Testing High Risk Activity Detection and Policy Enforcement

If the user's device is determined to be at risk, due to either a malicious app or malicious activity, Harmony Mobile notifies the user through in-app notifications, and updates the risk level custom attribute value to the Workspace ONE UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. system for that device. Then, Workspace ONE receives the risk state change, and upon recognizing the risk level value tied to a Configuration Profile, enacts and applies that policy.

In this example, the administrator blocks an app, for example, HeyWhatsApp. As a result, the user's device is identified to be at High Risk due to the blocked app installed on the device. The Harmony Mobile dashboard notifies the UEM, and marks the device as High Risk (CHKP_Risk_High tag) to the Workspace ONE UEM system. The Workspace ONE UEM system then enforces policy actions specified in the Configuration Profile.

Blocking a Test App

1. Log in to the Harmony Mobile dashboard.

2. Go to Forensics > Application and click for the app you want to block.

3. Select Edit app exception and click the policy you want to modify.

   

   The Application Exceptions section in the Application policy appears.

4. From the Action drop-down list, select Block.

   

5. Click Add.

6. To save the policy changes, click Save.

   

View of a Non-Compliant Device

The device with the blacklisted app must be in one of the Smart Groups that you created for the Devices at Risk. See Deploying the Harmony Mobile Protect app automatically (Zero Touch Deployment).

To see the non-compliant device in the Smart Group for Mobile Devices:

1. Go to Devices > Smart Device Groups and open your defined Smart Group for mobile devices.

2. Click View.

   The device is displayed.

   If you configured an email notification, you receive an email from Workspace ONE UEM.

   Note - The data fields are similar for both iOS and Android users. The examples below are applicable for both platforms.

The user is not allowed to use the app until the user removes the blacklisted app, or changes the compliance policy settings. See "Creating a Mitigation Process" on page Configuring the Harmony Mobile Dashboard UEM Integration Settings.

Harmony Mobile Protect App Notifications

The user receives Harmony Mobile Protect app notifications.

Workspace ONE UEM Agent App Notifications

The user receives Workspace ONE UEM Agent notifications.

Workspace ONE UEM Agent App Notifications

The user receives an email from the Workspace ONE UEM system.

Administrator View on the Harmony Mobile Dashboard

On the Harmony Mobile Dashboard, the Administrator can see the devices at High Risk.

1. On the Infinity Portal, go to Device Risk > High Risk section.

   A list of the Devices At Risk is displayed in the Device Risk section.

   

2. Click High Risk.

   The list of devices at High Risk state is displayed.

3. Select the specified device on the left-side list.

   You can see that the blacklisted app causes the High Risk state.

   

Administrator View on the Workspace ONE UEM Console

On the Workspace ONE UEM Console:

1. Go to Devices > Dashboard view.

   You can see the devices that have compliance violations, or violate some policies, or both.

   

2. Go to High Risk > List View.

   You can see the devices in the Out of Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. state.

   

3. Click Layout > Summary, then click on the specified device with the Status Non-Compliant.

   The Details View page opens.

   • Summary tab

     You can see the Smart Groups, the Status Tags, and the Risk Tags of the device.

     

   • Compliance tab

     You can see that the device is out of compliance, and the policy that applies to the device.

     Example:

     

   • Profiles tab

     You can see that the device has the Non-Compliant Android Device Policy profile.

     Example:

     

   • Click More > Status History.

     Status History tab

     You can see the status history, and see when the device was non- compliant.

     Example: