Configuring Host Checker

Host Checker policies can be part of a larger Host Checker configuration that applies to many different types of clients or to Android devices only. However, you might find it easiest to create a separate Host Checker policy specifically for Android devices.

To create a Host Checker policy for Android devices:

  1. From the admin console, select Authentication > Endpoint Security > Host Checker.

  2. In the Policies section, click New to open a New Host Checker Policy page.

  3. Specify a name for the new policy and then click Continue to open the Host Checker Policy page.
    The name appears in lists when you implement the policy so be sure to use a descriptive name, such as Android HC Policy.

  4. Click the Mobile tab, and then click the Android tab.

  5. In the Rule Settings section, click Select Rule Type and select one of the following options and then click Add:

    • OS Checks-To specify the Android version that must be installed on the device:

      • Specify a descriptive name for this rule. For example, Must-Be-Android-4.4-or-higher. Rule names cannot include spaces.

      • Specify the criteria. For example, to enforce Android 4.4 and later, create two conditions.

      • Host Checker supports Android versions 1.6 to latest.

    • Click Save Changes.

•Rooting Detection- Rooting is a process that allows Android users to gain root access to the Android operating system and bypass usage and access limitations imposed by Android. With a Rooting device, an Android user can install applications that are not available through the Play Store. Rooted devices expose the device to a greater risk of running malicious applications

  • Specify a descriptive name for this rule. For example, No-Android-Rooting.

  • The Don't allow Rooted devices check box is enabled by default.

  • Click Save Changes.

6. After you have configured all of your rules, specify how you want to enforce them by choosing one of the following options:

  • All of the rules

  • Any of the rules

  • Custom

For Custom requirements, you can specify a custom expression using Boolean operators AND and OR and also group and nest conditions using parenthesis.

7. Specify remediation options:

  • Enable custom instructions-If you enable this check box, a text box appears and allows you to type information that appears on the user's device if Host Checker discovers an issue.

  • Send reason strings-Select this option to display a message to users (called a reason string) that explains why the client machine does not meet the Host Checker policy requirements. For example, if the Rooting detection policy fails, message appears, A Rooting device is not allowed to access the network. Please contact your network administrator.

8. When you are finished, click Save Changes.

For more information, see Host Checker for Android.