CylanceAVERT release notes Skip Navigation

CylanceAVERT
release notes

What's new in
CylanceAVERT
1.2 (April 2023)

Feature
Description
Support for keyword dictionary
You can now upload a keyword dictionary when creating a data type in this release of
CylanceAVERT
. A keyword dictionary is a text file that contains all of the keywords for an information protection data type. All keywords in a keyword dictionary must be entered on a separate line in the text file. For more information, see Add a data type in the setup guide.
Alerts view integration
CylanceAVERT
alerts can now be surfaced in the Alerts view of the
Cylance Endpoint Security
console. For more information, see View and manage aggregated alerts in the administration guide.
CylanceAVERT
policy enhancements
You can now view if an assigned user policy has been applied to that user and their devices by selecting the user in the
Cylance Endpoint Security
console. For more information, see View CylanceAVERT user details in the Administration guide.
Data collection enhancements
Non-ASCII filenames are now valid in evidence upload headers.
Dashboard enhancements
You can now select the
CylanceAVERT
custom dashboard when you are adding a new dashboard. The
CylanceAVERT
custom dashboard includes all of the supported
CylanceAVERT
widgets.
This release adds the "Evidence Locker files by date added" dashboard widget.
Support for partially analyzed files
This release adds the following support for partially analyzed files:
  • You can use the Partially Analyzed Files view to view a list of files that have been partially analyzed and no sensitive information was detected. The file will display in this view with an alert stating that the file was only partially analyzed.
  • If a file is partially analyzed and sensitive information is detected, it will be treated the same as a fully analyzed file and will display in the File Inventory, Events view, and Evidence Locker. However, an icon displays beside the file in the tables and detailed views with an alert stating that the file was only partially analyzed.
File inventory enhancements
You can now group files in the file inventory based on the following parameters:
  • Group by users
  • Group by devices
  • Group by data types
Using these group parameters will display the users, devices, or data types name as well as the number of sensitive files associated with that group in the file inventory. This list is sorted by the number of sensitive files in descending order. You can click on the users, devices, or data types name to view detailed information about the sensitive files.

What's new in
CylanceAVERT
1.0 (Janurary 2023)

Feature
Description
Sensitive data scanning
CylanceAVERT
can scan files uploaded to USB drives, internet browsers, and email attachments, as well as scan the body content of an email message for company data that the administrator defined as sensitive in the information protection policies. An email notification will be sent for data exfiltration events.
Information protection policies
Administrators can specify the conditions that must be met to trigger the policy violation, the allowed domains for the policy, and the actions to take when a policy has been violated. See Information Protection in the BlackBerry Avert Administration and Overview Guide for more information.
CylanceAVERT
events
When the conditions are met to trigger a policy violation, information about that data exfiltration event display in the
CylanceAVERT
events view. The events view shows detailed information about the event including the data and time of the event, the location that the file was exfiltrated to, the number of policies that were violated, and the user of the device where the event occurred. See BlackBerry Avert Events in the BlackBerry Avert Administration and Overview guide for more information.
Information protection settings
Administrators can use the information protection settings to configure the sensitive data that they want to monitor for by adding templates and data types to use in an information protection policy. Administrators can also define the browser and email domains that will be allowed and trusted, manage the evidence that they want to collect for data exfiltration events, and specify how long the evidence should be available. Specified email addresses can also be sent notifications of data exfiltration events. See Information protection settings in the BlackBerry Avert Administration and Overview guide for more information.
File inventory
The
CylanceAVERT
file inventory creates a record of all the sensitive files in an organization through a file trawling process. See View the file Inventory to identify sensitive files in the Cylance Endpoint Security Administration Guide for more information.
Evidence locker
Administrators can use the evidence locker to view details of the files that have been involved in exfiltration events and download the files to their local storage for auditing purposes. See Use the evidence locker to view exfiltration event details in the Cylance Endpoint Security Administration Guide for more information.