Threat Manager

EMDK For Xamarin - 1.0

Overview

The Threat Manager feature allows an application to control the security threats a device actively monitors and how it responds.

Main Functionality

  • Enable Threat Detection
  • Disable Threat Detection
  • Perform Counter Measures when a Threat is Detected

Threat Action

This parm allows you to enable or disable threat detection.

Parm Name: ThreatAction

Option Name Description Requires
0 Do nothing This value (or the absence of this parm from the XML) will not make any change to whether threats are enabled or disabled.

OSX: 3.5+

MX: 4.3+

1 Turn On This will turn on Threat detection.

OSX: 3.5+

MX: 4.3+

2 Turn Off This will turn off threat detection.

OSX: 3.5+

MX: 4.3+

MDM Package Name

This parm allows you to specify the Package Name of the MDM Client you wish to monitor of being removed.

Note: You must know and specify the Package Name of that application. You could acquire the Package Name from the application developer, lookup the Package Name on a device, or use developer tools to extract the Package Name from the APK file.

Parm value input rules:

  • String with a minimum size of 1 character and a maximum size of 255 characters

Shown if: Shown when the Threat Action is "Turn On" and Threat Name is 'MDM Client Package Name'

Parm Name: MDMPackage

Requires:

  • OSX: 3.5+
  • MX: 4.3+

Threat Name

Shown if: Shown when the Threat Action is "Turn On" or "Turn Off"

Parm Name: ThreatName

Option Name Description Requires
1 Max Password Attempts Use this option to detect when the device has hit the maxminum password attempts.

OSX: 3.5+

MX: 4.3+

2 MDM Client Removal Use this option to detect when a MDM Client has been removed.

OSX: 3.5+

MX: 4.3+

3 Externally Detected A custom threat defined by an intent that can be triggered from an application

OSX: 3.5+

MX: 4.3+

4 Exchange Active Sync Command Use this option to detect when a threat has been detected while synching with Exchange

OSX: 3.5+

MX: 4.3+

5 Device is Rooted Use this option to detect when a device has been rooted.

OSX: 3.5+

MX: 4.3+

Format SD Card Countermeasure

This counter measure would format the external SDCard, all existing data on card would be lost.

Shown if: Shown if Threat Action is 'Turn On' and any Threat Action is selected.

Parm Name: FormatSdcard

Option Name Description Requires
0 Do not perform This countermeasure will not be executed.

OSX: 3.5+

MX: 4.3+

1 Perform This countermeasure will be executed upon threat detection.

OSX: 3.5+

MX: 4.3+

Factory Reset Countermeasure

This counter measure would force the device to factory reset. Returning the device to its original configuration.

Shown if: Shown if Threat Action is 'Turn On' and any Threat Action is selected.

Parm Name: FactoryReset

Option Name Description Requires
0 Do not perform This countermeasure will not be executed.

OSX: 3.5+

MX: 4.3+

1 Perform This countermeasure will be executed upon threat detection.

OSX: 3.5+

MX: 4.3+

Wipe Secure Storage Keys Countermeasure

This counter measure would remove Secure Storage Keys

Shown if: Shown if Threat Action is 'Turn On' and any Threat Action is selected.

Parm Name: WipeSecureStorageKeys

Option Name Description Requires
0 Do not perform This countermeasure will not be executed.

OSX: 3.5+

MX: 4.3+

1 Perform This countermeasure will be executed upon threat detection.

OSX: 3.5+

MX: 4.3+

Lock Device Countermeasure

This counter measure would lock the device, requiring the user to perform any device unlock procedure configured for the device.

Shown if: Shown if Threat Action is 'Turn On' and any Threat Action is selected.

Parm Name: LockDevice

Option Name Description Requires
0 Do not perform This countermeasure will not be executed.

OSX: 3.5+

MX: 4.3+

1 Perform This countermeasure will be executed upon threat detection.

OSX: 3.5+

MX: 4.3+

Uninstall Application Countermeasure

This counter measure would silently remove an application from the device. Provide the package name of the application to uninstall.

Shown if: Shown if Threat Action is 'Turn On' and any Threat Action is selected.

Parm Name: UninstallApplication

Option Name Description Requires
0 Do not perform This countermeasure will not be executed.

OSX: 3.5+

MX: 4.3+

1 Perform This countermeasure will be executed upon threat detection.

OSX: 3.5+

MX: 4.3+

Uninstall Package Name

This parm allows you to specify the package name of the application you wish to uninstall during a countermeaure procedure.

Note: You must know and specify the Package Name of that application. You could acquire the Package Name from the application developer, lookup the Package Name on a device, or use developer tools to extract the Package Name from the APK file.

Parm value input rules:

  • String with a minimum size of 1 character and a maximum size of 255 characters

Shown if: Shown if Threat Action is 'Turn On' and any Threat Action is selected and countermeasure is 'Uninstall Application'

Parm Name: UninstallPackage

Requires:

  • OSX: 3.5+
  • MX: 4.3+

Unsolicited Alert Countermeasure

This counter measure would send an explicit intent to an application. Provide and alert message, and the package and class name of the application you would like to notify.

Shown if: Shown if Threat Action is 'Turn On' and any Threat Action is selected.

Parm Name: UnsolicitedAlert

Option Name Description Requires
0 Do not perform This countermeasure will not be executed.

OSX: 3.5+

MX: 4.3+

1 Perform This countermeasure will be executed upon threat detection.

OSX: 3.5+

MX: 4.3+

Alert Package Name

This parm allows you to specify the package name of the application you wish to send an alert to during a countermeaure procedure.

Note: You must know and specify the Package Name of that application. You could acquire the Package Name from the application developer, lookup the Package Name on a device, or use developer tools to extract the Package Name from the APK file.

Parm value input rules:

  • String with a minimum size of 1 character and a maximum size of 255 characters

Shown if: Shown if Threat Action is 'Turn On' and any Threat Action is selected and countermeasure is 'Unsolicited Alert'

Parm Name: AlertPackage

Requires:

  • OSX: 3.5+
  • MX: 4.3+

Alert Class Name

This parm allows you to specify the class name of the application you wish to send an alert to during a countermeaure procedure.

Note: You must know and specify the Package Name of that application. You could acquire the Package Name from the application developer, lookup the Package Name on a device, or use developer tools to extract the Package Name from the APK file.

Parm value input rules:

  • String with a minimum size of 1 character and a maximum size of 255 characters

Shown if: Shown if Threat Action is 'Turn On' and any Threat Action is selected and countermeasure is 'Unsolicited Alert'

Parm Name: AlertClass

Requires:

  • OSX: 3.5+
  • MX: 4.3+

Alert Message

This parm allows you to specify message to send to the application you wish to send an alert to during a countermeaure procedure.

Parm value input rules:

  • String with a minimum size of 1 character and a maximum size of 255 characters

Shown if: Shown if Threat Action is 'Turn On' and any Threat Action is selected and countermeasure is 'Unsolicited Alert'

Parm Name: AlertMsg

Requires:

  • OSX: 3.5+
  • MX: 4.3+

Signal Occurence

Parm Name: SignalOccurrenceOfThreat

Option Name Description Requires
0 Do nothing Do nothing

OSX: 3.5+

MX: 4.3+

1 Signal Occurence Select whether the occurrence of an externally detected Threat should be signaled.

OSX: 3.5+

MX: 4.3+

Send Threat message

Provide a message to be sent, stating what custom threat has occurred.

Parm value input rules:

  • String with a minimum size of 1 character and a maximum size of 255 characters

Parm Name: SendThreatMsg

Requires:

  • OSX: 3.5+
  • MX: 4.3+