1 3 4 5 6 7 Previous Next 80 Replies Latest reply on Oct 6, 2020 8:53 AM by MarkSchwantje Go to original post
      • 90. Re: iOS 13 Devices Marked as Compromised
        MarkSchwantje Enthusiast
        Do you have the devices set to Enterprise Wipe when compromised? Lost Mode is enabled when a device is Enterprise Wiped as a result of being compromised.
        • 91. Re: iOS 13 Devices Marked as Compromised
          Stansfield Hot Shot
          We have all parts of compromised detection turned off and devices are not enterprise wiping so we are able to go back in and turn lost mode back off, it actually immediately tripped again when we tried to gather HUB logs once and had to be turned off again
          • 92. Re: iOS 13 Devices Marked as Compromised
            jpjp1 Novice
            following this as we see devices are being email wiped with boxer randomly to at least 4 people . not even to both of their devices. it was 2 ipads yesterday.
            • 93. Re: iOS 13 Devices Marked as Compromised
              MarkSchwantje Enthusiast

              Over the last month or so, we've seen an increase once again in the number of devices being detected as compromised. In this latest round, the devices are being detected as compromised, and in most cases, going back to being compliant within a minute or two. The users aren't doing anything to rectify it, because at that point, they don't even know their device has been detected as compromised (and I've followed-up with some of them).

               

              I think I've put in at least 4 tickets related to this never-ending problem. The last one I created, which was back at the beginning of the year, is still open, and they just responded that the issue is fixed in Hub 20.05. But they've told me similar things in the past about new versions of their apps, and the problem still happened even with the "fixed" apps installed.

               

              Our security team is hesitant to disable Compromise Detection, but it seems to be more trouble than its worth. Don't think we've ever actually detected a real jailbroken device in over 4 years.

              • 94. Re: iOS 13 Devices Marked as Compromised
                AntonThirifays Enthusiast

                Hi,

                 

                just discovering this thread as we've been suffering from this since introduction of the over-the-air compliance app check from Boxer.

                Same as you, devices are marked as being compromised then in a matter of seconds / minutes / hours, the device is marked as Compliant again.

                 

                We had more or less same answers from ticket support at VMware and issue has been escalated for resolution. Waiting for a feedback now.

                 

                In our case, support asked if the following URLs are accessible from our devices.

                api.na1.region.data.vmwservices.com

                discovery.awmdm.com

                signing.awmdm.com

                 

                The last two are mentioned in the network prerequisites as optional and the first one is not listed. Also, it seems that these URLs must be accessible from the device themselves, which is the case  for us as we do not restrict connectivity on our devices.

                Given the URLs are mentioned as optional, we have no plans of opening it up from our DS / CN servers.

                 

                Final info received from the auto communications from VMWare is the following :

                https://kb.vmware.com/s/article/79668?lang=en_US

                From the KB it relates to 20.05 version, we're currently on 19.07 , not using tunnel and Boxer has a specific SDK profile attached to it.

                • 95. Re: iOS 13 Devices Marked as Compromised
                  chengtmskcc Expert

                  Check out the below and see if it helps with your issue.

                   

                  ESC-22684: iOS devices incorrectly marked compromised after updating to VMware Workspace ONE Intelligent Hub 20.05

                   

                  View the article https://kb.vmware.com/s/article/79668?lang=en_US

                  • 96. Re: iOS 13 Devices Marked as Compromised
                    MarkSchwantje Enthusiast

                    What an absolute joke. Hub 20.05 was supposed to resolve the false positive compromised device issue, and now it also suffers from the same problem.

                    • 97. Re: iOS 13 Devices Marked as Compromised
                      MarkSchwantje Enthusiast

                      In our case, support asked if the following URLs are accessible from our devices.

                      api.na1.region.data.vmwservices.com

                      discovery.awmdm.com

                      signing.awmdm.com

                       

                      The last two are mentioned in the network prerequisites as optional and the first one is not listed. Also, it seems that these URLs must be accessible from the device themselves, which is the case  for us as we do not restrict connectivity on our devices.

                      Given the URLs are mentioned as optional, we have no plans of opening it up from our DS / CN servers.

                       

                      We were asked the same months ago. We've allowed access to those URLs, and it made no difference. Plus, with COVID-19, most of the workforce is working remotely, so they wouldn't be impacted by any firewall rules.

                      • 98. Re: iOS 13 Devices Marked as Compromised
                        chengtmskcc Expert

                        This KB has been updated.

                         

                        [Resolved] ISDK-174103: iOS devices incorrectly marked compromised after updating to VMware Workspace ONE Intelligent Hub 20.05 (79668)

                         

                        https://kb.vmware.com/s/article/79668?lang=en_US

                        • 99. Re: iOS 13 Devices Marked as Compromised
                          callegrafi Novice

                          Have anyone else noticed an increase on the number of compromised devices in the past 1-2 weeks?

                          We are on cn763 and the latest 20.8.0.6 release. The compromised devices have the latest Hub app, and after we make a re-evaluation they are marked as compliant.

                          Its not a big issue, but it is annoying!

                          • 100. Re: iOS 13 Devices Marked as Compromised
                            MarkSchwantje Enthusiast

                            We have been dealing with this issue for close to a year, At least on 4 different occasions through several tickets I've been told the issue is resolved, only to find out that it wasn't. The last time they told me this was with the release of the new version of Hub mentioned in the post above on June 30th. This new version of Hub did nothing to resolve the issue for us.

                             

                            Having said that, I have also noticed an increase in these events in the last couple of weeks. I updated my existing ticket with this information, and so far engineering is apparently stumped.

                            1 3 4 5 6 7 Previous Next