Malware

MaaS360 Threat Management Solution protects devices by detecting and remediating malware infections on compromised devices.

Malware is malicious software that is designed to exploit or gain unauthorized access to a device or network. Hackers use malware for various reasons such as stealing sensitive information, gaining access to corporate data, and assuming control of devices. When users remove security restrictions imposed by the device manufacturers through jailbreaking or rooting, the devices become more vulnerable to malware attacks. In addition, third-party apps that are installed through unauthorized app stores can introduce malware on devices.

MaaS360 monitors devices to identify jailbroken devices and malware-infected devices in your organization. When malware is detected, MaaS360 notifies users about the potential threat or blocks affected devices from accessing corporate resources.

Supported devices
  • Android
  • iOS

Deploying endpoint security policies

Policy configuration

You must configure and push EPS policies to detect malware infections and initiate remediation actions on devices that contribute to malware infections.

Follow these steps to configure Device Security settings:

  1. From the MaaS360 Portal Home page, navigate to Security > Policies.
  2. Open an EPS policy and then click Device Security.
  3. Click Edit.
  4. Configure the following settings:
    Setting Description Supported OS
    Track devices with malware If this setting is turned on, MaaS360 enables Device Security on devices. iOS, Android
    Remediation action for malware
    Select one of the following actions:
    • Notify user - MaaS360 sends a notification to the user about the malware.
    • Block corporate access - MaaS360 blocks access to corporate data in the secure container until the malware is cleared from the device.
    		 Android
    Exempt System Applications If this setting is turned on, all system apps are automatically exempted from scanning for malware detection. Android
    Exempted Applications The list of managed apps that are exempted from scanning for malware detection. Android

Policy assignments

You must assign endpoint security policies to a device, user, device group, or user group from the corresponding workflows. For more information about policy assignments, see Configuring endpoint security policies.

Configuring risk rules

When a malware infection is detected, MaaS360 creates a risk incident and then validates that risk incident against the risk rule to calculate the severity and risk score for devices and users. By default, the risk rule for malware detection is enabled in the MaaS360 portal. You can use the Risk Rule Configurator to disable the risk rule or adjust the severity.
Note: This risk rule applies to Android devices only.
Follow these steps to configure risk rules for malware detection:
  1. From the MaaS360 Portal Home page, navigate to Security > Security Management > Risk Rule Configurator.
  2. Configure the following settings:
    Risk rule
    • Trusteer Malware Detected

    Condition: Define the severity of the malware infections.

    Default Condition
    If ... Then ...
    Trusteer Malware Detected = True The severity is high

What happens when malware infections are detected on the device?

When EPS policies are applied to devices, MaaS360 activates Device Security and then monitors devices for malware infections. MaaS360 supports the following detection and response capabilities for malware:
  • Updates the security status of the device in the Security app.
    Security status malware
  • Generates a security alert for users in real-time.
    Malware alert
  • Blocks access to corporate resources in the MaaS360 container until the user clears the malware infection from the device.
    Block corporate access malware

Tracking malware incidents on the Security Dashboard

Devices report all malware incidents to the MaaS360 portal in real-time. If those malware incidents meet the Risk Rule criteria set by the administrators, MaaS360 generates a risk incident in the dashboard.

Follow these steps to track security violations and incidents on the Security Dashboard:
  1. Go to Security > Security Dashboard.
  2. In the Top risk incidents widget, click the Affected devices link:
    Malware top risk
    The affected devices are displayed.
    Malware affected devices
  3. Click on the username. The User Summary page displays all risk incidents against the affected device.
    Malware infection dashboard
  4. Click Malware detected to view more details about that risk incident.
    Malware dashboard

For more information about other common widgets on the Security Dashboard, see Tracking security events on the Security Dashboard.