What are the recommendations for creating an App Control policy that will be applied to Android devices with Symantec Mobile Security 7.2 (SMS 7.2)?
App Control Best Practice
To configure AppControl whitelists and blacklists (to detect unwanted apps that are running) modify the default Android security policy. On the Symantec Management Console (SMC), go to Home > Mobile Security > Device Management > Default AndroidSecurityPolicy, and select the "App Control" tab. (You can also create new and modify policies for lesser-used profiles as you require them.)
Additional Information
When an application that matches the Blacklist rules is detected on the Android device, SMS 7.2 will display a "Symantec Mobile Security has discovered a suspicious file and will help you remove it" message. SMS 7.2 will attempt to stop the app and then prompt the user to uninstall the app. (It is not possible to automatically remove apps without user interaction in the Android OS).
SMS 7.2 will check this blacklist during every app install. During each scheduled AntiVirus scan, SMS 7.2 will also check all installed apps against the blacklist policy. If any apps are found that match, SMS 7.2 will prompt for removal.
If assistance is needed from Technical Support with App Control rules, please do either export the policy and supply it to your TSE, or just export the list of rules using the Export icon to open a save dialog. This will create a list of applications as a .CSV file.
An Example
In the following example, an administrator wishes to ensure that all the Android devices used in the corporate environment are protected by Symantec Mobile Security 7.2 (an enterprise product) rather than by an unmanaged consumer product (for example, Norton Mobile Security). SMS 7.2 has been deployed to all Android devices and these smartphones have successfully enrolled with the SMS 7.2 server.
For more details on these two produicts, please see Comparing Symantec Mobile Security 7.2 and Norton Mobile Security |
The administrator creates a simple rule to detect apps named "Norton Security":
This is saved and the policy updated to all devices.
On one employee's Android phone, the newly-updated Symantec Mobile Security 7.2 client performs its daily scan and detects that Norton Security is installed:
If this prompt to uninstall is cancelled, the employee will be reminded to "remove all" later. The next day:
When the employee does choose to remove the unwanted application, they are guided through several uninstall screens.