Testing High Risk Activity Detection and Policy Enforcement

If the user’s device is determined to be at risk either due to a malicious app or malicious activity, the Harmony Mobile system notifies the user via in-app notifications as well as updates the risk state by setting the device as a member of a CHKP_Risk group in Samsung Knox Manage system.

Samsung Knox Manage recognizing the set of group membership and the device is being tied to Policies/Actions, enacts those policies/actions.

In the following example, the administrator blocks an app, for example HeyWhatsApp. As a result, all devices with HeyWhatsApp installed will be identified to be at High Risk (CHKP_Risk = High) due to the blocked app being installed on the device. The Harmony Mobile dashboard notifies the user, and marks the device with CHKP_Risk to High to the Samsung Knox Manage system. The Samsung Knox Manage system then enforces policy actions specified in the policies/actions.

Blocking a Test App

1. Log in to the Harmony Mobile dashboard.

2. Go to Forensics > Application and click for the app you want to block.

3. Select Edit app exception and click the policy you want to modify.

   

   The Application Exceptions section in the Application policy appears.

4. From the Action drop-down list, select Block.

   

5. Click Add.

6. To save the policy changes, click Save.

   

Set Policy Profile in Samsung Knox Manage

1. Log into the Samsung Knox Manage.

2. Go to Profile tab and click on Add.

   

3. Give the profile a name and mark the desired platforms. Click Save & Set Policy

   

4. Under each platform section (Android enterprise/legacy / iOS), look for App Block/App uninstallation, mark as Apply and click Add

   

5. Mark the desired app for block, and click OK

   

6. Click Save & Assign

7. Mark group CHKP_Risk_High, and click Assign & Apply

   

8. Click OK

   

Blacklisting a Test App

Note - When you blacklist an app, all release versions and OS types of this app are blacklisted. Select Apply only to this version option to blacklist the specified version only.

1. Log into the Harmony Mobile Dashboard.

2. Go to Forensics > App Risk tab and select for the app you wish to blacklist.

   Example:

   

3. Go to Global Policy and click Edit.

   A Changing application policy-Global window pops up.

4. From the New Policy drop-down menu, select Black Listed.

5. In the Audit Trail note field, enter a reason for this change.

6. Click OK.

The user receives a Harmony Mobile Protect app notification to indicate that the blacklisted app (for example, Box) is not allowed by the Corporate Policy.

View of Device at Risk

Harmony Mobile Protect App Notifications

The user receives a Harmony Mobile Protect notification indicating that the blacklisted app is not allowed by Corporate Policy, in our example "Dropbox".

Samsung Knox Manage In-App Notification

The user will not be to open the Knox Mail app as specified in the AppLock device policy.

Samsung Knox Manage Email Notification

The user receives an email from the Samsung Knox Manage system, as specified in the "SBM_HighRisk" Actions policy.

Administrator View on the Harmony Mobile Dashboard

On the Harmony Mobile Dashboard the Administrator can see the devices at High Risk.

1. On the Infinity Portal, go to Device Risk > High Risk section.

   A list of the Devices At Risk is displayed in the Device Risk section.

   Example:

   

2. Click High Risk.

   The list of devices at High Risk state is displayed.

3. Select the specified device on the left-side list.

   You can see that the blacklisted app causes the High Risk state.

   Example:

   

Administrator View on the Samsung Knox Manage Console

1. In the Samsung Knox Manage, devices can be members of CHKP_Risk and CHKP_Status groups:

   

2. Once device is a member of a group and there is a Profile applied on that group, like the example in Set Policy Profile in Samsung Knox Manage, it would affect the device instantly: