About Compliance in Symantec Mobile Security 7.2

Article:TECH202129  |  Created: 2013-01-28  |  Updated: 2013-08-16  |  Article URL http://www.symantec.com/docs/TECH202129
Article Type
Technical Solution


Issue



What compliance features are included in Symantec Mobile Security 7.2 (SMS 7.2)?  Why are certain Android devices listed as being non-compliant?


Error



The Device Overview may display information similar to the following, with additional data in the Non-Compliant Devices Details report:

 


Cause



Symantec Mobile Security establishes standards for security compliance through the use of security policies and the Symantec Mobile Security Agent app. When one or more managed devices become non-compliant, they can become security risks. Best practices dictate that you periodically check the compliance status of enrolled mobile devices.


Solution



Checking mobile device compliance
  1. On the console, go to Home > Mobile Security > Overview and Reports > Device Compliance .
  2. The Non-Compliant Devices Details page lists the enrolled devices and their levels of compliance.

 

Double-click any of the devices to see more details about its compliance status.

The column headings refer to the following:
  • Status Time- The last time the device status was logged to the Symantec Mobile Security server.
  • Out-of-Date Engine- Devices are non-compliant if Anti-Malware definitions have not been successfully updated in the past 30 days. (Anti-Malware scan engines are updated when LiveUpdate is run on the Android.)
  • Administrator disabled- Whether the device-administrator permissions on the mobile device have been revoked. The mobile device agent requires administrator permissions on the device to enable the security features such as locking the device and wiping data. (Device Administrator permissions are set or unset on each Android device.  This is not a setting that can be controlled from the Symantec Management Platform.)
  • Out-of-touch- The device is turned off, or does not have cell service, wifi or other means of contacting its SMP server through the Mobile Security Gateway.  (Note that this is not an indicator of whose phone is turned on or off at any given instant.  If the device has not communicated in over 30 days, it will be listed as out-of-touch.) 
  • GCM Registration Failed- The device is not registered to receive Google Cloud Messaging (GCM) messages.
  • Rooted- Whether the factory-installed operating system has been circumvented. 

 

To ensure protection, administrators are encouraged to take necessary actions to ensure that the Android devices are made compliant.  (Run LiveUpdate on the Android to download the latest malware definitions and engine, ensure that "Mobile Security" is listed as a device administrator, etc.)

 





Article URL http://www.symantec.com/docs/TECH202129


Terms of use for this information are found in Legal Notices