The "SmartDocs" bar can customize this page to show only the features present on a particular Zebra device.
OSX, MX and Android version information for a device can be found in the Android Settings panel or by querying the device through ADB, EMDK or the MX CSP. More info
The Threat Manager feature allows an application to control security Threats actively monitored by a device, how and whether to respond when a Threat is detected, and which Countermeasure(s) to employ.
This is the On/Off switch for Threat Detection on the device. Turning Threat Detection On enables all features and activities that can be triggered whenever a Threat is detected on a device.
Parm Name: ThreatAction
Option | Name | Description | Requires |
---|---|---|---|
0 | Do nothing | This value (or the absence of this parm from the XML) will make no change to whether Threat Detection is enabled; any previously selected setting will be retained. |
OSX: 3.5+ MX: 4.3+ |
1 | Turn On | Turns on Threat detection. |
OSX: 3.5+ MX: 4.3+ |
2 | Turn Off | Turns off threat detection. |
OSX: 3.5+ MX: 4.3+ |
Used to specify the name of the Threat to detect.
Shown if: Shown when the Threat Action is "Turn On" or "Turn Off"
Parm Name: ThreatName
Option | Name | Description | Requires |
---|---|---|---|
1 | Do Nothing | This value (or the absence of this parm from the XML) will make no change to the Threat(s) being detected on the device; any previously selected setting will be retained. |
OSX: 3.5+ MX: 6.1+ |
1 | Max Password Attempts | Detect that the device has reached the maximum number of failed password attempts. |
OSX: 3.5+ MX: 4.3+ |
2 | MDM Client Removal | Detects that an MDM client app has been removed from the device. |
OSX: 3.5+ MX: 4.3+ |
3 | Externally Detected | A custom Threat defined by an intent that can be triggered from an application. |
OSX: 3.5+ MX: 4.3+ |
4 | Exchange Active Sync Command | Detects a Threat encountered while syncing with Microsoft Exchange. |
OSX: 3.5+ MX: 4.3+ |
5 | Device is Rooted | Detects that root-level access has been given to one or more device users and/or apps on the device. |
OSX: 3.5+ MX: 4.3+ |
Used to specify the Package Name of the MDM client app to be monitored. Removal of the app specified here will trigger a Threat alert.
Note: The Package Name of the application to be monitored must be specified. The Package Name can be acquired from the application developer, a lookup of the Package Name on the device, or extracted from the APK file using developer tools designed for this purpose.
Parm value input rules:
Shown if: Shown when the Threat Action is "Turn On" and Threat Name is "MDM Client Package Name"
Parm Name: MDMPackage
Requires:
- OSX: 3.5+
- MX: 4.3+
Formats the external SD Card, erasing all existing data on the card.
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected.
Parm Name: FormatSdcard
Option | Name | Description | Requires |
---|---|---|---|
0 | Do not perform | This countermeasure will not be executed. |
OSX: 3.5+ MX: 4.3+ |
1 | Perform | This countermeasure will be executed upon threat detection. |
OSX: 3.5+ MX: 4.3+ |
Forces a factory reset, returning the device to its original factory settings.
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected.
Parm Name: FactoryReset
Option | Name | Description | Requires |
---|---|---|---|
0 | Do not perform | Countermeasure will not be executed. |
OSX: 3.5+ MX: 4.3+ |
1 | Perform | Countermeasure will be executed upon threat detection. |
OSX: 3.5+ MX: 4.3+ |
Removes from the device all Secure Storage Keys, which would otherwise be used to access portions of the device protected by encryption. Execution of this countermeasure does not necessarily prevent access to the encrypted data, but prevents the data from being decrypted and thus exploited. Once a threat has been neutralized, Secure Storage Keys can be restored to the device to provide access to the secure storage area as normal.
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected.
Parm Name: WipeSecureStorageKeys
Option | Name | Description | Requires |
---|---|---|---|
0 | Do not perform | Secure Storage Keys will not be removed. |
OSX: 3.5+ MX: 4.3+ |
1 | Perform | Secure Storage Keys will be removed upon threat detection. |
OSX: 3.5+ MX: 4.3+ |
Locks the device; requires the user to perform the device unlock procedure configured for the device.
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected.
Parm Name: LockDevice
Option | Name | Description | Requires |
---|---|---|---|
0 | Do not perform | Countermeasure will not be executed. |
OSX: 3.5+ MX: 4.3+ |
1 | Perform | Countermeasure will be executed upon threat detection. |
OSX: 3.5+ MX: 4.3+ |
Silently removes an application from the device as specified by package name in the UninstallPackage parameter.
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected.
Parm Name: UninstallApplication
Option | Name | Description | Requires |
---|---|---|---|
0 | Do not perform | Countermeasure will not be executed. |
OSX: 3.5+ MX: 4.3+ |
1 | Perform | Countermeasure will be executed upon threat detection. |
OSX: 3.5+ MX: 4.3+ |
Used to specify the package name of the application to uninstall during a countermeasure procedure.
Note: The Package Name of the application to be uninstalled must be specified. The Package Name can be acquired from the application developer, a lookup of the Package Name on the device, or extracted from the APK file using developer tools designed for this purpose.
Parm value input rules:
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected and countermeasure is "Uninstall Application"
Parm Name: UninstallPackage
Requires:
- OSX: 3.5+
- MX: 4.3+
Used to send an alert to an application on the device in the form of an intent. The intent must include the package name, class name and alert message as specified in the AlertPackage, AlertClass, and AlertMsg parameters. When a Threat is detected, the detection service sends the message specified in the Alert Message parameter to the specified class of the specified package.
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected.
Parm Name: UnsolicitedAlert
Option | Name | Description | Requires |
---|---|---|---|
0 | Do not perform | The alert-message intent will not be sent upon Threat detection. |
OSX: 3.5+ MX: 4.3+ |
1 | Perform | The alert-message intent will be sent to the specified application and class upon Threat detection. |
OSX: 3.5+ MX: 4.3+ |
Used to specify the package name of the application to receive an alert during a countermeasure procedure.
Note: The Package Name of the application to receive the alert must be specified. The Package Name can be acquired from the application developer, a lookup of the Package Name on the device, or extracted from the APK file using developer tools designed for this purpose.
Parm value input rules:
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected and countermeasure is "Unsolicited Alert"
Parm Name: AlertPackage
Requires:
- OSX: 3.5+
- MX: 4.3+
Used to specify the Class Name of the application to receive an alert during a countermeasure procedure.
Note: The Package Name of the application to receive the alert also must be specified. The Package Name can be acquired from the application developer, a lookup of the Package Name on the device, or extracted from the APK file using developer tools designed for this purpose.
Parm value input rules:
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected and countermeasure is "Unsolicited Alert"
Parm Name: AlertClass
Requires:
- OSX: 3.5+
- MX: 4.3+
Used to specify a message to send to the application you wish to send an alert to during a countermeasure procedure.
Parm value input rules:
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected and countermeasure is "Unsolicited Alert"
Parm Name: AlertMsg
Requires:
- OSX: 3.5+
- MX: 4.3+
Controls whether signaling is triggered by an externally detected threat warning, such as from a Mobile Device Management (MDM) system.
Shown if: Shown if Threat Action is "Turn On" and any Threat Action is selected
Parm Name: SignalOccurrenceOfThreat
Option | Name | Description | Requires |
---|---|---|---|
0 | Do nothing | Performs no signaling when an externally occurring Threat is detected. |
OSX: 3.5+ MX: 4.3+ |
1 | Signal Occurrence | Signals the occurrence of an externally detected Threat. |
OSX: 3.5+ MX: 4.3+ |
Permits a message to be specified describing a custom threat that has occurred.
Parm value input rules:
Parm Name: SendThreatMsg
Requires:
- OSX: 3.5+
- MX: 4.3+
This is the On/Off switch for Periodic Scans on the device, which detect apps with the "super-user" permissions and other characteristics generally associated with root-based malware. When Periodic Scan is disabled, Threat detection scanning occurs each time the device boots. When enabled, scans are performed according to the interval specified in the Periodic Scan Interval parameter. Scan frequency can effect battery life.
Shown if: Shown if Threat Action is "Turn On"
Parm Name: PeriodicScan
Option | Name | Description | Requires |
---|---|---|---|
0 | Do nothing | This value (or the absence of this parm from the XML) will make no change to whether the Periodic Scan feature is enabled; any previously selected setting will be retained. |
OSX: 3.5+ MX: 6.1+ |
1 | Turn On | Enables Periodic Scans to be performed on the device. |
OSX: 3.5+ MX: 6.1+ |
2 | Turn Off | Disables the Periodic Scan feature on the device. |
OSX: 3.5+ MX: 6.1+ |
Used to specify the time, in minutes, to wait between Periodic Scans performed on the device. Minimum scan interval is one minute; maximum is 1440 minutes (24 hrs.). If Periodic Scan is enabled and no scan interval is specified, a value of 30 (min.) will be used. Periodic Scans detect apps with the "super-user" permissions and other characteristics generally associated with root-based malware. Scan frequency can effect battery life.
Parm value input rules:
Shown if: Shown if Threat Action is "Turn On" and Periodic Scan is "Turn On"
Parm Name: PeriodicScanInterval
Requires:
- OSX: 3.5+
- MX: 6.1+
This is the On/Off switch for folder monitoring. This Extra Scan Folders feature monitors one or more folders on the device (including those in Android-protected areas) as specified in the Extra Scan Folders List parameter. When a change within a monitored folder occurs, ThreatMgr broadcasts an Intent with the folder name and one of the Android FileObserver constants to describe the event.
This parameter does not detect Threats.
Parm Name: ExtraScanFolders
Option | Name | Description | Requires |
---|---|---|---|
0 | Do nothing | This value (or the absence of this parm from the XML) will make no change to Folder Monitoring; any previously selected setting will be retained. |
OSX: 3.5+ MX: 6.1+ |
1 | Turn On | Enables folder monitoring, and sends an Intent when changes occur to the specified folder(s). |
OSX: 3.5+ MX: 6.1+ |
2 | Turn Off | Disables folder monitoring, and causes the device to ignore changes to the specified folder(s). |
OSX: 3.5+ MX: 6.1+ |
Used to specify one or more folders on the device to monitor for changes, including folders in protected areas of an Android device. Folder(s) specified in this parameter replace any previously specified folder(s). To add a folder to an existing folder list, specify the entire (comma-separated) list including the new folder.
This parameter does not detect Threats.
Parm value input rules:
Parm Name: ExtraScanFoldersList
Requires:
- OSX: 3.5+
- MX: 6.1+
<wap-provisioningdoc>
<characteristic type="ThreatMgr" version="4.3">
<parm name="ThreatAction" value="1" />
<parm name="ThreatName" value="ExternallyDetected" />
<characteristic type="CounterMeasure">
<parm name="FormatSdcard" value="1" />
<parm name="FactoryReset" value="1" />
<parm name="WipeSecureStorageKeys" value="1" />
<parm name="LockDevice" value="1" />
</characteristic>
</characteristic>
</wap-provisioningdoc>
<wap-provisioningdoc>
<characteristic type="ThreatMgr" version="4.3">
<parm name="ThreatAction" value="2" />
<parm name="ThreatName" value="ExternallyDetected" />
</wap-provisioningdoc>
<wap-provisioningdoc>
<characteristic-query type="ThreatMgr"/>
</wap-provisioningdoc>