Professional Documents
Culture Documents
Mcafee Mvision Mobile Console 1809: Product Guide
Mcafee Mvision Mobile Console 1809: Product Guide
Product Guide
TRADEMARK ATTRIBUTIONS
McAfee and the McAfee logo, McAfee Active Protection, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes,
McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee,
LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE
GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE
CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE
RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU
DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF
APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
Preface .......................................................................................................................................................... 5
Audience ....................................................................................................................................................... 5
Related Documentation ................................................................................................................................ 5
Introduction to Mobile Threat Protection .................................................................................................... 6
Objective ................................................................................................................................................... 6
About the Threat Detection Engine .......................................................................................................... 6
About SIEM and MDM Systems ................................................................................................................ 6
Software Requirements ................................................................................................................................ 7
About the Architecture ................................................................................................................................. 8
MDM Integration ...................................................................................................................................... 8
Ad hoc MDM Synchronization .................................................................................................................. 9
SIEM Integration ..................................................................................................................................... 10
MVISION Mobile Console Group Configuration ..................................................................................... 10
MVISION Mobile Console Overview ........................................................................................................... 11
UI Functions ............................................................................................................................................ 11
Apps ............................................................................................................................................................ 12
App Inventory ......................................................................................................................................... 13
Application Analysis ................................................................................................................................ 13
App Sample Detection Dates .................................................................................................................. 14
iOS Profiles .................................................................................................................................................. 15
Managing Users .......................................................................................................................................... 16
Creating a Single User ............................................................................................................................. 16
Creating Multiple Users .......................................................................................................................... 17
About the CSV File to Add Users ............................................................................................................. 17
Updating and Deleting a User ................................................................................................................. 18
MVISION Mobile Threat Detection Application Activation......................................................................... 19
On-Boarding with Activation Links .......................................................................................................... 19
On-Boarding with Domain Name ............................................................................................................ 19
MDM Activation ...................................................................................................................................... 19
Audience
The intended audience for this guide is an MVISION Mobile Console administrator. The MVISION Mobile
Console application provides threat protection to mobile devices, and the system administrator sets
policies for threats, and monitors and manages threats detected.
Related Documentation
For more information and specific configuration information about MDM, SIEM, and iOS, Android
Platforms, see the following documents in the McAfee documentation set:
MVISION Mobile Threat Detection Application Android Platform Guide (PD27930)
Provides detailed information about how to configure and install MVISION Mobile Threat
Detection Application on Android platforms.
MVISION Mobile Threat Detection Application iOS Platform Guide (PD27931)
Provides detailed information about how to configure and install MVISION Mobile Threat
Detection Application on iOS platforms.
McAfee MVISION Mobile AirWatch Integration Guide (PD27932)
Provides detailed information about how to integrate with AirWatch MDM.
McAfee MVISION Mobile MobileIron Integration Guide (PD27933)
Provides detailed information about how to integrate with MobileIron MDM.
McAfee MVISION Mobile Microsoft Intune Integration Guide (PD27934)
Provides detailed information about how to integrate with Microsoft Intune MDM/MAM.
McAfee MVISION Mobile IBM MaaS360 Integration Guide (PD27935)
Provides detailed information about how to integrate with IBM MaaS360.
McAfee MVISION Mobile BlackBerry Integration Guide (PD27936)
Provides detailed information about how to integrate with BlackBerry UEM and Dynamics.
McAfee MVISION Mobile Citrix Integration Guide (PD27937)
Provides detailed information about how to integrate with Citrix MDM.
McAfee MVISION Mobile Silverback MDM Administrator Guide (PD27938)
Provides detailed information about how to integrate with Silverback MDM.
McAfee MVISION Mobile SIEM-syslog Integration Guide (PD27939)
Provides detailed information about how to integrate with SIEMs.
McAfee McAfee MVISION Mobile Console Threat Reference Guide (PD27940)
Provides detailed information about the list of threats and which are supported on Android and
iOS.
These documents are located in the McAfee document Portal at https://docs.mcafee.com
Internet Explorer 10
MDM Systems
BlackBerry UEM MDM (BES) 12.4 UEM - 12.6 UEM needed for iOS App Configuration
SIEM
Syslog Any SIEM that has a JSON Syslog input capability
MDM Integration
Integration with MDM servers provide the ability to synchronize:
● Devices with MVISION Mobile Console and ePO
● Users with MVISION Mobile Console
● Define groups to be used in policy and other configuration items
● Provide granular protection mechanisms in addition to the protections built in to MVISION
Mobile Threat Detection Application
All MDM vendors have different integration capabilities that range from simple application pushes to
performing actions. These levels of integration are defined in the table below with an explanation of
what can be obtained for each level.
Level Description
MVISION Mobile Threat Detection Application deployment: Uses the MDM to push the MVISION
1
Mobile Threat Detection Application to enrolled MDM devices.
(A) Synchronize users, devices, and applications (can be via groups or full inventory): MVISION Mobile
Console synchronizes users and devices enrolled in MDM. This allows the administrator to
manage users in a single location, the MDM server.
(B) Auto-activation: Automatically identify the user and device on startup. No user intervention is
required, if the MDM supports ad hoc MDM sync or the device details have been synchronized
with the MDM, MVISION Mobile Threat Detection Application starts protecting the device right
away. This is configured differently per platform and per MDM:
2
iOS: Using the MDM feature to push Managed Application Configuration values to the device.
MVISION Mobile Threat Detection Application understands this form of configuration on iOS
and uses the values assigned to activate the device with the MVISION Mobile Console. The
method for this integration differs per MDM and is defined in the individual MDM guides.
Android: When Android MVISION Mobile Threat Detection Application starts, it uses the MDM
identifier from the MVISION Mobile Console activation link URL (the part for the MDM_ID). It
uses the MDM_ID parameter as the common identifier that the server also knows. The device
When integrated with an MDM, MVISION Mobile Console can synchronize the entire inventory or a
subset of groups as defined by the MDM. For example:
● Smart groups (AirWatch)
● User Groups (BlackBerry)
● Delivery Groups (Citrix)
● Labels (MobileIron)
Devices in the selected groups enrolled in MDM synchronize to the MVISION Mobile Console and all
moves, adds, changes to devices in those groups are then handled by the MDM administrator. Any
changes detected by MVISION Mobile Console during the regularly scheduled synchronization are
mimicked in the MVISION Mobile Console as well. See the MDM Configuration guides in the customer
portal for more information and Appendix B - MDM Capability Matrix for a complete list of capabilities
for each MDM supported.
For more information about MDM activation links, see “MDM Activation” in this guide.
This table lists the supported features by platform.
MDM NO MDM
Feature
iOS Android iOS Android
Disable Wi-Fi ✘ ✔ ✘ ✔
Disconnect SSID ✔ (1) ✘ ✘ ✘
Assign to MDM
Label/SmartGroup/
✔ ✔ ✘ ✘
Delivery Group/
Service Group
On Device VPN ✔ ✘ ✔ ✘
(1) AirWatch MDM Only
Ad hoc MDM Synchronization
The MDM synchronization of users and devices occurs when the initial setup is implemented and then
following every four hours. Due to the four-hour synchronization window, at times a new MDM user has
MVISION Mobile Threat Detection Application pushed down to their device and tries to start it before
the device actually being synchronized from the MDM. MVISION Mobile Console handles this by doing
an ad hoc synchronization. MVISION Mobile Console gets the identification information from MVISION
Mobile Threat Detection Application used for the authentication and matches it up with the proper
customer for authentication. Once that happens, MVISION Mobile Console retrieves that device and
iOS: Associate a plist file with the MVISION Mobile Threat Detection Application that pushes down
required parameters for auto log on to the MVISION Mobile Threat Detection Application. This is
described in detail in the specific MDM configuration guides for MDMs that support application
configurations. Additional plist entries needed for this to work are tenant ID and default channel.
Android: Ad Hoc is supported for Android with purpose-built MVISION Mobile Threat Detection
Application apps for each customer that requires this on Android. Contact your McAfee Customer
Support for more information.
SIEM Integration
Security events can be securely pulled from the MVISION Mobile Console using the script defined in the
“MVISION Mobile SIEM Integration Guide.” This guide contains a bash script, which can be run as part of
a crontab where it accesses the Cloud server at regular intervals over HTTPS and retrieve the events in a
JSON format. These events are then saved as files locally on the customer computer from which the
bash script is executed. The files can then be imported into the customer’s SIEM system using the SIEM
native JSON capabilities or syslog. The advantage of this approach is that it does not require the
customer to perform any networking changes or expose any secure resources to the network. The script
is a starting point and it can be updated as needed. But, if an inbound syslog connection is preferred,
this can be configured as well.
Groups can be used in the MVISION Mobile Console when an MDM integration is implemented with an
MDM vendor that supports groups. During the MDM setup process, MVISION Mobile Console recognizes
when an MDM supports groups and provide the Administrator an opportunity to set up one or more
MVISION Mobile Console groups that correspond to the MDM groups. This screen is used to provide a
hierarchy of which group to use in MVISION Mobile Console when a user/device is in more than one
group being used for synchronization.
Any users added locally to MVISION Mobile Console are defined in the ‘Default Group’ group. Currently,
this cannot be changed.
UI Functions
Each page in the MVISION Mobile Console has been standardized to provide
consistent behavior and display capabilities. Once in the Dashboard, Administrators
can navigate to other pages by clicking one of these navigation options:
● The icons on the left
● From the Admin Profile selection by clicking the down arrow on the right
side of the page
Interact with the filters at the top of most of the pages to control the data
displayed. Each page has a similar filter but varies slightly to pertain to that page. By
choosing different filters, the Administrator can change the data shown and easily
find relevant information.
The filters can be changed by clicking the icon described in the table below.
Item Action
Most columns provide a sort mechanism. Clicking the column header on a column where sorting is
or
available displays one of these icons to sort ascending or descending. If the icon does not display,
the column chosen cannot be sorted. Only one column can be sorted at a time.
Click this icon in a column header to filter the content based on this column. Multiple filters can be
enabled per page header.
A column with an active filter is displayed with this icon. Clicking the icon allows the admin to
change the filter.
Column Description
Classification Display Apps that are classified as Legitimate or Malicious.
App Name Display Apps that match the chosen App names.
Package Name Display Apps that match the derived package names.
Version Sort by app version.
Device Count Sort by the number of devices in your environment per app.
Privacy Risk Sort by the Privacy Risk Rating.
Security Risk Sort by the Security Risk Rating.
Updated On Sort by the date/time the apps were updated.
Type Display apps that are iOS, and Android.
Allowed/Denied Display apps that are Allowed, Denied, or None.
This table provides additional information about the Privacy Risk and Security Risk column values.
Low
Medium Available The report is available.
High
iOS application discovery and scanning is handled via both on-device scanning and MDM
integration. Apps are scanned when MVISION Mobile Threat Detection Application is first
activated on the device and each time a new app is installed. In addition, at each MDM
synchronization interval, cloud servers request a list of applications for each iOS device and
perform a scan on the application metadata to verify if there are any malicious apps. MVISION
Mobile Threat Detection Application uses a local signature database and If needed, can reach out
to the cloud for more information so that application files that have not been identified locally can
be identified and classified. If a malicious application is found, MVISION Mobile Threat Detection
Application on that device is alerted and the configured policy action in the Threat Response
Policy/Matrix on the device is applied for a Suspicious iOS Application.
Android application discovery and scanning is handled via on-device scanning, when an app is
downloaded and when an app is installed. MVISION Mobile Threat Detection Application uses a
local signature database and If needed, can reach out to the cloud for more information so that
application files that have not been identified locally can be identified and classified. If an
application is found to be malicious, MVISION Mobile Threat Detection Application on that device
is alerted and the configured policy action in the TRM on the device is applied for a Suspicious
Android Application.
On Android MVISION Mobile Threat Detection Application, when a new app is detected that has
not yet been analyzed, it is uploaded to cloud for further processing when the MVISION Mobile
Threat Detection Application user is connected to a Wi-Fi network. This can be disabled by
deselecting ‘Application Binaries’ in the Policy Settings for a specific group or all groups.
To evaluate apps that have not been detected yet, the
MVISION Mobile Console Administrator can upload apps
to be scanned using the UPLOAD APP button on the upper right corner of the Apps page in
MVISION Mobile Console. Once clicked, you can upload an app directly or provide an iTunes URL
for retrieval.
To export the list of apps in your environment and their associated classifications, click the Export
CSV button, shown above to the right. This export produces a CSV file downloaded via the
browser.
Application Analysis
Each application in a customer’s environment is evaluated in the following ways:
2) Privacy Risk: Rating based on the privacy aspects of the application using a scale from Low –
Medium – High. Identifies aspects of the application that are deemed privacy risks such as the
ability to access the calendar or the microphone as examples.
3) Security Risk: Rating based on secure/coding aspects of the application using a scale from Low –
Medium – High. Identifies aspects of the application that are deemed unsafe such as OWASP
Mobile top 10 issues, SSL Certificate validation, or Vulnerabilities as examples.
Note: An additional z3A license is needed for items (2) and (3) above.
Reports are generated for each application based on their Privacy and Security issues. At this time, the
Privacy rating and the Security rating of an app do not have a bearing on whether the app is malicious or
legitimate. To view these reports, click the three horizontal dots to see the report options:
● Executive PDF Report: A high-level overview of the Privacy and Security issues for the
application selected in PDF format.
● Technical PDF Report: A detailed reason for the Privacy and Security issues listed in the
Executive Report in PDF format.
● JSON Report: The raw data behind the reports in JSON format.
Click the report required for this application and it is downloaded.
The administrator can change the profile to either Trusted or Distrusted. The lifecycle of an unmanaged
profile detected by MVISION Mobile Threat Detection Application is:
If the ‘Send welcome email’ checkbox is checked, then an email is sent to the users telling them that
they now have access to MVISION Mobile Threat Detection Application. You can change this email
message text from ‘Message Templates’ on the Manage page.
Users synchronized via an MDM integration appear in the listing with the ‘End User’ role. Most MDM
integrations support an auto-activation when MVISION Mobile Threat Detection Application starts up.
See the specific MDM Integration guides in the Customer Portal for more information. Also see “MDM
Activation” section in this guide.
The activation link for a user can be distributed to a specific user. The link activates the MVISION Mobile
Threat Detection Application and associates the device to the user. By default, a maximum of ten
activations can be used for a single user. The default expiration for the user activation link is seven days.
MDM Activation
For customers activating devices with an MDM, the Manage page has additions for the MDM settings.
On the MDM tab, there is an activation link provided for managed devices. This activation link is used
along with appending the MDM device identifier. The default expiration of this activation link is one year
from when the activation link was generated. The MVISION Mobile Console page displays the expiration
date and time.
Initially, a partial MDM activation link is provided and has the format:
https://activation.mcafee.com/activation?token=<token>
where <token> is the generated token from the MVISION Mobile Console.
The final MDM activation link needs the MDM device identifier appended and has the format:
where:
• <token> is the generated token from the MVISION Mobile Console.
• <MDM Device Identifier> is the device identifier as known by the MDM system.
Note: You must add the text “&MDM_ID=” preceding the MDM device identifier value.
Note: The BlackBerry Dynamics MDM and Microsoft Intune MDM are not listed because they do not use
activation link enrollment. The BlackBerry UEM %IOSUDIdentifier% value is for iOS only, and for Android
the IMEI needs to be used (BlackBerry UEM does not yet support UDID value for Android).
The administrator sends the concatenated activation link by email, text, or a push notification to users
along with instructions to accept the MVISION Mobile Threat Detection Application app being pushed to
them.
Enable
The MVISION Mobile Console administrator has the option of disabling certain threat detections and
therefore the collection of the associated forensics. Event severities of Elevated or lower can be disabled
by unchecking the radio button in the row of the event to be disabled under the Enable column. This is
effective after TRM deployment to the MVISION Mobile Threat Detection Application clients.
The default for a new tenant has all threats enabled. For newly introduced threats, for instance a new
release with an existing MVISION Mobile Console, the default is a disabled threat. This way an
administrator can add these in when needed.
Severity
The administrator has the option of changing the threat severity levels. This is useful for different
business cases. Options are; Critical, Elevated, Low and Normal.
Threat
The threats listed in the Threat column represent the classes of threats that MVISION Mobile Threat
Detection Application detects. Since MVISION Mobile Threat Detection Application is based on the
behavioral engine, there is no concept of defining what a threat looks like via signature. Instead threat
classes are recognized by MVISION Mobile Threat Detection Application, which is able to determine in
MVISION Mobile Threat Detection Application supports the optional use of variables within the user
alert messages displayed to the user. These variables can be inserted into the user alert text specified on
the Policy page of the MVISION Mobile Console as shown in the table. See “Appendix D - Table of
MVISION Mobile Threat Detection Application Threat Variables” for the list of threat variables.
This example shows a user alert message for a MITM network attack which uses one of these variables:
Action/Protection
The protection actions can be applied on device or via MDM integration if one is configured. On-device
actions include Disable Wi-Fi (Android Only) and VPN (iOS Only). MDM actions allow the MDM to
enforce actions on the device or whatever the MDM administrator has set up. Multiple MDM Protection
items can be used in the TRM depending on the threat severity level and use case.
Android:
Disable Bluetooth: Disable the Bluetooth adaptor and disconnect any current
Bluetooth connections.
Disconnect Wi-Fi: Disable the Wi-Fi adaptor and fall back to cell data (3G/4G) if
enabled. The user can then enable the Wi-Fi adapter when they are safe.
Isolate From Network (KNOX): This disables any network communications
from apps that are malicious but not yet uninstalled. (Requires MVISION
Mobile Threat Detection Application to be a Device Admin app).
Network Sinkhole: If Network Sinkhole Settings are configured in the Manage
page, this option displays here. The action either blocks or allows defined
network ranges/domains based on an IP network/mask and domains configured. Further
information is available in the Network Sinkhole Settings section of this document.
iOS:
Disable Bluetooth: Disable the Bluetooth adaptor and disconnect any current Bluetooth
connections.
Enable VPN: If VPN Settings have been configured in the Manage page, this option displays here.
Choose this option to bring up the defined VPN in response to a threat.
Network Sinkhole: If Network Sinkhole Settings are configured in the Manage page, this option
displays here. The action either blocks or allows defined network ranges/domains based on an IP
network/mask and domains configured. Further information is available in the Network Sinkhole
Settings section of this document.
(Optional) Disconnect Wi-Fi: A Disconnect Wi-Fi option for iOS is displayed if there is an AirWatch
integration functioning. AirWatch is the only solution that supports the ‘Disconnect Wi-Fi’ option at
this time. When selected, a Wi-Fi profile is pushed down to the device through the MDM that
effectively disconnects from the currently connected SSID. The Wi-Fi on the device then falls over to
the next available SSID or cell data (3G/4G) if no SSIDs are available.
Mitigation Action
When a threat that was detected by McAfee MVISION MTD has been
remediated, and is no longer posing a threat to the device, the administrator
can define specific actions that can be taken on the customer’s MDM.
The Mitigation Action column can be used for this function. To remove the action that was performed as
a response to a threat that is now mitigated, choose ‘Remove’. This action removes the device from the
group it was assigned to when the threat was detected. The Administrator can also move the device to
another group available on the MDM.
Due to the nature of some threats, not all threat classifications can be mitigated. The table provides
possible mitigation actions for a threat.
Notifications
The currently logged in administrator can set up an email or SMS notification process for each specific
threat. SMS notifications require the administrator telephone information to be set up in the User page
of a given Administrator. Each email/SMS contains an Event summary and a link to the actual event that
can be viewed in a browser after logon.
General Settings
The General tab provides basic information about the environment and an alternate location for
changing the language selected for the MVISION Mobile Console. It also provides the option to change
the password of the currently logged in administrator.
Site Insight:
When the option to ‘Enable the Site Insight feature in MVISION Mobile Threat Detection
Application’ is selected, the Android MVISION Mobile Threat Detection Application app
intercepts URL requests from non-browser apps to validate they are not malicious. If a malicious
URL is found, the user is alerted, and proper actions are taken according to the settings in the
Threat Response Policy/Matrix.
Password Policy:
Define the password requirements for MVISION Mobile Console
users.
The following forensics data templates are included: High, Medium, Low, and GDPR. A fourth option,
Custom, allows the administrator to completely control what data gets collected. Select which Group
the privacy settings apply to and then select the template: High, Medium, Low, or GDPR.
To change the Custom template, select Custom as the template and then click Settings to manage the
configuration.
When a new setting is selected, click Deploy to ensure that the update reaches the MVISION Mobile
Threat Detection Application. To verify that the settings have been downloaded, Users can navigate to
the Advanced Details page from any page in MVISION Mobile Threat Detection Application by tapping
the menu option list, located in the top right corner, and then pressing the About MVISION Mobile
Threat Detection Application option for 1–2 seconds. Information is collected for the following time
frames:
At Login: Forensics reported when the user starts MVISION Mobile Threat Detection
Application.
Threat: Forensics reported when a threat is detected.
Periodic: Forensics reported each time MVISION Mobile Threat Detection Application checks in
to the MVISION Mobile Console. This also includes events that are reported when the Wi-Fi is
toggled OFF/ON on an Android device and when the screen is locked and then unlocked on an
iOS device.
Item Login Threat Periodic High Medium Low GDPR iOS Android
Location: Street Y Y Y Y N N N Y Y
Location: City Y Y Y N Y N N Y Y
Location:
Y Y Y N N Y N Y Y
Country
Application
Y n/a Y Y Y N N N Y
Binaries
Network Y Y Y Y Y Y Y Y Y
Application
Y Y Y Y N N N N Y
Forensics
Carrier
Y n/a n/a Y Y Y Y Y Y
Information
Running
N n/a n/a Y Y Y Y N Y
Processes
Attackers
N Y N Y Y Y Y Y Y
Network
MDM Settings
The MVISION Mobile Console environment can synchronize with multiple MDM instances. Each MDM
vendor is unique and requires slightly different parameters for integration, which are detailed in the
vendor-specific MDM Configuration Guides located in the Customer Support Portal. Only AirWatch,
Microsoft Intune, MobileIron, and UEM Dynamics are currently supported for the new multiple MDM
functionality.
Click the Add MDM button and choose the MDM to use:
Follow the instructions to complete the MDM integration in the specific vendor-related MDM guide in
the Customer Support Portal. In general, after the MDM has been selected and the basic parameters
have been provided, the next screen allows the administrator to select which groups to use for
synchronization.
To select a group for synchronization, click the green plus sign in the left column next to the group to be
used. This moves that group to the ‘Selected MVISION Mobile Console Groups’. It can be removed by
clicking the red minus sign. Then, if more than one group has been selected, set the order of priority by
dragging and dropping groups from highest to lowest priority. In the screenshot shown below, the
groups ‘BB Protected Integrated’ and ‘BB Protected MVISION Mobile Threat Detection Application’ are
used for synchronizing users/devices. If a user is in more than one of these groups, the user is associated
with the top-most group (where they are a member) for the policy and privacy settings in MVISION
Mobile Console.
If the option to remove an MDM configuration is selected, a pop-up message appears to ensure the
administrator knows when an MDM is removed, all devices and users are removed as well. They can
choose to continue or cancel the action.
To change the groups used for synchronization or other parameters, you can click Edit for that MDM
integration. Also, to perform a manual synchronization, click Sync Now for the specific MDM
integration.
When you add or edit an MDM several options are provided. For instance, the URL of the MDM
provider, username, and password are required. In addition, you can set the email values described in
this table.
Option Description
By enabling this option, MVISION Mobile Console sends an
Send Device Activation Email for iOS
activation email to a user for each iOS device that is synced
Devices
from the MDM.
By enabling this option, MVISION Mobile Console sends an
Send Device Activation Email for
activation email to a user for each Android device that is synced
Android Devices
from the MDM.
These email options support sending activation links for the MVISION Mobile Threat Detection
Application app. If you did not enable these email options when the MDM was created, and later enable
these options during an edit, the email is sent for all synchronized devices (matching the iOS and
Android selections). At the device level, an invitation email can also be requested again.
In addition, an administrator can change the activation email text to customize this message.
When multiple MDM integrations are configured, MVISION Mobile Console groups take on the form of
the MDM Name ‘-’ and then the group name from the MDM. The MDM name is configurable when the
MDM integration is set up. Using the default MDM Names, the figure shows sample groups.
Each MVISION Mobile Console Group has its own Privacy policy and can be changed by selecting the
group in the ‘Selected MVISION Mobile Console Group’ input box.
Choose the option for your use case and add the affected networks using the network and mask entries.
More detail can be retrieved for MDM Sync Event information by clicking the More button for the
appropriate synchronization. Each time an MDM synchronization occurs, MVISION Mobile Console
records statistics for the event and if there was an issue with the event, what the issue was. The
screenshot on the left shows a successful MDM synchronization event and the screenshot on the right
shows a typical failure. This information can be used to determine the root cause the MDM
synchronization failure.
Role Definitions
The default Role definitions are listed below and can be changed by a System Admin by navigating to the
Manage page and clicking the Roles tab. Once there, select the Role to edit and a new window displays
with options for that Role. Note the following rules:
Roles are effective at user login. If a change is made that affects a user's role and the user is
logged into MVISION Mobile Console at the time of the change, then the user needs to log out
and log back in for the new role information to be effective.
Find the Role to be changed and click the pencil icon to the right for that Role. Deselect or check items in
the View and Edit columns and then click Save. Some of the role settings are shown in the following
figures:
MVISION Mobile
Threat Detection Yes Yes Yes Yes Yes Yes Yes
Application
Dashboard View/Edit View only View/Edit View/Edit View Only View only None
Threat Log View/Edit View only View/Edit View/Edit View Only View only None
Apps View/Edit View only View/Edit View only View Only None None
Devices View/Edit View only View/Edit View only View Only View only None
Profiles View/Edit View only View/Edit View only View Only View only None
Users View/Edit View only View/Edit View only View Only View only None
Policy View/Edit View only View/Edit View only View Only None None
OS Risk View/Edit View only View/Edit View only View Only View only None
Manage View/Edit View only View only None View Only None None
Info View/Edit View only View only None View Only None None
Privacy Settings View/Edit None None None View Only None None
MDM Settings View/Edit View/Edit View only None View Only None None
VPN Settings View/Edit None View/Edit None View Only None None
Audit Log View/Edit View only View only None View Only None None
Threat Notification
Change Password Confirm
CSV Export
Pending Activation
Inactive Device
Forgot Password
Invite User
MDM Device Activation Link
Welcome After Invite
To view or change a template, click the pencil icon to the right of the template and an editor appears
with the current template content. Content in the messages can contain system variables that are
replaced with the user-specific information when sent to the user. Images can also be dragged into the
message to as needed.
An HTML edit option is available by clicking the </> symbol. This action displays the current message as
HTML and links to images and other items that can be added along with other HTML content.
BlackBerry
AirWatch BlackBerry Microsoft
Control Citrix MobileIron
VMware UEM Intune
Server
NA (use
MVISION
Deploy iOS Mobile Threat
Y Y(1) Y Y Y
app with plist Detection
Application for
BlackBerry)
iOS Wi-Fi
Disconnect Y N N N N N
Profile
Support Ad
Hoc MDM Y Y Y N Y Y
Sync
MDM Action
Fixed (Lock
(Fixed or Fixed (lock or
Fixed (lock or or remove Send device risk
configurable Configurable wipe Configurable
wipe device) managed posture to Intune
by assigning containers)
apps)
to group)
Retrieve
managed
Y N N N N Y
profiles from
iOS
Retrieve
unmanaged
N N N N N Y
profiles from
iOS
Mitigation
Y N N N Y Y
Actions
Notes:
(1) BES 12.6 is required to push app configuration information to iOS MVISION Mobile Threat Detection
Application
Google Android for Work provides an environment to separate your business app data from your
personal app data. Applications in the Work profile of Android for Work run in a separate protected
workspace vs the personal side of the device. For example, the Android for Work ‘Contacts’ app has
different contacts than the personal ‘Contacts’ app. Applications running in the work profile can only see
other applications and processes in the work profile.
When implementing MVISION Mobile Threat Detection Application on a device with Android for Work,
there are three supported configurations:
1) Running MVISION Mobile Threat Detection Application in the Work profile of the device.
a. Monitor apps installed in the Work profile.
b. Monitor Network behavior on the device.
c. Monitor abnormal behavior on the device.
2) Running MVISION Mobile Threat Detection Application in the Personal profile of the device.
a. Monitor apps installed in the Personal profile.
b. Monitor Network behavior on the device.
c. Monitor abnormal behavior on the device.
3) Running MVISION Mobile Threat Detection Application in the Work profile and MVISION Mobile Threat
Detection Application in the Personal profile. This provides the best protection.
a. Monitor apps installed in both the Personal and Work profile.
b. Monitor Network behavior on the device.
c. Monitor abnormal behavior on the device.
MVISION Mobile Threat Detection Application has been specifically designed to work best using option
(3) above.
MVISION Mobile Console supports the optional use of variables within the user alert messages displayed
to the user. These variables can be inserted into the user alert text specified on the Policy page. This
figure shows the user message configuration screen.
Variable Definition
The name of the Wi-Fi network the device was connected to during the
[wifi_ssid]
detected attack.
[date] Date of the attack.
[ip] IP address of DNS, gateway, or network proxy.
[app_name] Name of detected malicious application.
[host_app_name] The host app name.
[profile_name] The profile name.
[os_version] The operating system version.
[blocked_domain] The blocked domain name.
The following is an example of a user alert message for a MITM network attack that uses one of these
variables: