Kaspersky Security for Mobile enables you to detect device hacks (root). System files are unprotected on a hacked device, and therefore can be modified. Moreover, third-party apps from unknown sources could be installed on hacked devices. Upon detection of a hack attempt, we recommend that you immediately restore normal operation of the device.
To detect when a user obtains root privileges, Kaspersky Endpoint Security for Android uses the following services:
If the device is hacked, you receive a notification. You can view hacking notifications in the workspace of the Administration Server on the Monitoring tab. You can also disable notifications about hacks in the event notification settings.
On devices running Android, you can impose restrictions on the user's activity on the device if the device is hacked (for example, lock the device). You can impose restrictions by using the Compliance Control component (see the figure below). To do this, in the scan rule settings, select the Device has been rooted criterion.
Page top