Views:

Use security policies to monitor the security status of your managed devices.

Procedure

  1. Go to Mobile SecurityMobile Security Policies.
  2. On the Android or iOS/PadOS tab, click Create.
  3. Under General, specify the policy name and description, set the priority of the policy, and click Next.
    The Priority has two options:
    • Highest: Select this to make the policy a top priority. It will be evaluated before all other policies.
    • Lowest: Select this if the policy should be a lower priority. It will be evaluated after all other policies, with the exception of the default policy. The default policy is always the last to be evaluated regardless of other settings. If you set a policy to Lowest, the policy will be evaluated just before the default policy.
    Tip
    Tip
    After the policy is created, you can change the priority by dragging the policy up or down the policy list.
  4. Under Security Settings, configure Malware Detection, Wi-Fi Protection, and Web Reputation settings, and click Next.
    The security settings for Android devices differ slightly from those for iOS and PadOS devices.
    Section
    Setting
    Malware Detection
    1. Choose if you want Mobile Security to scan just the mobile apps on your devices, or if you want it to scan both mobile apps and Android Application Package (APK) files.
      Note
      Note
      Scanning APK files requires your users to turn on the Storage permission on their devices.
    2. Configure malware scan criteria.
      • Malware
      • Unofficially modified app content or data (For Android only)
      • Transmission of personal data without consent (For Android only)
      • System or app vulnerabilities (For Android only)
      Each type of threat is assigned a risk level as defined by the risk level profile. The overall risk level of the targeted device is then calculated by considering the risk levels of all selected threat types.
    Wi-Fi Protection
    1. Turn on the toggle for Wi-Fi Protection.
    2. Configure Wi-Fi scan criteria.
      • Automatic decryption of HTTPS traffic
        The Wi-Fi network traffic is decrypted, which may result in data leakage.
      • Unsafe access point
        The device is connected to an insecure Wi-Fi network.
      Each type of threat is assigned a risk level as defined by the risk level profile. The overall risk level of the targeted device is then calculated by considering the risk levels of all selected threat types.
    Web Reputation
    Trend Micro Web Reputation technology assigns websites a "reputation" based on an assessment of the trustworthiness of a URL, derived from an analysis of the domain.
    1. Turn on the toggle for Web Reputation.
    2. Select Enforce on all devices that the policy applies to.
      This setting enforces Web Reputation on all targeted devices by automatically setting up local VPN on the devices.
    3. Select Enable and log access to all websites.
      This setting permits your users to access potentially blocked websites and records each access in Mobile detection logs.
    4. Select a security level.
    5. To automatically approve or block certain websites, specify the websites in the following formats and add them to the allow list or to the block list:
      • URL
      • FQDN
      Both URLs and FQDNs support the following wildcard character: *
  5. Under Assignment tab, assign the policy to your assignment groups by selecting one or more groups and clicking Save.
    The users or devices targeted by your policy are evaluated for security when they check in with Mobile Security.