The Compliance Control section lets you control Android devices for compliance with corporate security requirements. Corporate security requirements regulate how the user can work with the device. For example, real-time protection must be enabled on the device, the anti-malware databases must be up-to-date, and the device password must be sufficiently strong. Compliance Control is based on a list of rules.
A compliance rule includes the following components:
Device check criterion (for example, presence of forbidden apps on the device).
Time period allocated for the user to fix the non-compliance (for example, 24 hours).
Responses performed on the device if the user does not correct the non-compliance issue within the set time period (for example, lock the device).
If the device is in battery saver mode, Kaspersky Endpoint Security for Android may perform this task later than specified.
Compliance Control settings for Pro View
Parameter
Description
When non-compliance is detected
Notify user
If this check box is selected, the user is informed that the device does not comply with the policy.
If the check box is cleared, the user is not notified of the non-compliance issue, and the response is performed on the device as soon as the time allocated for fixing the non-compliance expires.
This check box is selected by default.
Notify administrator
If this check box is selected, the administrator is informed that the device does not comply with the policy.
This check box is cleared by default.
Add
Create a set of rules for checking the device compliance with the policy.
After completing these steps, the new rule and its details appear in the list of the Compliance Control rules. To temporarily disable a rule, use the toggle switch next to the selected rule.
Criterion for non-compliance
Criterion
Real-time protection is disabled
Kaspersky Endpoint Security for Android is not installed or running on the device.
Anti-malware databases on device are out of date
Anti-malware databases were last updated three or more days ago.
Forbidden apps are installed
The list of apps on the device contains apps that are set as forbidden in the App Control settings of the policy.
Apps from forbidden categories are installed
The list of apps on the device contains apps from the categories that are set as forbidden in the App Control settings of the policy.
Not all required apps are installed
The list of apps on the device does not contain an app that is set as required in the App Control settings of the policy.
Operating system version is outdated
The Android version on the device is outside the allowed range.
For this criterion, specify the minimum and maximum allowed versions of Android in the Minimum version and Maximum version fields. If the maximum allowed version is set to Any, future Android versions supported by Kaspersky Endpoint Security for Android will also be allowed.
Device has not been synchronized for a long time
The last synchronization of the device with the Administration Server is checked.
For this criterion, specify the maximum period after the last synchronization in the Period without synchronization field. The following values are available:
12 hours
24 hours
1 week
30 days
Device has been rooted
The device is hacked (root access is gained on the device).
Unlock password is not compliant with security settings specified in policy
The unlock password on the device is not compliant with the settings defined in the Screen Unlock Settings card.
Installed version of Kaspersky Endpoint Security for Android is outdated
Kaspersky Endpoint Security for Android installed on the device is obsolete.
Responses for non-compliance with security requirements
Add response
Add the responses to be performed on the device if the specified non-compliance criterion is detected.
Response
Block all apps except system apps
Apps on the device, except system apps, are blocked from starting.
As soon as the non-compliance criterion selected for the rule is no longer detected on the device, the apps are automatically unblocked.
This response is selected by default.
Wipe corporate data
Corporate data is wiped from the device.
Reset to factory settings
All data is wiped from the device and settings are rolled back to their factory values. After this response is performed, the device will no longer be managed. To connect the device to Kaspersky Security Center, you must reinstall Kaspersky Endpoint Security for Android.
On devices running Android 14 or later, this response is not applicable.
Lock device
The mobile device is locked. To obtain access to data, you must unlock the device by using the Unlock command.
Deferral period
The deferral period after which the response is applied. The default value is five minutes. The following values are available: