Best Practice for Configuring App Control Policy in Symantec Mobile Security 7.2

Article:TECH198370  |  Created: 2012-10-15  |  Updated: 2013-06-17  |  Article URL http://www.symantec.com/docs/TECH198370
Article Type
Technical Solution


Environment

Issue



What are the recommendations for creating an App Control policy that will be applied to Android devices with Symantec Mobile Security 7.2 (SMS 7.2)?


Solution



App Control Best Practice

To configure AppControl whitelists and blacklists (to detect unwanted apps that are running) modify the default Android security policy.  On the Symantec Management Console (SMC), go to Home > Mobile Security > Device Management > Default AndroidSecurityPolicy, and select the "App Control" tab. (You can also create new and modify policies for lesser-used profiles as you require them.)

  • Please note that the "enable app detection" checkbox must be checked in order for App Control to function!  This checkbox is not checked by default, and creating rules will not automatically toggle it to checked.
  • There are two App Control options: admins can choose to either Blacklist applications or Whitelist applications.   The Whitelist option is only recommended in very unique circumstances.  The policy created will have to include all apps in the default image on all Android devices that are approved for use in the environment.  This is very difficult to accomplish successfully in practice.  Unless there is a very compelling reason, use the Blacklist option to specify apps that are not desired.
  • To create a rule, click the Add icon and then supply details about the app.  Please note that not every field needs to be populated for each rule.  Only one option- app name, package name, or package version- is usually sufficient for the SMS 7.2 client to identify the app successfully.  If all three fields are specified, then all three will need to be an exact match.  The rule logic does not contain an "or" if more than one condition is configured.
  • Ensure that all blacklist rule names, app names, package names, and package versions are less than 2048 characters.
  • The SMS 7.2 client can process many thousands of rules, so it is possible to add a large number to the GUI.  Do note, though, that a large number of rules can become difficult to administer.  Also, if there are hundreds or thousands of rules created, then there will be a corresponding increase in the size of policy files and the bandwidth they require. 
  • To retain your changes, do not forget to click Save changes.

 

Additional Information 

When an application that matches the Blacklist rules is detected on the Android device, SMS 7.2 will display a "Symantec Mobile Security has discovered a suspicious file and will help you remove it" message.  SMS 7.2 will attempt to stop the app and then prompt the user to uninstall the app.  (It is not possible to automatically remove apps without user interaction in the Android OS).  

SMS 7.2 will check this blacklist during every app install.  During each scheduled AntiVirus scan, SMS 7.2 will also check all installed apps against the blacklist policy.  If any apps are found that match, SMS 7.2 will prompt for removal.

If assistance is needed from Technical Support with App Control rules, please do either export the policy and supply it to your TSE, or just export the list of rules using the Export icon to open a save dialog. This will create a list of applications as a .CSV file.

 

An Example

In the following example, an administrator wishes to ensure that all the Android devices used in the corporate environment are protected by Symantec Mobile Security 7.2 (an enterprise product) rather than by an unmanaged consumer product (for example, Norton Mobile Security).   SMS 7.2 has been deployed to all Android devices and these smartphones have successfully enrolled with the SMS 7.2 server.

For more details on these two produicts, please see Comparing Symantec Mobile Security 7.2 and Norton Mobile Security

The administrator creates a simple rule to detect apps named "Norton Security":

Policy to block apps named Norton Security

This is saved and the policy updated to all devices.

On one employee's Android phone, the newly-updated Symantec Mobile Security 7.2 client performs its daily scan and detects that Norton Security is installed:

SMS 7.2 has discovered a suspicious file 

If this prompt to uninstall is cancelled, the employee will be reminded to "remove all" later.  The next day: 

SMS 7.2, click to remove suspicious software

 SMS 7.2, click to remove suspicious software

Policy to block apps named "Norton Security"

When the employee does choose to remove the unwanted application, they are guided through several uninstall screens.  

 

Uninstall finished





Article URL http://www.symantec.com/docs/TECH198370


Terms of use for this information are found in Legal Notices