3CX DLL-Sideloading attack: What you need to know
Hello everyone ! Basically, I'd like to know if there is a way to prevent a user from unenrolling from Corporate Manamgent in Interceptx for Mobile
Here's the big picture : I'm using it in an Android Enterprise policy, deployed in my environment through a task bundle. The device enrollment method is the Managed Google Play Account Scenario (using afw#sophos) . Right now, I've already set a restriction to uninstall apps in my Android Enterprise device policy in place, and also one to unenroll from SMC in the general settings. Yet, I can't find a way to prevent user from being able to unenroll from Interceptx, either in the mobile defense policy or anywhere else.
Does anyone know a way to do so ?
Thanks for your help. Malek
Thanks for reaching out to the Sophos Community Forum.
I was able to get this to work as expected by selecting the following option from Sophos Mobile under "Setup > General > SMC app"
I enrolled the Intercept X app with Sophos Mobile by applying a Mobile Threat Defense policy to the mobile device in question after it was managed in the SMC portal. Is this the same way you've set your device up?
Hello Qoosh , and thanks a lot for your answer. The option in Sophos Mobile under "Setup > General > SMC app" was in deed already activated, but the Intercept X option was still accessible for the user.Here's the task bundle followed from the enrollment :
The test device used correclty appears as managed and received, and received the MTD policy from the bundle.
Qoosh said:I enrolled the Intercept X app with Sophos Mobile by applying a Mobile Threat Defense policy to the mobile device in question after it was managed in the SMC portal. Is this the same way you've set your device up?
I think we've followed the same steps here, didn't we ? Did you apply the MTD in the task bundle too ? Even though I don't think this would change anything...
I was also wondering : is there a way with Sophos Mobile to prevent the user from changing the parameters from the MTD policy using the Intercept X app ? Because from our tests, it seems that if he decides to launche the app, he can then modify the web reputation parameters for instance. Do you know a way to prevent that ?
Again, thank you for your answer.
The behaviour I see on my side is much different, though I'm unsure why this may be the case. Could you try applying the MTD policy to the mobile device manually after you have finished enrolling the device? You'll need to remove the "Assign policy > MTD policy" step from your task bundle to test this. I suggest cloning the task bundle.
You may also want to check if the option to "unenroll" is available from the "Control" app. If you're able to see this option from the IXM app I would expect the Control app will also show the same.
Thanks again for your answer Qoosh . I'll give it a try and keep you posted in a few days. Regards.