Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro

241

242

243

244

245

246

247

248

249

250

Manage Policies

234

Manage Enterprise Advanced Threats - Cylance Score and Threat Model Updates

A Cylance score is assigned to each file that is deemed Abnormal or Unsafe. The score represents the

confidence level that the file is malware. The higher the number, the greater the confidence.

Threat Model Updates

The predictive threat model used to protect devices receives periodic updates to improve detection rates.

Two columns on the Protection page in the Remote Management Console show how a new threat model

affects your organization. Display and compare the Production Status and New Status columns to see which

files on devices might be impacted by a model change.

To view the Production Status and New Status columns:

1. In the left pane, click Populations > Enterprise.

2. Select the Advanced Threats tab.

3. Click the Protection tab.

4. Click the down-arrow on a column header in the table.

5. Hover over Columns.

6. Select the Production Status and New Status columns.

Production Status - Displays the current model status (Safe, Abnormal or Unsafe) for the file.

New Status - Displays the model status for the file in the new model.

For example, a file that was considered Safe in the current model might change to Unsafe in the new model.

If your organization needs that file, you can add it to the Safe list. A file that has never been seen or score

by the current model might be considered Unsafe by the new model. If your organization needs that file, you

can add it to the Safe list.

Only files found on device in your organization and that have a change in its Cylance Score are

displayed. Some files might have a Score change but still remain within its current Status. For example, if

the Cylance Score for a file goes from 10 to 20, the file status may remain Abnormal and the file will appear

in the updated model list (if this file exists on devices in your organization).

The information for the model comparison comes from the database, not your devices. So no re-analysis is

done for the model comparison. However, when a new model is available and the proper Agent is installed, a

re-analysis is done on your organization and any model changes are applied.

Compare Current Model with New Model

You can now review differences between the current model and the new model.

The two scenarios you should be aware of are:

Production Status = Safe, New Status = Abnormal or Unsafe

• Your Organization considers the file as Safe

• Your Organization has Abnormal and/or Unsafe set to Auto-Quarantine

Production Status = Null (not seen or scored), New Status = Abnormal or Unsafe

• Your Organization considers the file as Safe

• Your Organization has Abnormal and/or Unsafe set to Auto-Quarantine

In the above scenarios, the recommendation is to Safelist the files you want to allow in your organization.