False positives for Compromised status on iOS 11.3 and 11.3.1 devices

Hi

We only received notifications about it this morning from VMWare. We haven’t had too much noise about devices dropping off since 11.3 has been available.

Have any of you experienced the same issue with other MDM platforms?

Regards

Hi Slink

This is what we got:

**False positives for Compromised status on iOS 11.3 and 11.3.1 devices by Jordan Cardinal **

Symptoms

The VMware AirWatch teams have received reports on false positives for compromised detection on some devices running iOS 11.3 and 11.3.1. This may occur on VMware AirWatch Agent, Workspace ONE, Container or any of the VMware productivity applications.

This article will be updated as our teams continue to actively investigate the issue.

Preventative Action

To prevent un-enrollment of devices which encounter the false compromised detection, we recommend temporarily disabling the Compromised Protection setting under Groups & Settings > All Settings > Apps > Settings & Policies > Security Policies > Compromised Protection until the VMware AirWatch teams have identified the root cause of the issue.

Disabling Compromised Protection will prevent immediate unenrollment of a device when it is detected to be compromised (even for false positives).

Alternatively, to track and detect compromised devices, a compliance policy can be created to detect Compromised devices and Admins can be notified to take an action.

Fix Version

Our product team has been engaged and is actively working to resolve the issue.

Link to article

I do not see an option for disabling “Compromised Protection” under – Groups & Settings > All Settings > Apps > Settings & Policies > Security Policies > Compromised Protection

Is that option not available in AW 9.6.0.0?

Hi

With 9.7, I can see it under Groups & Settings > All Settings > Apps > Settings & Policies > Security Policies, underneath the Offline Access section