Detecting device hacks (root)

Kaspersky Secure Mobility Management enables you to detect device hacks (root). System files are unprotected on a hacked device and can therefore be modified. Moreover, third-party apps from unknown sources could be installed on hacked devices. Upon detection of a hack attempt, we recommend that you immediately restore normal operation of the device.

Kaspersky Endpoint Security for Android uses the following services to detect when a user obtains root privileges:

• Embedded service of Kaspersky Endpoint Security for Android. A Kaspersky service that checks whether a mobile device user has obtained root privileges (Kaspersky Mobile Security SDK).

If the device is hacked, you receive a notification. You can view hacking notifications in the workspace of the Administration Server on the Monitoring tab. You can also disable notifications about hacks in the event notification settings.

On devices running Android, you can impose restrictions on the user's activity on the device if the device is hacked (for example, lock the device). You can impose restrictions by using the Compliance Control component. To do this, in the compliance rule settings, select the Device has been rooted criterion.

Page top