The Mobile Malware Protection policy allows you to block users from downloading apps that are potentially malicious or that can cause data leakage. To learn more, see Understanding Mobile Malware Protection.

The default Mobile Malware Protection policy blocks all categories. To learn more, see Recommended Mobile Malware Protection Policy.

To configure the Mobile Malware Protection policy:

1. Go to Policies > Cybersecurity > Inline Security > Mobile Malware Protection.
2. Choose to Allow or Block each of the categories:
   • Malicious Activity: Blocks apps that are known to be malicious, compromised, or perform activities unknown to, or hidden from, the user. Examples include:
     • Known malware (e.g., signature, hash, or YARA rule)
     • Communication with malicious websites or command and control (C2) infrastructure
     • Performing device or personal information collection and harvesting (e.g., phone number, SMS messages, email address, or location coordinates)
     • Performing suspicious actions or displaying suspicious behavioral indicators
   • Known Vulnerability: Blocks apps which contain vulnerabilities or which are using insecure features, modules or protocols. Examples include:
     • Common vulnerabilities and exposures (CVEs)
     • Use of insecure operations or features, such as vulnerable version of SSL/TLS
   • Unencrypted User Credentials: Blocks an application from leaking a user's credentials in an unencrypted format (e.g., a username and password sent in clear text).
   • Location Information: Blocks an application from leaking device location details via communication in an unencrypted format or for an unknown purpose.
   • Personally Identifiable Information: Blocks an application from leaking a user's personally identifiable information (PII) via communication in an unencrypted format or for an unknown purpose.
   • Device Identifiers: Blocks an application from leaking device identifiers via communication in an unencrypted format or for an unknown purpose.
   • Communication with Ad Servers: Blocks an application from communicating with known ad servers.
   • Communication with Unknown Servers: Blocks an application from communicating with unknown servers (e.g., servers not normally or historically associated with the application).
3. Click Save and activate the change.