, in addition to performing app health checks.
If an attestation failure occurs, administrators can view details in the management console.
Integration with MDM solutions
You can connect
Cylance Endpoint Security
to
Microsoft Intune
so that
Cylance Endpoint Security
can report a device risk level to Intune. The device risk level is calculated based on the detection of mobile threats by the
CylancePROTECT Mobile
app on
Intune
managed devices.
Intune
can execute mitigation actions based on the device risk level.
Usability features of the
CylancePROTECT Mobile
app
For each feature that you choose to enable in the
CylancePROTECT Mobile
app, you can choose to notify users of threats using device notifications, email messages, or no notifications (users can view threat alerts in the
CylancePROTECT Mobile
app).
The
CylancePROTECT Mobile
app for
Android
version 2.3.0.1640 and later notifies the user when a new version of the app is available in
Google Play
. After 30 days, the app will download the update automatically and prompt the user to complete the update and restart the app. After 60 days, the user cannot use the app until they respond to the upgrade prompt.
The
CylancePROTECT Mobile
app for
iOS
supports automatic updates from the
App Store
.