Malware
MaaS360 Threat Management Solution protects devices by detecting and remediating malware infections on compromised devices.
Malware is malicious software that is designed to exploit or gain unauthorized access to a device or network. Hackers use malware for various reasons such as stealing sensitive information, gaining access to corporate data, and assuming control of devices. When users remove security restrictions imposed by the device manufacturers through jailbreaking or rooting, the devices become more vulnerable to malware attacks. In addition, third-party apps that are installed through unauthorized app stores can introduce malware on devices.
MaaS360 monitors devices to identify jailbroken devices and malware-infected devices in your organization. When malware is detected, MaaS360 notifies users about the potential threat or blocks affected devices from accessing corporate resources.
- Android
- iOS
Deploying endpoint security policies
Policy configuration
You must configure and push EPS policies to detect malware infections and initiate remediation actions on devices that contribute to malware infections.
Follow these steps to configure Device Security settings:
- From the MaaS360 Portal Home page, navigate to .
- Open an EPS policy and then click Device Security.
- Click Edit.
- Configure the following settings:
Setting Description Supported OS Track devices with malware If this setting is turned on, MaaS360 enables Device Security on devices. iOS, Android Remediation action for malware Select one of the following actions:- Notify user - MaaS360 sends a notification to the user about the malware.
- Block corporate access - MaaS360 blocks access to corporate data in the secure container until the malware is cleared from the device.
Android Exempt System Applications If this setting is turned on, all system apps are automatically exempted from scanning for malware detection. Android Exempted Applications The list of managed apps that are exempted from scanning for malware detection. Android
Policy assignments
You must assign endpoint security policies to a device, user, device group, or user group from the corresponding workflows. For more information about policy assignments, see Configuring endpoint security policies.
Configuring risk rules
- From the MaaS360 Portal Home page, navigate to .
- Configure the following settings:Risk rule
- Trusteer Malware Detected
Condition: Define the severity of the malware infections.
Default ConditionIf ... Then ... Trusteer Malware Detected = True The severity is high
What happens when malware infections are detected on the device?
- Updates the security status of the device in the Security app.
- Generates a security alert for users in real-time.
- Blocks access to corporate resources in the MaaS360 container until the user clears the malware infection from the device.
Tracking malware incidents on the Security Dashboard
Devices report all malware incidents to the MaaS360 portal in real-time. If those malware incidents meet the Risk Rule criteria set by the administrators, MaaS360 generates a risk incident in the dashboard.
- Go to .
- In the Top risk incidents widget, click the Affected
devices link:The affected devices are displayed.
- Click on the username. The User Summary page displays all risk incidents against the affected device.
- Click Malware detected to view more details about that risk incident.
For more information about other common widgets on the Security Dashboard, see Tracking security events on the Security Dashboard.