Testing High Risk Activity Detection and Policy Enforcement

If the user's device is determined to be at risk either due to a malicious app or malicious activity, the Harmony Mobile system notifies the user through in-app notifications, and also updates the risk level custom attribute value to the BlackBerry UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. system for that device. BlackBerry UEM receives the risk state change, and upon recognizing the risk level value tied to a Configuration Profile, enacts that policy.

In this example, the administrator blocks an app, for example, HeyWhatsApp. As a result, the user's device is identified to be at High Risk (CHKP_Risk_High) due to the blocked app HeyWhatsApp installed on the device. The Harmony Mobile dashboard notifies the user, and marks the device as High Risk (CHKP_Risk_High) to the BlackBerry UEM system. The BlackBerry UEM system then enforces policy actions specified in the IT policy.

Blocking a Test App

1. Log in to the Harmony Mobile dashboard.

2. Go to Forensics > Application and click for the app you want to block.

3. Select Edit app exception and click the policy you want to modify.

   

   The Application Exceptions section in the Application policy appears.

4. From the Action drop-down list, select Block.

   

5. Click Add.

6. To save the policy changes, click Save.

   

View of a Non-Compliant Device

The device with the blacklisted app must be in one of the User Provisioning Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM. Groups that you created for the Devices At Risk. See Creating User Provisioning Groups

To see the non-compliant device in the Group for Mobile Devices:

• On the BlackBerry UEM console, go to Group > User > Users and open your defined Group for mobile devices("Users_At_Risk").

  The device is displayed.

Note - The data fields are similar for both iOS and Android users. The examples below are applicable for both platforms.

The user is not allowed to use the app until the user removes the blacklisted app, or changes the compliance policy settings.

Harmony Mobile Protect app Notifications

The user receives Harmony Mobile Protect app notifications.

Example:

BlackBerry UEM Agent App Notifications

1. The user will not be able to use the device's camera, as specified in the compliance actions (policy) we created in Creating IT Policies, in our example "High Risk Device Policy" until the user removes the blacklisted app.

2. Your policy will probably block the device's access to corporate networks and data by disabling VPN profiles, connections to email, and/or connecting to the Corporate Wi-Fi, until the issue is remediated.

   Example:

   

Administrator View on the Harmony Mobile Dashboard

On the Harmony Mobile Dashboard the Administrator can see the devices at High Risk.

1. On the Harmony Mobile Dashboard, go to Forensics

   A list of the Devices at Risk is displayed in the Device Risk section.

2. Select the specified device on the left-side list.

   You can see that the blacklisted app causes the High Risk state.

   Example:

   

Administrator View on the BlackBerry UEM Console

On the BlackBerry UEM Console:

• Go to Groups > User > Users view.

  You can see the device is now a member of the "CHKP_Risk_High" group and indirectly a member of the "Users_At_Risk" group, and that the IT policy "High Risk Device Policy" has been assigned.

  Example: