How to mark Unwanted Apps as High risk in SEP Mobile
search cancel

How to mark Unwanted Apps as High risk in SEP Mobile

book

Article ID: 258955

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

Using the Unwanted App rules in SEP Mobile, it is possible to assign a risk level to applications which are deemed by the organization's administrator as not appropriate for enrolled devices.  By doing so, users installing an Unwanted app will be alerted that the app is blacklisted per company policy, and prompted to remove the app in question. 

By assigning a High risk level to an Unwanted App, devices will be marked as noncompliant when the app is present (assuming a default Mobile Security Compliance Policy is in place), and the device can then be prevented from accessing company resources until the Unwanted App is removed.  

Creation of Unwanted App rules is covered in detail in the following Techdoc article:

Defining the criteria for determining an app as unwanted

The purpose of this article is to provide a quick, step-by-step guide to implementation of Unwanted App rules based on their bundle ID (iOS) / package name (Android).  We will use the TikTok app in this example.  

Environment

On Android devices the SEP Mobile app can natively perform app analysis, so this guide applies to all SEP Mobile environments with enrolled Androids.  However on iOS in order to perform app analysis, SEP Mobile is reliant upon an integration with an MDM provider to provide installed app data via iOS app sync.  Therefore use of Unwanted App rules is only possible for iOS devices enrolled in an MDM integrated environment.  

Resolution

1.) Begin by obtaining the bundle ID for iOS, or the package name for Android, of the app to be marked as high risk:

  • For an Android app, the package name can be derived from the URL of the page for the app in the Google Play Store, using a web browser on a PC or other non-Android device - the "id=" field of the URL is the package name.



  • For an iOS app, it is necessary to login to an Itunes Connect account, then lookup the app in question and view the bundle ID.  In the case of the example app being used for this guide, the bundle ID happens to match the package name of the Android app.  This is not the case with all apps however, so in order to reliably build Unwanted App rules using iOS bundle IDs, it is recommended to use an Itunes Connect account to perform the app lookups.  

2.) In the SEP Mobile Management Console (MC), go to Settings and then Apps.  Mouse over the last rule in the list and click on the + (plus) symbol, then select the option to "Add iOS and iPadOS apps definitions".



3.) In the "Classify iOS apps as" field type the name to be used for this Unwanted App classification - for this example the generic name "Unwanted iOS App" is being used.  Then select the risk level of the Unwanted App.  For this example "High risk" is being selected, as that will cause devices detected with this app to be marked as non-compliant using a default Mobile Security Compliance Policy.  

4.) Click the + (plus) sign in the middle section labeled "Add app rules for the classification above". 

5.) Click the "Please select" dropdown, then in the search field enter "bundle" and select the "Bundle ID is one of the following:" App identifier criteria. 

6.) Input the bundle ID of the app to be marked as High risk.  Note that the Simulation button can be used to provide administrators with a report on the number of affected devices prior to implementation of the new rule.  

7.) When ready to implement the rule for production, click the Apply Changes at the top of the page. 

8.) To add Android definitions for the same app as Unwanted, simply repeat steps 2 through 8, with the following changes to be aware of: 

  • In Step 2, select "Add Android apps definitions"
  • In Step 3, choose a classification name to clearly differentiate the Android apps definition from iOS
  • In Step 5, choose "Package name is one of the following" from the App identifiers criteria
  • In Step 6, input the relevant package name for the Android app to be marked as High risk; in this specific example it is the same for iOS and Android, however as noted above this is not true in all cases

Please note that it is also possible to choose the Medium Risk or Low Risk levels to associate with an Unwanted App classification, and, with default Mobile Security Policy Control settings in place, detection of a Medium or Low risk app would not result in the device becoming non-compliant.  Instead, using this method administrators can provide an informational prompt to the user, explaining the app is blacklisted and requesting they remove it. 

Unwanted Apps detected on enrolled devices will be reported in the MC for administrators to review.  

Additional Information

Using the Selective Resources Protection as a compliance enforcement
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection-mobile/1-0/Security-Settings/using-the-selective-resources-protection-as-a-comp-v130285821-d4221e4337.html

Defining noncompliant devices and mobile compliance policy
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection-mobile/1-0/Security-Settings/defining-noncompliant-devices-and-mobile-complianc-v131860172-d4221e3919.html 

Powered by Wolken Software