Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Setup
  4. Cylance Endpoint Security Setup Guide
  5. Setting up CylancePROTECT Mobile
  6. Create a CylancePROTECT Mobile policy

Create a
CylancePROTECT Mobile
 policy

You create and assign a
CylancePROTECT Mobile
 policy to users and groups to enable the service and control which features you want to use.
  1. In the management console, on the menu bar, click
    Policies > User Policy
    .
  2. On the
    Protect Mobile
     tab, click
    Add Policy
    .
  3. Type a name and description for the policy.
  4. In the
    Notifications
     section, you can specify the count and interval of the notifications that the
    CylancePROTECT Mobile
     app provides to the user when it detects a threat. You specify the type of notification (device, email, or no notification) in the
    Device Settings
     section (step 6).
  5. In the
    Data privacy
     section, if you want to obfuscate certain pieces of information when the
    CylancePROTECT Mobile
     app reports a threat so that the information cannot be stored and displayed in the management console in plain text, turn on
    Data privacy
    , then select the fields that you want to obfuscate.
  6. In the
    Device Settings
     section, click
    Android
     or
    iOS
     and turn on the features that you want to use. For more information about the
    CylancePROTECT Mobile
     features, see Key features of CylancePROTECT Mobile.
    1. For each feature that you enable, select the appropriate check box to enable or disable device notifications and email notifications. If you turn off device and email notifications, the user must open the
      CylancePROTECT Mobile
       app to view alerts.
    2. If you enable any of the following features, complete these additional steps:
    Feature
    Platform
    Additional steps
    Malicious apps
    Android
    1. To exempt apps on the safe list from malware scanning, turn on
      Always allow apps in the safe app list
      .
    2. To automatically block apps on the unsafe list, turn on
      Always block apps in the restricted app list
      .
    3. If you want to scan system apps that are preinstalled in the system partition on the device, turn on
      Scan system apps
      .
    4. If you want to enable the upload of apps to the
      CylancePROTECT Mobile
       services over a
      Wi-Fi
       connection, turn on
      Upload app packages for safety check over a Wi-Fi connection
      . Specify, in MB, the maximum size of an app that can be uploaded over
      Wi-Fi
      , and the maximum size of all apps that can be uploaded in a month (30 days). If either maximum is exceeded, the upload does not occur and an error is added to the device log.
    5. If you want to enable the upload of apps to the
      CylancePROTECT Mobile
       services over a mobile network, turn on
      Upload app packages for safety check over a mobile network connection
      . Specify, in MB, the maximum size of an app that can be uploaded over a mobile network, and the maximum size of all apps that can be uploaded in a month (30 days). If either maximum is exceeded, the upload does not occur and an error is added to the device log.
    Unsupported device model
    Android
    iOS
    Click
    Edit
     and select the device models that you want to restrict.
    Unsupported OS
    Android
    iOS
    Add the available OS versions to the supported and unsupported lists based on your organization's security standards.
    SafetyNet
     or
    Play Integrity
     attestation failure
    Android
    If you want to enable Compatibility Test Suite matching for the
    CylancePROTECT Mobile
     app, turn on
    Enable CTS profile matching
    .
    Hardware attestation failure
    Android
    1. In the
      Minimum security level required
       drop-down list, click the appropriate level. For more information, see SecurityLevel on the Android Developers site.
    2. If you want to enforce a minimum security patch level on devices, turn on
      Security patch level
      . Add the appropriate device models and specify the security patch date.
    Insecure
    Wi-Fi
    Android
    Add the available
    Wi-Fi
     access algorithms to the safe and unsafe lists based on your organization's security standards.
    Unsafe message
    Android
    iOS
    1. In the
      Scanning option
       drop-down list, select one of the following:
      • If you want to send messages to the
        CylancePROTECT Mobile
         services to determine if they are safe, click
        Cloud scanning
        .
      • If you want to use only the local machine learning models of the
        CylancePROTECT Mobile
         app to identify unsafe URLs, click
        On-device scanning
        .
      • If you want to disable URL scanning, click
        No scanning
        .
    2. For
      Android
       devices, in the
      Start scanning offset
       field, specify, in hours, the age of text messages that are eligible for scanning. If you specify 0, only new messages are eligible for scanning.
  7. Click
    Add
    .
  • If necessary, rank policies.
  • Create and assign an enrollment policy to users. After users are assigned an enrollment policy, they receive an email with instructions to download and activate the
    CylancePROTECT Mobile
     app. For more information, see the Cylance Endpoint Security User Guide.
    • Instruct users to enable JavaScript in their default mobile browser (the
      CylancePROTECT Mobile
       app supports
      Google Chrome
      ,
      Samsung
       Internet, and
      Safari
      ). This is required to activate the
      CylancePROTECT Mobile
       app.
    • Instruct
      Android
       users to allow background activity for the
      CylancePROTECT Mobile
       app after it is installed.
  • Optionally, create a risk assessment policy. If you don't create and assign a custom risk assessment policy, a default risk assessment policy is applied to users in your tenant.