Configuring a new Cylance Endpoint Security tenant
- Default configuration settings for a new Cylance Endpoint Security tenant
- Export, import, or reset the configuration of a Cylance Endpoint Security tenant
Cylance Endpoint Security requirements
Accessing the management console and configuring authentication
Setting up administrators
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
Using RMM solutions to install the Cylance agents on devices
- Use Datto RMM to install or remove the Cylance agents
- Use Kaseya VSA 10 to install or remove the Cylance agents
Installing the BlackBerry Connectivity Node
Linking to your company directory
Adding users and devices
Setting up CylancePROTECT Mobile
Setting up CylanceGATEWAY
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up CylanceAVERT
Connecting Cylance Endpoint Security to external services
- Integrating Cylance Endpoint Security with Okta
  - Prerequisites for adding an Okta connector
  - Add and configure an Okta connector
- Integrating Cylance Endpoint Security with Mimecast
  - Prerequisites for adding a Mimecast connector
  - Add and configure a Mimecast connector

Create a
CylancePROTECT Mobile
policy

You create and assign a

CylancePROTECT Mobile

policy to users and groups to enable the service and control which features you want to use.

You can configure risk assessment settings in the policy to maps the alerts that are detected by the

CylancePROTECT Mobile

app to risk levels (for example, you can specify that compromised devices should be treated as high risk). The risk levels of the alerts are used to determine a mobile device's overall risk level. You can view the device risk level in the management console (Assets > Mobile Devices and in the device details). Note that there is no default configuration of the risk assessment settings.

If you integrate Cylance Endpoint Security with Microsoft Intune,

Cylance Endpoint Security

will periodically send the overall risk level of a mobile device to

Intune

. You can use

Intune

to configure mitigation actions for device risk levels.

Add CylancePROTECT Mobile app and CylanceGATEWAY users.

In the management console, on the menu bar, click

Policies > User Policy

On the

Protect Mobile

tab, click

Add Policy

Type a name and description for the policy.

In the

Notifications

section, you can specify the count and interval of the notifications that the

CylancePROTECT Mobile

app provides to the user when it detects a threat. You specify the type of notification (device, email, or no notification) in the

Device Settings

section (step 6).

In the

Data privacy

section, if you want to obfuscate certain pieces of information when the

CylancePROTECT Mobile

app reports a threat so that the information cannot be stored and displayed in the management console in plain text, turn on

Data privacy

, then select the fields that you want to obfuscate.

In the

Device Settings

section, click

Android

iOS

and turn on the features that you want to use. For more information about the

CylancePROTECT Mobile

features, see Key features of CylancePROTECT Mobile. Note that sideload detection is not supported for

iOS

17.5 and later.

For each feature that you enable, select the appropriate check box to enable or disable device notifications and email notifications. If you turn off device and email notifications, the user must open the

CylancePROTECT Mobile

app to view alerts.

If you enable any of the following features, complete these additional steps:

Feature	Platform	Additional steps
Malicious apps	Android	To exempt apps on the safe list from malware scanning, turn on Always allow apps in the safe app list . To automatically block apps on the unsafe list, turn on Always block apps in the restricted app list . If you want to scan system apps that are preinstalled in the system partition on the device, turn on Scan system apps . If you want to enable the upload of apps to the CylancePROTECT Mobile services over a Wi-Fi connection, turn on Upload app packages for safety check over a Wi-Fi connection . Specify, in MB, the maximum size of an app that can be uploaded over Wi-Fi , and the maximum size of all apps that can be uploaded in a month (30 days). If either maximum is exceeded, the upload does not occur and an error is added to the device log. If you want to enable the upload of apps to the CylancePROTECT Mobile services over a mobile network, turn on Upload app packages for safety check over a mobile network connection . Specify, in MB, the maximum size of an app that can be uploaded over a mobile network, and the maximum size of all apps that can be uploaded in a month (30 days). If either maximum is exceeded, the upload does not occur and an error is added to the device log.
Unsupported device model	Android iOS	Click Edit and select the device models that you want to restrict.
Unsupported OS	Android iOS	Add the available OS versions to the supported and unsupported lists based on your organization's security standards.
SafetyNet or Play Integrity attestation failure	Android	If you want to enable Compatibility Test Suite matching for the CylancePROTECT Mobile app, turn on Enable CTS profile matching .
Hardware attestation failure	Android	In the Minimum security level required drop-down list, click the appropriate level. For more information, see SecurityLevel on the Android Developers site. If you want to enforce a minimum security patch level on devices, turn on Security patch level . Add the appropriate device models and specify the security patch date.
Insecure Wi-Fi	Android	Add the available Wi-Fi access algorithms to the safe and unsafe lists based on your organization's security standards.
Unsafe message	Android iOS	In the Scanning option drop-down list, select one of the following: If you want to send messages to the CylancePROTECT Mobile services to determine if they are safe, click Cloud scanning . If you want to use only the local machine learning models of the CylancePROTECT Mobile app to identify unsafe URLs, click On-device scanning . If you want to disable URL scanning, click No scanning . For Android devices, in the Start scanning offset field, specify, in hours, the age of text messages that are eligible for scanning. If you specify 0, only new messages are eligible for scanning.

If you want to configure risk assessment settings for

CylancePROTECT Mobile

alerts, do the following:

In the

Risk Assessment

section, click

Add Detections

Drag and drop the detections to the risk level that you want to apply to them. For information about the detections, see Key features of CylancePROTECT Mobile.

Click

Save

Assign the policy to users and groups.

If necessary, rank policies.

Create and assign an enrollment policy to users. After users are assigned an enrollment policy, they receive an email with instructions to download and activate the

CylancePROTECT Mobile

app. For more information, see the Cylance Endpoint Security User Guide.

Instruct users to enable JavaScript in their default mobile browser (the

CylancePROTECT Mobile

app supports

Google Chrome

Samsung

Internet, and

Safari

). This is required to activate the

CylancePROTECT Mobile

app.

Instruct

Android

users to allow background activity for the

CylancePROTECT Mobile

app after it is installed.

Section:

Setting up CylancePROTECT Mobile

Create a CylancePROTECT Mobile policy

Create a
CylancePROTECT Mobile
policy