Symantec Endpoint Protection Mobile - Admin Guide v3.2.1 May 2018

Similar documents
Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

VeriSign Managed PKI for SSL and Symantec Protection Center Integration Guide

Partner Information. Integration Overview. Remote Access Integration Architecture

Symantec Validation and ID Protection. VIP Credential Development Kit Release Notes. Version May 2017

Symantec Validation and ID Protection. VIP Credential Development Kit Release Notes. Version January 2017

Symantec Cloud Workload Protection on AWS Marketplace. Buyer's Guide for Getting Started

Symantec Control Compliance Suite Express Security Content Update for Microsoft Windows Server 2008 R2 (CIS Benchmark 2.1.

Partner Management Console Administrator's Guide

Partner Information. Integration Overview Authentication Methods Supported

Veritas Desktop and Laptop Option Mobile Application Getting Started Guide

Symantec Ghost Solution Suite Web Console - Getting Started Guide

Symantec Control Compliance Suite Express Security Content Update for JBoss Enterprise Application Platform 6.3. Release Notes

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Deploying Lookout with IBM MaaS360

PGP NetShare FlexResponse Plug-In for Data Loss Prevention

Securing Your Environment with Dell Client Manager and Symantec Endpoint Protection

Symantec Enterprise Vault

Symantec Patch Management Solution for Windows 8.5 powered by Altiris technology User Guide

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Symantec Protection Center Getting Started Guide. Version 2.0

1 Introduction Requirements Architecture Feature List... 4

Symantec Validation & ID Protection Service. Integration Guide for Microsoft Outlook Web App

Lookout Mobile Endpoint Security. Deploying Lookout with BlackBerry Unified Endpoint Management

Enterprise Vault Versions of FSA Agent and Enterprise Vault Reporting or later

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

McAfee MVISION Mobile epo Extension Product Guide

Lookout Mobile Endpoint Security. AirWatch Connector Guide

Symantec Workflow Solution 7.1 MP1 Installation and Configuration Guide

Lookout Mobile Endpoint Security Console Administrator s Guide

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

Veritas Desktop and Laptop Option 9.1 Qualification Details with Cloud Service Providers (Microsoft Azure and Amazon Web Services)

Patch Assessment Content Update Getting Started Guide for CCS 11.1.x and CCS 11.5.x

Symantec Managed PKI. Integration Guide for ActiveSync

Symantec Workflow 7.1 MP1 Release Notes

Patch Assessment Content Update Getting Started Guide for CCS 12.0

Message Manager Administrator Guide

Symantec Mail Security for Microsoft Exchange 7.9 Getting Started Guide

Veritas SaaS Backup for Office 365

Enterprise Vault.cloud Archive Migrator Guide. Archive Migrator versions 1.2 and 1.3


PGP Viewer for ios. Administrator s Guide 1.0

Enterprise Vault Requesting and Applying an SSL Certificate and later

Creating New MACHINEGUID and Disk UUID Using the PGPWdeUpdateMachineUUID.exe Utility

Altiris Software Management Solution 7.1 from Symantec User Guide

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

Symantec Enterprise Vault

Altiris Symantec Endpoint Protection Integration Component 7.1 SP1 Release Notes

Symantec ServiceDesk 7.1 SP1 Implementation Guide




VMware AirWatch Integration with Palo Alto Networks WildFire Integrate your application reputation service with AirWatch

Symantec Enterprise Security Manager Modules for Microsoft SQL Server Databases Release Notes. Release 2.1 for Symantec ESM 6.0, 6.1, and 6.5.

Enterprise Vault Migrating Data Using the Microsoft Azure Blob Storage Migrator or later

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

Veritas NetBackup OpsCenter Reporting Guide. Release 8.0

Veritas SaaS Backup for Salesforce

WHITEPAPER. Lookout Mobile Endpoint Security for App Risks

Enterprise Security Solutions by Quick Heal. Seqrite.

Veritas Enterprise Vault Guide for Mac OS X Users 12.2

VMware AirWatch Integration with Palo Alto Networks WildFire Integrate your application reputation service with AirWatch

Symantec Enterprise Security Manager JRE Vulnerability Fix Update Guide

Veritas System Recovery 18 Management Solution Administrator's Guide

3CX Mobile Device Manager

NetBackup Self Service Release Notes

Symantec PGP Viewer for ios

Message Manager Administrator Guide for ZA

Enterprise Vault.cloud Journaling Guide

Veritas Access Enterprise Vault Solutions Guide

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

PGP Viewer for ios. User s Guide 1.0

Veritas System Recovery 16 Management Solution Administrator's Guide

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. AIX 5.3 and 6.1

User Guide. We protect more people from more online threats than anyone in the world.

One Identity Starling Two-Factor Authentication. Administration Guide

Compliance Manager ZENworks Mobile Management 2.7.x August 2013

KACE GO Mobile App 3.1. Release Notes

Veritas ediscovery Platform

Symantec ediscovery Platform

One Identity Starling Two-Factor Authentication. Administrator Guide

Sophos Mobile. startup guide. Product Version: 8.1

KACE GO Mobile App 5.0. Release Notes

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Veritas Backup Exec Quick Installation Guide

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

1 Introduction Requirements Architecture Feature List... 3

McAfee MVISION Mobile Threat Detection Android App Product Guide

Symantec Enterprise Vault

Veritas Enterprise Vault Setting up SharePoint Server Archiving 12.2

Symantec System Recovery 2013 R2 Management Solution Administrator's Guide

KACE GO Mobile App 4.0. Release Notes

IM: Symantec Security Information Manager Patch 4 Resolved Issues

Sophos Mobile Control startup guide. Product version: 7

Comodo Dome Shield - Admin Guide

Veritas NetBackup Appliance Security Guide

Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control 12.1.

NetBackup Copilot for Oracle Configuration Guide. Release 2.7.1

Blue Coat Security First Steps Solution for Controlling HTTPS

Symantec Enterprise Vault Technical Note

Symantec Information Centric Analytics Symantec ICT Integration Guide. Version 6.5

Transcription:

Symantec Endpoint Protection Mobile - Admin Guide v3.2.1 May 2018

Symantec Endpoint Protection Mobile - Admin Guide Documentation version: 3.0 This document was last updated on: August 21, 2017 Legal Notice Copyright 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Symantec as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Page 2

Contents ABOUT THIS GUIDE... 4 HOW IT WORKS?... 5 SEP MOBILE MANAGEMENT CONSOLE... 7 DASHBOARD... 7 USERS & DEVICES... 9 INSTALLATION HEATH... 10 INCIDENTS... 12 NETWORK THREATS... 13 VULNERABILITIES... 14 APPS... 15 SETTINGS... 16 App Permissions... 17 SECURITY... 19 Mobile Security Compliance policy... 19 Protection Actions... 20 Protection Resources... 21 Apps... 21 Network Threats... 22 SIEM Integration... 23 COMMUNICATION... 24 End Users Notifications... 24 Admin Notifications... 24 Email Design... 24 Once completed, the following indication will appear in the UI:... 24 ios Updates... 25 DEVICE MANAGEMENT INTEGRATIONS... 27 EMM Integration Selection... 27 Basic Setup... 27 Full Integration... 28 SEP MOBILE APP... 29 Verification code... 29 Noninteractive Mode... 30 Custom Information Page... 30 MANAGEMENT CONSOLE ACCESS... 31 Administrator Management... 31 Login Options... 31 TELL ME MORE... 32 TECHNICAL SUPPORT... 32 DATA COLLECTION... 33 Page 3

About this Guide This guide is intended for everyone who holds a direct or indirect SEP Mobile administrative role. It summarizes the overall process for configuring and managing SEP Mobile to optimize the security and protection of mobile devices and connected resources, while delivering actionable mobile intelligence information to security & risk assessment teams. Page 4

How it Works? The SEP Mobile solution is composed of multiple components, including cloud elements and the SEP Mobile lightweight client app running on mobile devices, that work together to detect & stop mobile threats and attacks. The SEP Mobile app can be installed from the public stores, or may be pushed to devices using existing MDM capabilities. Once a threat is detected, SEP Mobile will automatically take all available actions to maintain a seamless user experience while mitigating the attack. For example, SEP Mobile will automatically activate a secure connection if the device connects to a network which may expose, steal, or manipulate private data. In cases where manual actions are required, such as uninstalling a malicious app, the SEP Mobile solution flags the risky device as noncompliant, allowing the MDM/EMM solution or Exchange service to restrict access to corporate resources until the threat is resolved. Page 5

The SEP Mobile solution also includes an Alert & Notification engine which pushes notifications and warning emails to Administrators and End-users based on configurable rules. Page 6

SEP Mobile Management Console The SEP Mobile Management Console is the primary interface for administrators and security professionals, providing both a broad and detailed view into the organization s mobile devices and overall risk profile, and also an easy-to-use interface which allow admins to perform configuration updates. Dashboard The Dashboard section provides a summary of key information, and various measures and trends of the state of mobile device security and deployment. Navigation Menu Organizes function groups into easy-to-navigate sections. User Settings & Reports Provides users access to options such as password update, direct links to other SEP Mobile systems, release notes, the State of Mobile Security report, and the Organizational Score. This score encapsulates many aspects of using a Mobile Threat Defense solution into a measurable status that tells you how well your organization is protected against mobile security threats. In addition, this section provides the Recommended Actions PDF Report. This report summarizes SEP Mobile s recommended actions for improving the state of mobile security in the organization. Page 7

Risk & Compliance - Displays a summary of risk across the organization s devices while highlighting the main areas which may require attention. General details - Provides a summary of the multiple protective tests performed by the SEP Mobile solution. Recent Incidents - Displays the most recent security incidents affecting the monitored devices. Threat Vectors - Provides a general view of the different threats found in the organization s devices, organized by threat vector Network Threats, Vulnerabilities and Malware. Deployment - Provides a general view into the number of devices currently enrolled and using the SEP Mobile solution and highlights the top device health issues. Page 8

Users & Devices The Users & Devices section provides a view into each and all mobile devices and users enrolled in the SEP Mobile solution. Devices - Displays the overall list of devices, or devices grouped per user. Users - Displays the overall list of users and details of their associated devices. Search & Export - Allows an easy way to search for devices and/or users The cog context menu ( ) in this section allows exporting to CSV the list of devices & users, and in environments where SEP Mobile is not integrated with any MDM/EMM, it also allows the admin to add new users. Device Information - General information about the selected device The cog context menu ( ) in this section allows additional actions such as deleting a device or user. Device Logs Information from event logs for the selected device. Page 9

Installation Heath The Installation Health section provides different views while grouping the enrolled devices based on their MDM and activation statuses. MDM Displays devices based on their MDM/EMM statuses Note that this option is not available in standalone environments not integrated with MDM/EMM. Pre-Activation - Displays devices which are registered in the SEP Mobile system, but have not finished the activation process (E.g. Users who did not install or who did install but did not open, the SEP Mobile app). Post-Activation - Displays activated devices that currently have some SEP Mobile and/or MDM health issue. Inactive Devices That have used SEP Mobile at some point and became inactive over time. For example, a user gets a new device, or if the device is retired from the MDM. Page 10

Page 11

Incidents The Incidents section provides detailed information about security incidents detected by the SEP Mobile Solution. Note: The cog context menu ( ) in this section allows admins to whitelist a specific hotspot on incidents that are classified as Suspicious hotspot. Advanced Search - Enables the admin to filter incidents based on their statuses (Open, Closed), threat vector (Network Threats, Vulnerabilities and Malware), severity (High, Medium and Low), etc. Incident Details - Displays detailed information about a selected security incident. Important Note: Please refer to the SEP Mobile Security Incidents Reference Guide to see additional details regarding specific action items for each incident type and severity. Page 12

Network Threats The Network Threats section provides detailed information about networks that the SEP Mobile solution detected threats on (e.g. Secure traffic decryption, Content Manipulation). Affected Devices - Displays the affected devices for each network selected Network Threat Details - Displays detailed information about each selected network and an explanation about each detection on mouse-over of the incident Map - Displays an overall view based on the network incidents geographical locations Page 13

Vulnerabilities The Vulnerabilities section provides detailed information about mobile device configuration and operating system vulnerabilities detected by the SEP Mobile solution. OS Displays a list of the operating system vulnerabilities detected by SEP Mobile in the organization and displays the risk score of each. Vulnerability Details - Displays detailed information about the selected vulnerability, including the relevant CVE reference. Configuration - Displays a list of the configuration vulnerabilities detected by SEP Mobile in the organization. Page 14

Apps The Apps section provides a list and detailed information about malicious applications that were detected by the SEP Mobile solution. On Demand Analysis Enables you with the option to submit apps for analysis by uploading their installation files (ios and Android), or by providing a link to the official app store (Android only at the moment). Each app will then be analyzed by all of SEP Mobile's engines: malware analysis, behavioral analysis, crowd wisdom, and developer reputation. Advanced Search Enables the admin to filter Malware incidents based on their status (Currently installed, Removed), platform (Android, ios), etc. Malware Details - Displays detailed information about each malicious application selected from the list. Note: The cog context menu ( ) in the Malware section allows admins to whitelist a specific application or to whitelist all applications from a specific developer. The cog context menu ( ) in the On Demand Analysis section allows admins to view the full details of the app and export the analysis report of the selected app. Page 15

Settings The Settings section provides a single location where the SEP Mobile configuration updates can be performed. When navigating to the Settings section the general Environment Settings will be displayed by default. Name - Displays the environment name within the SEP Mobile solution. Self-enroll Domain(s) - Displays the list of domains that are used to automatically route to your environment by the email address users enter while activating the SEP Mobile app. Android APK URL - Displays a direct link to download the SEP Mobile app for Android devices (only for cases where users do not have access to Google Play Store). Page 16

Privacy Controls The Privacy Controls section provides admins the ability to show or not show SSIDs, BSSIDs and IPs of networks with detected network threats as well as the location. It is also where admins can choose to show all apps installed on all devices. App Permissions Different permissions are requested during the SEP Mobile app installation process in order to allow the app to run optimally. While those items can be configured as described below, we recommend keeping the default settings: Location (ios Only) The SEP Mobile app uses the device location for providing improved protection against network threats. While allowing SEP Mobile to use the device location is not mandatory, it is highly recommended. It is important to note that SEP Mobile only uses the device location when a network threat is detected by the app. At other times, the device location is not tracked. Device Admin (Android Only) This setting allows the SEP Mobile app to keep running in the background even if the end user decides to close the application. Samsung KNOX (Android Only) This setting ensures continuous operation of SEP Mobile app on several Samsung devices. VPN Protection Modules - This option will allow Administrators to silently enable all the permissions necessary for the advanced protection options SEP Mobile has to offer. for example, enforcement of noncompliant devices is planned to be turned on one month after initial roll-out. Page 17

Support Contact Options The Support Contact Options menu provides you with the option to customize the support contact options administrators see the SEP Mobile environment. This information is used any time there is a reference to support in the Management Console. ADMINISTRATORS SUPPORT CONTACT OPTIONS - you may use the editor to configure the support information available to administrators, or use SEP Mobile s defaults. END-USERS SUPPORT EMAIL - Provides your end users with a dedicated support email address. Page 18

Security The security menu provides relevant information about the current Mobile Security Compliance Policy, Malware Engine, Network Threats configuration, and SIEM Integration. Mobile Security Compliance policy - Provides admins the ability to configure the compliance policy on your organization. Before a new policy is applied an admin can simulate how the change will affect the compliance of the organization's devices and generate a detailed report for this simulation. Page 19

Protection Actions Provides you with a centralized place to manage all actions that can be taken in order to protect your sensitive corporate resources from mobile security threats. COMPLIANCE POLICY ENFORCEMENT Once the integration between SEP Mobile and another Enterprise solution is complete you can control whether enforcement, via SEP Mobile compliant / noncompliant statuses, will actually take place. MALWARE INSTALLATION BLOCK Allows you to automatically block the installation of Malware in Android devices. This blocking mechanism is defined based on the Malware severity. AUTOMATIC VPN PROTECTION WITH SEP MOBILE SEP Mobile uses various techniques to automatically protect the device and sensitive data when a network threat is detected. Tunneling the traffic through SEP Mobile s secured VPN allows the end-user to continue using the device seamlessly, even when a suspicious activity is detected. When the Secured Connection Protection is ON the SEP Mobile solution automatically lunches its VPN (or customer VPN) when a network threat is detected. When the Selective Resources Protection is ON SEP Mobile blocks access to selected corporate resources when a network threat is detected and SEP Mobile's Secured VPN Connection cannot be used In order to take advantage of this feature please navigate to the Protection Resources tab. Corporate WiFi Security is ON This will prevent connection either if the device attempts to connect automatically or if the user attempts to connect to the suspicious corporate WiFi hotspot (despite it being identified as such by SEP Mobile before the connection is actually made). Malicious Profiles Protection is ON This will protect devices when malicious profiles attempt to tunnel traffic through a VPN. Page 20

Protection Resources The Selective Resources Protection (SRP) settings allows grouping of different resources under the service name that they belong to. We ve also added office 365, Salesforce, and Box as preconfigured services. In addition, we have added the ability to add custom services. Apps Displays the Malware detection engines currently enabled in the environment, Unwanted Apps Policy, and whitelisted applications (see Malware section above). Note: If you wish to change any of those settings please contact sepmobile_support@symantec.com. Page 21

Network Threats Provides details and configuration options related to Network Threat detections such as Secured Connection Protection (VPN), Targeted Secured Resources and Network Whitelist. The Targeted Secured Resources allows the admin to enter specific organization domains on which the SEP Mobile solution should perform a subset of network tests e.g., The organization webmail domain (mail.company.com) The Corporate Wi Fi Security allows SEP Mobile to alert when a hotspot using one of the corporate WiFi names (SSIDs) is detected to have different properties than expected. You can now control those properties by entering some profiling information about the corporate WiFi network used in your organization. The Network Certificates Whitelist displays the list of networks on which SEP Mobile will not issue security warnings. Page 22

SIEM Integration SEP Mobile provides customer the option to integrate with existing Security Information and Event Management (SIEM) solutions for logging of mobile device security incidents. SIEM Settings Details which allows SEP Mobile to connect and push the SEP Mobile incidents to the customer s SIEM solution Sample File buttons Allows the customer to download sample files containing events for integration tests For further instructions regarding SIEM Integration, please visit the relevant documentation here. Page 23

Communication The communication settings allow the admin to configure the SEP Mobile Alerts & Notification engine to notify the end-users and administrators, via Push Notification and/or Email, based on conditions and rules. End Users Notifications - Define rules for sending end-users automatic alerts and notifications: Select the Incident Type e.g., any security incident is detected includes all type of incidents (Malware, Network Threat, Configuration) or device becomes noncompliant or unhealthy Select the Severity which will trigger the notification Select a notification note that in the future this item will include enforcement related options Use the button add or remove additional notifications for the defined conditions Define the Frequency on which the notification will be sent Define the Type of Notification to be sent may vary depending on the incident type (e.g. Push Notification and/or Email message) Admin Notifications - Define rules for sending Administrators automatic email notifications: Select the Incident Type e.g., a security incident is detected includes all type of incidents (Malware, Network Threat, Configuration ) Select the Severity which will trigger the notification Select a notification Define the Frequency on which the notification will be sent Define who should receive the notification message e.g., Administrators groups or specific individual administrators Email Design - Email Design to allow you to control the design and content of emails sent by SEP Mobile to endusers and administrators in your organization. Customization options include: Email address from which emails are sent and the reply-to email address When customizing the sender email address for notifications generated by SEP Mobile (a practice that is highly recommended in order to increase adoption rates by employees in the organization), a manual step is required from the administrator to complete authentication with SEP Mobile's email service provider. We've added an indication for the authentication status in the UI so that it is clear when the process hasn't been completed successfully. Once completed, the following indication will appear in the UI: Page 24

Overall design of the email message, including styles, logo, headers, custom subject for end-user email alerts etc. Free text to personalize system messages and ensure they best fit your company and needs Free text to add support contact information, knowledge-base references, etc. The only piece that cannot be changed is the core message automatically generated by SEP Mobile depending on the specific email alert, identified by the HTML placeholder ## Core email message ##. Also, if you select to change the email address from which emails are sent it is required to first verify the new email and domain. This is done via an automatic message SEP Mobile generates to that new email address. ios Updates - By default, SEP Mobile automatically notifies users when a new ios release is available. In the ios updates option you can change the default behavior and define under which specific release the users will be notified to update. In addition, you can define custom OS update alert rules for different ios device models. Page 25

Page 26

Device Management Integrations Under this section the admin can set up the SEP Mobile integration with different supported MDM/EMM solutions. EMM Integration Selection Allows the admin to select the MDM/EMM solution to be integrated with SEP Mobile. In addition, this section contains links to the relevant MDM setup guides. Note that once the selection is saved and devices enrolled, it cannot be changed from the SEP Mobile Management Console Should updates be required please contact sepmobile_support@symantec.com. Basic Setup This section allows the admin to perform the initial integration between SEP Mobile and the selected MDM/EMM solution - Note that there are steps to be performed on the MDM/EMM side before the credentials are entered in the SEP Mobile Management Console. Please follow the instructions found in the Full Setup Guide link at the top of the Basic Setup section: Page 27

Full Integration This option allows the admin to setup the relevant Complaint / Noncompliant groups which will be used in the MDM/EMM for automated actions. Note that the options under this section varies depending on the MDM/EMM in use (e.g. SEP Mobile User Invitation feature which is currently only available when integrated with AirWatch and MobileIron). Page 28

SEP Mobile App The SEP Mobile App options allows the admin to adjust the settings for the SEP Mobile app installed on the end-user mobile devices. The settings include activation process, permissions and other key settings. Verification code The SEP Mobile app includes a verification step to ensure the user s authenticity. The verification process includes a verification code which should be entered by the user into the SEP Mobile app once it is opened for the first time The verification code can be sent to the end-user via different channels as described below: Email Verification code sent via email (default option) SMS Verification code sent via SMS Organization Code Generates a single verification token/code which should be shared by the admin with the end users installing SEP Mobile. For security reasons, if this option is selected the code needs to be regenerated every 30 days. Note that an activation code is not required when auto-login capabilities are leveraged via MDM/EMM app configuration for ios and Android. Page 29

Noninteractive Mode This option allows admins to set the SEP Mobile app into a Noninteractive mode in which no alerts will be visible to the end users from the app itself. Note that SEP Mobile security modules will still be fully operational and all the relevant security data will be available in the SEP Mobile Management Console. Custom Information Page This option provides you with the ability to customize the branded information page for the end users within the SEP Mobile app, the customizations include changing the logo and text users will be displayed within the information page in the SEP Mobile app. Page 30

Management Console Access This section allows the admin to control access to the SEP Mobile Management Console by managing administrators and login options. Administrator Management This option allows the admin to create and update SEP Mobile Management Console administrators. Login Options This option allows admins to define a 3 rd party as the identity provider in order to authenticate administrators into the SEP Mobile Management Console via SAML 2.0 single sign-on. While you still need to add the admins you wish to have access to the environments through the management console, their passwords will not be managed by SEP Mobile any longer but by the defined identify provider. Page 31

Tell me more Please let us know how we can further assist. Technical Support In case you have further questions, or if you need technical assistance, please contact SEP Mobile Enterprise Support via one of the available channels. Note that SEP Mobile 24x7 phone support option is available to Administrators and Helpdesk teams only and is not for direct end-user contact. Page 32

Data Collection Your use of SEP Mobile is dependent on collecting some personal data. Symantec does not analyze or save any traffic generated by devices, except for that generated by the SEP Mobile App. Such information may include, but is not restricted to: User email addresses; User list of active devices; Device properties such as OS version, model, whether it is rooted; Installed applications; Security incidents to which each device was exposed; Data about networks the device connected to and the times that happened; and If approved by the user and the organization admin, locations where incidents happen. A subset of this information is also available to the organization admin via the Management Console. The admin has access to information related to security incidents. Additionally, when you register to our services, you may be asked to provide us with personal contact information, such as name, company name, address, phone number, and email. You may also be required to choose a user name and password. If you acquire paid services, you may also provide additional payment and transactions related personal data. This collected data will be attributed to you in person only to the extent necessary to provide you or to the organization s administrator with our services. Transmitted Data In addition to the data saved by Symantec, in some scenarios additional user information is transmitted from the user s device to the Symantec servers. This information, listed below, is not stored on the Symantec servers and is only included in network traffic between the device and the server: In cases where the user is connected to a potentially malicious Wi Fi network that might compromise the data sent from the device, all traffic originating from the device (from any application) is routed through Symantec s VPN servers in order to restore a secure communication. This data is not stored or analyzed in any way by Symantec, and the organization s admin doesn t have access to the transmitted data. The Suspicious Networks Near You screen displays a map of suspicious networks near the user s current location and uses location information to fetch this data. For this purpose, the user s current location is sent to the Symantec server, which in turn returns the list of networks. The device s geographic location will also be used to proactively protect devices by assessing the risk level associated with the device location. Purposes of Data Processing Symantec may use personally data for the following purposes: To set up, administer and operate the services for organizations subscribed to the services with respect to mobile devices that are used by their employees and service providers; To send updates and notices and provide information related to our services; to improve the Page 33

administration and quality of experience of our website, products, and services; and to respond to inquiries and requests; To enforce the Terms of Service; to collect fees and debts; and to prevent fraud, misappropriation, infringements, identity theft, and any misuse of our services; To comply with applicable law and assist law enforcement agencies as required, including to prevent imminent physical harm or damage to property; To take any action in any case of dispute or legal proceeding between users and Symantec, or between you and other users or third parties with respect to, or in relation with our services. Symantec enables organizations to manage and secure employee devices from a single administrator account. The detailed Privacy Data Collection can be found at https://www.symantec.com/privacy. Page 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback