Nailed down what is causing my device to be labeled as compromised: it’s the SMB share on my personal NAS at home. The compromised status changes only once I start browsing files. Log files indicate suspicious files and it marks my device as compromised. I’m going to assume one of the files is my directory marked “torrents”.
Once I remove the share in Files and do a “send data” in Hub my device shows up as clean.
for my device, it was fine 13.2.1, after updated to 13.2.2, it marked as compromised. had to disable the email compliance policy to bypass this. (hub version 19.09.1)
Definitely an issue with mounting file servers in ' Files' and having it trip the dynamic compromise protections. You can see the check here in the logs from my device connecting to a SMB share. Once the share is unmounted the device becomes clean:
So iOS 13.2 got released to the public and the problem is still not fixed. Boxer is detecting iOS 13.2 as compromised and wipes itself. Intelligent Hub is working fine, it doesn't flag the device as compromised only Boxer does.
iPadOS 13.2 is installed on my iPad Pro 10,5' and the device isn't compromised. I can start Boxer (Version 5.11.2) without Problems, the same with HUB App.
We have read that the latest AirWatch apps are required for release 13.2.
My Hub flagged my device as compromised with 13.2 and their chart https://kb.vmware.com/s/article/2960338?lang=en_US&queryTerm=2960338 still does not list any apps compatible for iPads which is wonderful same day support. We ticketed with them a while back on it and they said that the compromised detection was broken and had no timeline for a fix they just pointed us at this forum thread. They said to monitor it they would not even leave the ticket open for monitoring a fix so I would not expect it to work ever again since they do not seem to think it is an issue even worth monitoring.
Benjamin G. Sorry to bother you again. Which version of the beta are you running? The problem startet to appear since 13.2 beta 2, before that it worked fine. The strange thing is that I can't even deactivate compromised detection for Boxer anywhere. There is no option for that. (We also run latested VMware apps.)
I have noticed today that running iOS 13.2 (Build 17B84) that they are being detected as ' Compromised flag changed from Unknown to True' and the device is wiped. I'm going to raise a support ticket now on this.
I narrowed my issue down. The issue appears on both iOS and iPadOS 13.2 and only when using VMware Boxer in conjunction with VMware Tunnel (all latest version). If I use Boxer without VPN Tunnel ,compromised detection does not hit.
Just got confirmation that mounted SMB shares in the files app does cause a false positive compromised device detection. An engineer said it's a bug and it will be fixed in 1911 of the console.
In our environment around 15.000 devices are on 13.x and around 1300 of them are compromise-flagged. We swiched off the compromise-detection a time ago, and I cant find any reason to re-enable it. We dont using Boxer and the HUB version is 19.10
