Create a CylancePROTECT Mobile policy
You create and assign a
CylancePROTECT Mobilepolicy to users and groups to enable the service and control which features you want to use.
- In the management console, on the menu bar, clickPolicies > User Policy.
- On theProtect Mobiletab, clickAdd Policy.
- Type a name and description for the policy.
- In theNotificationssection, you can specify the count and interval of the notifications that theCylancePROTECT Mobileapp provides to the user when it detects a threat. You specify the type of notification (device, email, or no notification) in theDevice Settingssection (step 6).
- In theData privacysection, if you want to obfuscate certain pieces of information when theCylancePROTECT Mobileapp reports a threat so that the information cannot be stored and displayed in the management console in plain text, turn onData privacy, then select the fields that you want to obfuscate.
- In theDevice Settingssection, clickAndroidoriOSand turn on the features that you want to use. For more information about theCylancePROTECT Mobilefeatures, see Key features of CylancePROTECT Mobile.
FeaturePlatformAdditional stepsMalicious appsAndroid
- For each feature that you enable, select the appropriate check box to enable or disable device notifications and email notifications. If you turn off device and email notifications, the user must open theCylancePROTECT Mobileapp to view alerts.
- If you enable any of the following features, complete these additional steps:
Unsupported device modelAndroidiOSClickEditand select the device models that you want to restrict.Unsupported OSAndroidiOSAdd the available OS versions to the supported and unsupported lists based on your organization's security standards.SafetyNet attestation failureAndroidIf you want to enable Compatibility Test Suite matching for theCylancePROTECT Mobileapp, turn onEnable CTS profile matching.Hardware attestation failureAndroid
- To exempt apps on the safe list from malware scanning, turn onAlways allow apps in the safe app list.
- To automatically block apps on the unsafe list, turn onAlways block apps in the restricted app list.
- If you want to scan system apps that are preinstalled in the system partition on the device, turn onScan system apps.
- If you want to enable the upload of apps to theCylancePROTECT Mobileservices over aWi-Ficonnection, turn onUpload app packages for safety check over a Wi-Fi connection. Specify, in MB, the maximum size of an app that can be uploaded overWi-Fi, and the maximum size of all apps that can be uploaded in a month (30 days). If either maximum is exceeded, the upload does not occur and an error is added to the device log.
- If you want to enable the upload of apps to theCylancePROTECT Mobileservices over a mobile network, turn onUpload app packages for safety check over a mobile network connection. Specify, in MB, the maximum size of an app that can be uploaded over a mobile network, and the maximum size of all apps that can be uploaded in a month (30 days). If either maximum is exceeded, the upload does not occur and an error is added to the device log.
InsecureWi-FiAndroidAdd the availableWi-Fiaccess algorithms to the safe and unsafe lists based on your organization's security standards.Unsafe messageAndroidiOS
- In theMinimum security level requireddrop-down list, click the appropriate level. For more information, see SecurityLevel on the Android Developers site.
- If you want to enforce a minimum security patch level on devices, turn onSecurity patch level. Add the appropriate device models and specify the security patch date.
- In theScanning optiondrop-down list, select one of the following:
- If you want to send messages to theCylancePROTECT Mobileservices to determine if they are safe, clickCloud scanning.
- If you want to use only the local machine learning models of theCylancePROTECT Mobileapp to identify unsafe URLs, clickOn-device scanning.
- If you want to disable URL scanning, clickNo scanning.
- ForAndroiddevices, in theStart scanning offsetfield, specify, in hours, the age of text messages that are eligible for scanning. If you specify 0, only new messages are eligible for scanning.
- If necessary, rank policies.
- Create and assign an enrollment policy to users. After users are assigned an enrollment policy, they receive an email with instructions to download and activate theCylancePROTECT Mobileapp. For more information, see the Cylance Endpoint Security User Guide.
- InstructAndroidusers to allow background activity for theCylancePROTECT Mobileapp after it is installed.