Comodo Help
Find the desired product help
Xcitium Enterprise

Xcitium Enterprise

Xcitium Enterprise Administrator Guide

English

Print Help Download Help
Configuration Templates > Create Configuration Profiles > Profiles For Android Devices
  • Introduction To Xcitium Enterprise - Endpoint Protection Platform
    • Key Concepts
    • Best Practices
    • Login Into The Admin Console
    • Upgrade To Full Version
  • The Admin Console
  • The Dashboards
  • CNAPP Dashboard
  • ROI Dashboard
  • Devices And Device Groups
    • Manage Device Groups
      • Create Device Groups
      • Edit A Device Group
      • Assign Configuration Profiles To A Device Group
      • Remove A Device Group
      • Run Procedures On Device Groups
    • Manage Devices
      • Add New Devices
      • Manage Windows Devices
        • View And Edit Device Name
        • View Summary Information
        • View Network Information
        • View And Manage Profiles Associated With A Device
        • View Maintenance Windows Associated With A Device
        • View And Manage Applications Installed On A Device
        • View The Files On A Device
        • View Exported Configurations And Import Profiles
        • View MSI Files Installed On A Device Through Xcitium
        • View And Manage Patches For Windows And 3rd Party Applications
        • View Antivirus Scan History
        • View And Manage Device Group Memberships
        • View Device Logs
      • Manage Mac OS Devices
        • View And Edit Mac OS Device Name
        • Summary Information Of Mac Device
        • View Installed Applications
        • View Quarantined Files On Mac OS Device
        • View And Manage Profiles Associated With A Device
        • View Packages Installed On A Device Through Xcitium
        • View And Manage Device Group Memberships
        • View Mac Device Logs
      • Manage Linux Devices
        • View And Edit Linux Device Name
        • Summary Information Of Linux Device
        • View Network Information Of A Linux Device
        • View And Manage Profiles Associated With A Linux Device
        • View Linux Packages Installed On A Device Through Dragon
        • View And Manage Device Group Memberships
      • Manage Android Devices
        • View And Edit Device Name
        • View Summary Information
        • Manage Installed Applications
        • View And Manage Profiles Associated With A Device
        • View Sneak Peek Pictures To Locate Lost Devices
        • View The Location Of The Device
        • View And Manage Device Group Memberships
      • Manage IOS Devices
        • View And Edit Device Name Of An IOS Device
        • View Summary Information Of An IOS Device
        • View Applications Installed On An IOS Device
        • View And Manage Profiles Associated With An IOS Device
        • View The Location Of An IOS Device
        • View And Manage Group Memberships Of An IOS Device
      • View User Information
      • Remote Management Of Windows And Mac OS Devices
        • Transfer Items To / From The Remote Computer
      • Remotely Manage Folders And Files On Windows Devices
      • Manage Processes On Remote Windows Devices
      • Manage Services On Remote Windows Devices
      • Use The Command Prompt On Remote Windows Devices
      • View Event Logs On Remote Windows Devices
      • Apply Procedures To Windows And Mac Devices
      • Remotely Install And Manage Packages On Windows Devices
      • Remotely Install Packages On Mac OS Devices
      • Remotely Install Packages On Linux Devices
      • Send Enrollment Link To IOS Devices
      • Generate An Alarm On Android Devices
      • Remotely Lock Mobile And Mac OS Devices
      • Wipe Selected Mobile And Mac Devices
      • Assign Configuration Profiles To Selected Devices
      • Set / Reset Screen Lock Password For Mobile Devices
      • Update Device Information
      • Send Text Messages To Mobile Devices
      • Restart Selected Windows Devices
      • Change A Device's Owner
      • Change The Ownership Status Of A Device
      • Add Custom Notes And Tags On Devices
      • Remove A Device
      • Generate Device List Report
      • Manage Isolate And Release From Isolation
    • Bulk Enrollment Of Devices
      • Enroll Windows, Mac OS And Linux Devices By Installing The Communication Client
        • Enroll Windows Devices Via AD Group Policy
        • Enroll Windows, Mac OS And Linux Devices By Offline Installation Of Agent
        • Enroll Windows Devices Using Auto Discovery And Deployment Tool
      • Enroll Android And IOS Devices Of AD Users
    • Download And Install The Remote Control Tool
  • Cloud Workloads
  • Cloud Assets
  • Cloud Security
    • View Vulnerabilities Findings
    • Registry Scan
    • CSPM Executive Dashboard
    • Compliance Summary
    • CWPP Dashboard
    • App Behavior
    • Manage Policies
    • Remediation
    • View Alerts
    • Manage Triggers
    • View Reports
  • Users And User Groups
    • Manage Users
      • Create New User Accounts
        • Manually Add Users
        • Import Users From A CSV File
      • Enroll User Devices For Management
        • Enroll Android Devices
        • Enroll IOS Devices
        • Enroll Windows Endpoints
        • Enroll Mac OS Endpoints
        • Enroll Linux OS Endpoints
      • View User Details
        • Update The Details Of A User
      • Assign Configuration Profiles To User Devices
      • Remove A User
      • Generate New Password For A User
      • Reset Two Factor Authentication Token For A User
      • Run Procedures On User Devices
    • Manage User Groups
      • Create A New User Group
      • Edit A User Group
      • Assign Configuration Profiles To A User Group
      • Remove A User Group
      • Run Procedures On User Group Devices
    • Configure Role Based Access Control For Users
      • Create A New Role
      • Manage Permissions And Users Assigned To A Role
      • Remove A Role
      • Manage Roles Assigned To A User
  • Configuration Templates
    • Create Configuration Profiles
      • Profiles For Android Devices
      • Profiles For IOS Devices
      • Profiles For Windows Devices
        • Create Windows Profiles
          • Associated Devices Settings
          • Antivirus Settings
          • Communication Client And Xcitium Client - Security Application Update Settings
          • File Rating Settings
          • Firewall Settings
          • HIPS Settings
          • Containment Settings
          • Maintenance Window Settings
          • VirusScope Settings
          • Xcitium Verdict Cloud
          • Global Proxy Settings
          • Client Proxy Settings
          • Agent Discovery Settings
          • Communication Client And Xcitium Client - Security Application UI Settings
          • Logging Settings
          • Client Access Control
          • External Devices Control Settings
          • Monitors
          • Procedure Settings
          • Remote Control Settings
          • Remote Tools Settings
          • Miscellaneous Settings
          • Script Analysis Settings
          • Data Loss Prevention Settings
          • Patch Management Settings
          • Performance Settings
          • Thumbnails Settings
          • Chat Settings
          • Applications Settings
        • Import Windows Profiles
      • Profiles For Mac OS Devices
        • Create A Mac OS Profile
          • Antivirus Settings For Mac OS Profile
          • Certificate Settings For Mac OS Profile
          • Restrictions Settings For Mac OS Profile
          • VPN Settings For Mac OS Profile
          • Wi-Fi Settings For Mac OS Profile
          • Remote Control Settings For Mac OS Profile
          • External Device Control Settings For Mac OS Profile
          • Valkyrie Settings For MacOS Profile
          • Procedure Settings For Mac Profiles
          • Monitor Settings For Mac OS Profile
      • Profiles For Linux Devices
        • Create A Linux Profile
          • Antivirus Settings For Linux Profile
          • Communication Client And XcitiumClient - Security Application Update Settings For Linux Profile
          • User Interface Settings For Linux Profile
          • Logging Settings For Linux Profile
          • Clients Access Control Settings For Linux Profile
          • Valkyrie Settings For Linux Profile
    • View And Manage Profiles
      • Export And Import Configuration Profiles
      • Clone A Profile
    • Edit Configuration Profiles
    • Manage Default Profiles
    • Manage Alerts
      • Create A New Alert
      • Edit / Delete An Alert
    • Manage Procedures
      • View And Manage Procedures
      • Create A Custom Procedure
      • Combine Procedures To Build Broader Procedures
      • Review / Approve / Decline New Procedures
      • Add A Procedure To A Profile / Procedure Schedules
      • Import / Export / Clone Procedures
      • Change Alert Settings
      • Apply Procedures To Devices
      • Edit / Delete Procedures
      • View Procedure Results
    • Manage Monitors
      • Create Monitors And Add Them To Profiles
        • Monitors For Windows Devices
        • Monitors For Mac OS Devices
      • View And Edit Monitors
    • Data Loss Prevention Rules
      • Create DLP Discovery Rules And Add Them To Profiles
      • View And Edit DLP Discovery Rules
      • Create DLP Monitoring Rules And Add Them To Profiles
      • View And Edit DLP Monitoring Rules
  • Security Systems
    • View Alerts And Security Events
      • View Alerts And Security Events By Time
      • View Alerts And Security Events By Files
      • View Alerts And Security Events By Device
      • Alert Policy
      • Suppression Rule
    • Investigate Events
      • Search Events By Query
      • Search Events By File
      • Search Events By Device
      • View Android Threat History
      • Process Timeline
    • Endpoint Security Status
      • Run Antivirus And/or File Rating Scans On Devices
      • Handle Malware On Scanned Devices
      • Update Virus Signature Database On Windows, Mac OS And Linux Devices
    • View And Manage Blocked Threats
    • View And Manage Quarantined Items
    • View Contained Threats
    • View And Manage Autorun Items
    • Manage File Trust Ratings On Windows Devices
      • File Ratings Explained
    • View List Of File Verdicts
    • View History Of External Device Connection Attempts
    • Data Loss Prevention Scans
      • DLP Logs
      • DLP Quarantined Files
  • Network Management
    • Create And Run Network Discovery Tasks
    • Manage Profiles For Network SNMP Devices
    • Manage Network Devices
      • Manage SNMP Devices
        • SNMP Device Details Interface
      • Discovered Devices
    • Manage Network Monitors
  • Software Inventory
    • View Applications Installed On Android And IOS Devices
      • Blacklist And Whitelist Applications
    • Patch Management
      • Manage OS Patches On Windows Endpoints
      • Install 3rd Party Application Patches On Windows Endpoints
        • Xcitium Supported 3rd Party Applications
    • View And Manage Applications Installed On Windows Devices
      • Uninstall A Windows Application From Selected Devices
      • Uninstall A Windows Application From All Devices
    • Vulnerability Management
  • Management Settings
    • Account Management
    • License Management
      • Manage Your Licenses
      • License Allocations
      • Bill Forecast
  • Configure Xcitium Enterprise
    • Email Notifications, Templates And Custom Variables
      • Configure Email Templates
      • Configure Email Notifications
      • Create And Manage Custom Variables
      • Create And Manage Registry Groups
      • Create And Manage COM Groups
      • Create And Manage File Groups
      • Create And Manage Tags
    • Xcitium Enterprise Portal Configuration
      • Import User Groups From LDAP
      • Configure Portal Settings
      • Configure Communication And Security Client Settings
        • Configure The Xcitium Android Client
          • Configure Android Client General Settings
          • Configure Android Client Antivirus Settings
          • Add Google Cloud Messaging (GCM) Token
        • Add Apple Push Notification Certificate
        • Configure Windows Clients
          • Configure Communication Client Settings
          • Configure Client Security Settings
      • Manage Xcitium Enterprise Extensions
      • Configure Xcitium Enterprise Reports
      • Device Removal Settings
      • Account Security Settings
      • Set-up Administrator's Time Zone And Language
      • Configure Audit Log Settings
    • Dashboard Settings
    • Cloud Security Settings
      • Manage Cloud Accounts
        • Amazon Web Server (AWS) Account Onboarding
        • Google Cloud Platform (GCP) Account Onboarding
        • Microsoft Azure Account Onboarding
      • Manage Cluster
      • Configure Integrations
        • CWPP
        • CSPM
        • Registry
        • S3 Data Source
      • Create And Manage Labels
      • Create And Manage Tags
      • Create And Manage Groups
      • Configure Ticket Template
    • Data Protection Templates
      • View And Manage Pattern Variables
      • View And Manage Keyword Groups
    • View Version And Support Information
    • Alert Notification Settings
  • Appendix 1a - Xcitium Services - IP Nos, Host Names And Port Details - EU Customers
  • Appendix 1b - Xcitium Services - IP Nos, Host Names And Port Details - US Customers
  • Appendix 2 - Pre-configured Profiles
  • Appendix 3 - Default Xcitium Security Policy Details
  • About Xcitium

Profiles for Android Devices


Android profiles let you configure a device's network access rights, security restrictions, scan schedule and other settings.


Process in brief:

  • Click 'Assets' > 'Configuration Templates' > 'Profiles'

  • Click 'Create' > 'Create Android Profile'

  • Type a name and description for your profile then click the 'Create' button. The profile now appears in 'Assets' > 'Configuration Templates' > 'Profiles'

  • New profiles have only one section - 'General'. Click 'Add Profile Section' to add settings for various security and management features. Each section you add will appear as a new tab

  • Once you have fully configured your profile you can apply it to devices, device groups, users and user groups

  • You can make any profile a 'Default' profile by selecting the 'General' tab then clicking the 'Edit' button.

This part of the guide explains the processes above in more detail, and includes in-depth descriptions of the settings available for each profile section.


Create an Android profile

  • Click 'Assets' > 'Configuration Templates' > 'Profiles'

  • Click the 'Create' button > 'Create Android Profile':


  • Enter a name and description for the profile

  • Click the 'Create' button

The Android profile is created and the 'General Settings' section is shown. The new profile is not a 'Default Profile' by default.


  • A 'default' profile is one that is applied automatically to any device which matches its operating system. You can have multiple 'default' profiles per operating system.

  • Click the 'Make Default' button if you want this profile to be a default.

    • Alternatively, click the 'Edit' button on the right of the 'General' settings screen and enable 'Is Default'.

  • Click 'Save'.

Tip: You can set any profile as a default in the 'Profiles' screen. See Edit Configuration Profiles for more details.


The next step is to add profile sections.

  • Each profile section contains a range of settings for a specific security or management feature.

  • For example, there are profile sections for 'Browser Restrictions', 'Antivirus Settings', 'Network Restrictions', 'VPN' and so on.

  • You can add as many different sections as you want when building your device profile.

  • To get started:

    • Click 'Add Profile Section'

    • Select the security component that you want to include in the profile:



Note: Many Android profile settings have small information boxes next to them which indicate the OS and/or device required for the setting to work correctly.


For example, the following box indicates that the setting supports KNOX 2.0+ (Samsung For Enterprises) devices and tablets only



The settings screen for the selected component is shown. After saving, it is available as a link at the top.



The following sections explain more about each of the sections:

  • Antivirus

  • Bluetooth Restrictions

  • Browser Restrictions

  • Certificate

  • Email

  • Active Sync

  • Kiosk

  • Native App Restrictions

  • Network Restrictions

  • Passcode

  • Restrictions

  • VPN

  • Wi-Fi

  • Other Restrictions

  • Updates

Configure Antivirus settings

  • Click 'Antivirus Settings' in the 'Add Profile Section' drop-down





Antivirus Settings - Table of Parameters

Form Element

Description

AV scanning exclusion list

Lets you add trusted apps.


Trusted apps are excluded from real-time, on-demand and scheduled antivirus scans run on the devices.

  • Enter the bundle identifier of the app that you want to exclude from antivirus scanning.

For more details on getting the bundle identifier for an app, see the explanation given below this table.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

  • Click to add more 'AV scanning exclusions list' fields.

  • Click to remove an item from the 'AV scanning exclusion list ' field.

Automatically terminate malware process

If enabled, any malware found is stopped from running.


From this point it might be ignored (allowed to remain on the device) or uninstalled, depending on the settings in Configure Android Client Antivirus Settings.


To view these settings, click 'Settings' > 'Settings' > 'Portal Set-Up' > 'Client Settings' > 'Android' > 'Antivirus'

Schedule scan

Select if you want to automate the process of antivirus scanning. Select the checkbox beside the day(s) that you want the scheduled scan to run.

  • Click the 'Save' button.

The settings are saved and shown under the 'Antivirus Settings' tab. You can edit settings or remove the 'Antivirus Settings' section from the profile at anytime. See Edit Configuration Profiles for more details.



Obtain Bundle/Package Identifier


The bundle identifier is a string that identifies the .apk package used to install the app.


For Google Play Apps:


The bundle identifier can be found at the end of the app's Google Play download URL.


For example, 'com.Xcitium.batterysaver' is the Xcitium Battery Saver app id in the URL


https://play.google.com/store/apps/details?id=com.Xcitium.batterysaver


Configure Bluetooth Restrictions settings


The feature is supported for Samsung for Enterprise (KNOX) devices only.

  • Click 'Bluetooth Restrictions' from the 'Add Profile Section' drop-down



Bluetooth Restrictions Settings - Table of Parameters

Form Element

Description

Allow Device discovery via Bluetooth

Allows discovery of other devices via Bluetooth.

Allow Bluetooth Pairing

Allows users' devices to pair with other their devices via Bluetooth.

Allow Outgoing Calls

Allows users to make calls using Bluetooth enabled devices (eg. hands-free devices)

Allow Bluetooth Tethering

Allows users to enable/disable Bluetooth tethering option.


Allow connection to Desktop or Laptop via Bluetooth

Allow users to enable/disable Bluetooth connection with Desktop or Laptop.

Allow data transfer

Allows data transfer between devices via Bluetooth.


  • Click the 'Save' button.

The settings are saved and shown under the 'Bluetooth Restrictions' tab. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.


Configure Browser Restrictions settings


The feature is supported for Samsung for Enterprise (KNOX) devices only.

  • Click 'Browser Restrictions' from the 'Add Profile Section' drop-down

The 'Browser Restrictions' settings screen will be displayed.




Browser Restrictions Settings - Table of Parameters

Form Element

Description

Allow Pop-ups

Pop-ups in browsers will be allowed on user devices.

Allow Javascript

Java scripts will be allowed on user devices

Accept Cookies

Users will be allowed to modify Cookies settings on their devices.

Remember Form Data for later use

Users will be allowed to use Auto Fill settings on their devices.

Show Fraud Warning Settings

Users will be allowed to view Fraud Warning Settings on their devices.


  • Click the 'Save' button.

The settings are saved and shown under the 'Browser Restrictions' tab. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.


Configure Certificate settings


The 'Certificate' settings section is used to upload certificates and will act as a repository from which certificates can be selected for use in other areas like 'Wi-Fi, 'Exchange Active Sync' and 'VPN'.

  • Click 'Certificate' from the 'Add Profile Section' drop-down



Certificate Settings - Table of Parameters

Form Element

Description

Name

Enter the label of the certificate.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Description

Enter an appropriate description for the certificate.

Data

Browse to the location of the stored certificate and select the certificate.


Note: Only certificate files with extensions 'pub', 'crt' or 'key' can be uploaded.

  • Click the 'Save' button.

The certificate will be added to the certificate store.


 

  • Click 'Add Certificate' and repeat the process to add more certificates.

  • Click on the name of the certificate to view the certificate key and edit the name

You can add any number of certificates to the profile and remove certificates at anytime. See Edit Configuration Profiles for more details.


Configure Email settings


Note: The feature is supported for Samsung for Enterprise (KNOX) devices only. This area allows administrators to configure email settings on devices.

  • Click 'Email' from the 'Add Profile Section' drop-down



Email Settings - Table of Parameters

Form Element

Description

Configure for Type*

Choose the protocol for incoming mail server from IMAP and POP.

Email address*


Enter the email address of the user at the incoming mail server If the profile is for a single user.


Click the variables button to insert dynamic values if the profile is for several users.


The email address of the users to whom the profile is associated are automatically added to the profile while rolling out the same to the devices.


See Create and Manage Custom Variables for more details on variables.

Account Display Name

Enter a label to identify the user's email account at the incoming mail server, if the profile is for a single user.


Click the variables button to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.


The email address of the users to whom the profile is associated are automatically added to the profile while rolling out the same to the devices.

Set as Default Account

The email account is set as default for the users.

Mail Server Host Name (for Incoming Mail) *

Enter the host name or IP address of the incoming mail server, if the profile is for a single user.


Click the variables button to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.

Mail Server Port Number (for Incoming Mail) *

Enter the server port number used for incoming mail service for a single user.


For POP3, it is usually 110 and if SSL is enabled it is 995. For IMAP, it is usually 143 and if SSL is enabled it is 993.


Click the variables button to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.

Login (for Incoming Mail)*

Enter the username for the email account of the user at the incoming mail server if the profile is for a single user.


Click the variables button   to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.


The email usernames of the users to whom the profile is associated are automatically added to the profile while rolling out to the devices.

Password (for Incoming Mail)*

Enter the password for the email account of the user at the incoming mail server if the profile is for a single user.


Click the variables button to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.


The email passwords of the users to whom the profile is associated are automatically added to the profile while rolling out to the devices.

Use SSL Incoming

Communication between incoming mail server and devices is encrypted using SSL (Secure Socket Layer Protocol).

Accept All Certificates (for Incoming Mail)

The device automatically accepts all SSL certificates from the incoming mails.

Accept TLS Certificates (for Incoming Mail)

The device automatically accepts all secure certificates for TLS (Transport Secure Layer Protocol) from the incoming mails.

Mail Server Host Name (for Outgoing mail)*

Enter the host name or IP address of the outgoing (SMTP) mail server for a single user.


Click the variables button to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.

Mail Server Port Number (for Outgoing Mail) *

Enter the server port number used for outgoing (SMTP) mail service, if the profile is for single user.


If no port number is specified then ports 25, 587 and 465 are used in the given order.


Click the variables button to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.

Login (for outgoing Mail)*

Enter the username for the email account of the user at the outgoing (SMTP) mail server if the profile is for a single user.


Click the variables button to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.


The email usernames of the users to whom the profile is associated are automatically added to the profile while rolling out to the devices.

Password (for outgoing Mail)*

Enter the password for the email account of the user at the outgoing (SMTP) mail server if the profile is for a single user.


Click the variables button to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.


The email passwords of the users to whom the profile is associated are automatically added to the profile while rolling out to the devices.

Use SSL (for Outgoing Mail)

Communication between outgoing mail server and devices is encrypted using SSL.

Accept All Certificates (for Outgoing Mail)

The device automatically accepts all SSL certificates from outgoing mails.

Accept TLS Certificates (for Outgoing Mail)

The device automatically accepts all secure certificates for TLS (Transport Secure Layer Protocol) from outgoing mails.


Sender Name

Enter the name that should appear in the 'From' field of the sent emails from the device if the profile is for a single user.


Click the variables button to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.

Set Signature

Enter the signature and other details that appears at the end of the mails sent from the device.


Click the variables button to insert dynamic values if the profile is for several users.


See Create and Manage Custom Variables for more details on variables.

Prevent Moving Mail to other Accounts

The user cannot move sent or received mails to another account.

Always Vibrate on New Email Notification

The device vibrates in addition to sound alert when a new email is received.

Vibrate on New Email Notification if device is silent

The device vibrates when a new email is received, when the device is in silent mode.

  • Click the 'Save' button.

The settings are saved and shown under the 'Email' tab. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.


Configure ActiveSync settings


ActiveSync settings allows you to configure user access to Exchange Server mail accounts.


Note: Please make sure users are not blocked from using the email client on their devices in Native App Restrictions

  • Click 'ActiveSync Settings' from the 'Add Profile Section' drop-down.


Form Element

Description

Email Address *

Click the 'Variables' button and click beside '%u.mail' from the User Variables' list. The email address of the users to whom the profile is associated are automatically filled. For more details on variables, see Create and Manage Custom Variables.

User Name *

Click the 'Variables' button and click beside '%u.login' from the User Variables' list. The username of the users to whom the profile is associated are automatically filled. For more details on variables, see Create and Manage Custom Variables.

Domain *

Enter the domain name in the field.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Server Address *

Enter the server address of the ActiveSync.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Password

Leave the field blank. The user needs to enter the password while configuring the email account for the first time. After it is validated, the users can access the email account without entering the password.

Account Display Name

Enter a label to identify the user's email account at the exchange server.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Email Signature

Enter the signature and other details that appears at the end of the mails sent from the device.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Maximum Email Size

The maximum size of email that the user can download from the server. Use the controls or enter the value in the field.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Sync Emails

Choose the period for which the emails are to be kept synchronized between the device and the exchange server from the recent past, from the drop-down.

Sync Calendar

Select the period for which the calendar events are to be synchronized between the device and the exchange server, from the drop-down.

Use SSL

Communication between the device and the exchange server is encrypted using SSL (Secure Socket Layer Protocol).

As default account

The email address is used as default for sending out emails.

Accept all certificates

The device automatically accepts all SSL certificates.

Can sync contacts

Allows synchronization of user contacts between device and exchange server.

Can sync calendar

Allows synchronization user created calendar events between the device and the exchange server.

Can sync tasks

Allows synchronization of user scheduled tasks between the device and the exchange server.

Manual roaming sync

The user can use the sync feature manually while away from the home network.

Always vibro on new email

The device will vibrate when a new email is received.

 

Fields with * are mandatory.

  • Click the 'Save' button.

The settings are saved and shown under the 'ActiveSync Settings' tab. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.


Configure Kiosk settings


Note:This feature is only supported by Samsung for Enterprise (KNOX) devices.


Background: Kiosk mode is a feature intended to help administrators lock-down mobile devices by limiting the applications that are able to run on a device. 'Locking' a device to particular applications can prevent users from opening other applications or straying into important device configuration areas. You can also block aspects of the OS should you wish. An example is a retail or school environment where only certain apps should be used on the device.


  • Click 'Kiosk' from the 'Add Profile Section' drop-down



Form Element

Description

Kiosk Mode Type

The two Kiosk modes are:

  • Default mode - Run multiple apps in Kiosk mode. Users will not be able to run non-kiosk applications. Kiosk mode can only be exited by entering the admin bypass password.

  • Single App mode - Users can only run the single application that you specify. Users will not be able to run non-kiosk applications. Kiosk mode can only be exited if the admin disables it in the Xcitium console.

Restrictions on access to other device functions, such as task manager and the status bar, can also be configured for either mode.

If 'Single App' is selected as Kiosk Mode Type:

Enter ID of Kiosk Apps

 

Enter the Package ID of the app that will run in Kiosk mode.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.


See Obtain Bundle/Package Identifier for more details on Package ID.

If 'Default mode' is selected as Kiosk Mode Type:

Enter ID of Kiosk Apps

 

Enter the package IDs of the apps that will run in Kiosk mode.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.


See Obtain Bundle/Package Identifier for more details on Package ID.

Click  to add more app IDs.


Click the button to remove an item from the list

Block Multi-Window Mode

Users cannot open multiple windows.

Block Task Manager

Users cannot access task manager screen.

Hide Navigation Bar

The navigation bar is not shown on the devices.

Hide System Bar

The system bar is not shown on the devices.

SMS/MMS blocking

All SMSs and MMSs to the device are blocked.

Block Keys

This feature lets you selectively block touch keys and icons available on device screen.


For example, if you do not want the device owners to use 'Caps Lock' key you can block it.


Click in the 'Block Keys' field:

Scroll down to view the full list and select the key.

Repeat the process to add more keys to the blocked keys list.

The following features are visible if 'Default mode' is selected as Kiosk Mode Type:

Show messenger App

Allows the messenger app on the device.

Show email App

Allows the email app on the device.

Show dialer App

Allows the phone dialer app on the device.

Show admin bypass button

Adds the 'Admin bypass' button to the device screen. The user can tap the button and enter the password to exit from the Kiosk mode.

Admin bypass password

Enter the password required to exit the Kiosk mode.



Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.


  • Click the 'Save' button.

The settings are saved and shown under the 'Kiosk' tab. You can edit the settings or remove the section from the profile at anytime.See Edit Configuration Profiles for more details.


Configure Native App Restriction settings


Native applications are those applications that come with the device operating system. Examples include the email and gallery apps. Admins can restrict users from accessing these native applications if required.


Note: Native app restrictions are only available on Samsung which support KNOX 2.0 +

  • Click 'Add Profile Section' > 'Native App Restrictions'


Form Element

Description

Allow Gmail

Users can the access Gmail app.

Allow Email

Users can the access the default email app.

Allow Browser

Users can access the default Android browser on their devices.

Allow Gallery

Users can access Gallery on their devices.

Allow Settings

Users can change their device settings.

Allow Google Play

Users can access Google Play on their mobile devices.

Allow YouTube App

Users can access the YouTube app.

Allow Google Maps & Navigation

Users can access Google Maps and Navigation app on their devices.

Allow Google and Voice Search

Users can use Google and Voice Search services.


  • Click the 'Save' button.

The settings are saved and shown under the 'Native App Restriction' tab. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.


Configure Network Restriction settings


The feature is supported for Samsung for Enterprise (KNOX) devices only.

  • Click 'Network Restrictions' from the 'Add Profile Section' drop-down


Form Element

Description

Allow Emergency Calls only

Allows users to make only emergency calls.

Allow Voice Roaming

Allows users to make/receive voice call during roaming.

Allow Sync during Roaming

Allows the use of Sync feature while roaming.

Allow Data Roaming

Allows users to enable 'Data Roaming' option on their devices to access data services during roaming.

Allow USB Tethering

Allows users to enable 'USB Tethering' option for sharing their data connection through USB tethering.

Allow Wi-Fi access point settings editing

Allows users to edit the Wi-Fi access point settings to create a Wi-Fi hotspot for sharing their data connection.

Allow user to add Wi-Fi networks

Allows users to add additional Wi-Fi networks.

Wi-Fi Network Minimum Security Level


Select the minimum security level required for the user to access the Wi-Fi network. The options available are:

  • Open

  • WEP

  • WPA

  • 802.1x EAP (LEAP)

  • 802.1x EAP (FAST)

  • 802.1x EAP (PEAP)

  • 802.1x EAP (TTLS)

  • 802.1x EAP (TLS)

Allow SMS

Allows text messages as per the option selected:

  • All - Allows both incoming and outgoing text messages.

  • Incoming Only - Allows incoming text messages only.

  • Outgoing Only - Allows outgoing text messages only.

  • None - Both incoming and outgoing text messages are blocked.

Allow MMS

Allows multimedia messages as per the option selected:

  • All - Allows both incoming and outgoing multimedia messages.

  • Incoming Only - Allows incoming multimedia messages only.

  • Outgoing Only - Allows outgoing multimedia messages only.

  • None - Both incoming and outgoing multimedia messages are blocked.

Blacklisted SSIDs


Specify the name (SSID) of the wireless network that should be blacklisted.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.


Click the button to add more 'Blacklisted SSID' fields.


Click the button beside an SSID to remove it from the list


  • Click the 'Save' button.

The settings are saved and shown under the 'Network Restrictions' tab. You can edit the settings or remove the section from the profile at anytime See Edit Configuration Profiles for more details.


Configure Passcode settings

  • Click 'Passcode' from the 'Add Profile Section' drop-down

 


Form Element

Description

Passcode Type

Select the type of passcode from the drop-down that the user should configure for unlocking screen lock. The options available are:


No passcode enforcement


Only letters


Letters and numbers


Only numbers


Letters, numbers and a special symbol


Requires some kind of password

Minimum Passcode Length

Select the minimum number of passcode characters that can be configured by the user. (4-16 characters).

Maximum Idle Time

Select the maximum time period that can be set as idle time out period for device screen lock, from the drop-down.

Maximum Failed Attempts for Wipe

Select the maximum number of allowed unsuccessful login attempts for device wipe (4-16). Set the value as '0' for unlimited.


If the number of failed attempts crosses this value, the data in the device will be automatically wiped off. This is useful to prevent the data from the device being stolen, if somebody, other than the user, tries to login to the device by entering guessed passcodes.

Maximum Failed Attempts for Sneak Peek

Select the maximum number of allowed unsuccessful login attempts for 'Sneak Peek' feature (4-16). Set the value as '0' for unlimited.


The 'Sneak Peek' feature makes the device take a photograph with the front- facing camera if the wrong passcode is entered a certain number of times - hopefully getting a picture of the person holding a lost/stolen device. Photographs are forwarded to the Xcitium server.


The photograph(s) sent by the device can be viewed from the 'Device Details' interface that can be accessed by clicking 'Assets' > 'Devices' > 'Device List' > the device name > 'Sneak Peek' tab. See View Sneak Peek Pictures to Locate Lost Devices for more details.


Note: If the device does not have a front camera, the rear camera will capture a photograph and forward to the Xcitium server.

Maximum Passcode Age (days)

Enter the maximum period in days for which a passcode can be valid. After the number of days specified in this field, the passcode will expire. The user needs to change the passcode before the current one expires.

Passcode History Requirements

 

Set how many unique, new passcodes must be created before the user can re-use an old password.

This feature is available for Android 3.0 and later versions only.

  • Click the 'Save' button. 

The settings are saved and shown under the 'Passcode' tab. You can edit the settings or remove the section from the profile at anytime.See Edit Configuration Profiles for more details.


Configure Restriction settings

  • Click 'Restrictions' from the 'Add Profile Section' drop-down



Form Element

Description

Allow Turn-off background Sync

Select this to allow users to disable background synchronization setting on their devices.

Allow Bluetooth

Select this to allow users to enable/disable Bluetooth on their devices.

Allow Camera

Select this to allow users to use the camera

Allow Un-encrypted devices

Select this to enable users to use device without turning on the storage encryption feature. This feature is available for Android 3.0 and later versions only.

Allow to run Apps installed from unknown sources

Select this to allow users to run installed applications that were download from unknown sources

Cellular Connection Control

Choose whether or not to allow the device to connect to the internet through a cellular network (2G/3G/4G):

  • Cellular Connection on - Maintains the data connection through cellular network enabled, irrespective of user settings under 'Settings' > 'Wireless and Network settings' in the device.

  • Cellular Connection off - Maintains the data connection through cellular network disabled, irrespective of user settings under 'Settings' > 'Wireless and Network settings' in the device.

  • User Choice - The connection is enabled or disabled as per the user's setting under 'Settings' > 'Wireless and Network settings' in the device.

WiFi Connection Control

Choose whether or not to allow the device to connect to WiFi networks and hotspots from the options.

  • WiFi Connection on - Always maintains the WiFi connection enabled, irrespective of user's setting under 'Settings' > 'Wireless and Network settings' in the device.

  • WiFi Connection off - Always maintains the WiFi connection disabled, irrespective of user's setting under 'Settings' > 'Wireless and Network settings' in the device.

  • User Choice - The connection is enabled or disabled as per the user's setting under 'Settings' > 'Wireless and Network settings' in the device.

Location Service Control

Choose whether or not to allow the location services on the device from the options:

  • Location Service Always On - Always maintains the location services enabled, irrespective of the user's setting on the device.

  • Location Service Always Off - Always maintains the location services disabled, irrespective of the user's setting on the device.

  • User Choice - The location service is enabled or disabled as per the user's setting on the device.


  • Click the 'Save' button.

The settings are saved and shown under the 'Restrictions' tab. You can edit the settings or remove the section from the profile at anytime.See Edit Configuration Profiles for more details.


Configure VPN settings


Note: The feature is supported for only Samsung for Enterprise (KNOX) devices.

  • Click 'VPN' from the 'Add Profile Section' drop-down


Form Element

Description

Configure for type

Choose the VPN connection type from drop-down. The options available are:

  • L2TP,

  • PPTP,

  • L2TP/IPSec PSK,

  • IPSec, XAuth PSK

  • IPSec XAuth RSA.

VPN Connection Name

Enter a label for the connection. This is shown on the device.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Host name of the VPN Server

Enter the IP address or host name of the VPN server.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Username / Password

Enter the login credentials for the device to connect to the VPN server.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

DNS Search Domains

Enter the IP address or hostname of the DNS server that devices will use for searching domain names.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

For L2TP

  • Enable L2TP Secret

If enabled, the pre-shared L2TP should be entered in the next field L2TP Secret

  • L2TP Secret

If L2TP Secret is enabled, then the pre-shared key should be entered here by the user or selected from 'Variables'

For PPTP

  • Enable Encryption

If selected, the connection is encrypted between the devices and the VPN server.

For L2TP/IPSec PSK

  • Enable L2TP Secret

If enabled, the pre-shared L2TP should be entered in the next field L2TP Secret

  • L2TP Secret

If L2TP Secret is enabled, then the pre-shared key should be entered here by the user or selected from 'Variables'

  • IPSec Pre-Shared Key

If IP Sec Identifier is enabled, then the pre-shared key should be entered here by the user or selected from 'Variables'

For IPSec Xauth PSK

  • IP Sec Identifier

Enter the IPSec identifier in the field.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

  • IPSec Pre-Shared Key

If IP Sec Identifier is enabled, then the pre-shared key should be entered here by the user or selected from 'Variables'.

Use for persistent connect

Forcibly maintains the VPN connection always at the enabled state, irrespective of user's settings through 'Settings' > 'Wireless and Networks' in the device. In order to enable this feature, the following conditions are to be satisfied:

  • The profile should have been created already and rolled out to the devices. Hence the administrator will be able to enable this feature after rolling out the profile and then by editing the profile. See Edit Configuration Profiles for more details.

  • Suits to all VPN connections types, except PPTP

  • The VPN server and the DNS server should have been specified by their IP addresses in IPv4.

  • Click the 'Save' button after entering or selecting the parameters.

The VPN connection setting is added to the profile.


 

  • Click 'Add VPN' and repeat the process to add more VPN connections.

  • Click the name of a connection to view and edit its settings

You can add any number of VPN connection settings to the profile at anytime. See Edit Configuration Profiles for more details.


Configure Wi-Fi settings

  • Click 'Wi-Fi' from the 'Add Profile Section' drop-down


Type

Description

Text Field

Enter the Service Set Identifier (SSID), the name of the wireless network that a device should connect to.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

Checkbox

If enabled, users will be able to access the hidden wireless network too. Users must know the hidden SSID details and the required credentials.

Drop-down

Select the type of encryption used by the wireless network from the drop-down. The options available are:

  • Open

  • WEP

  • WPA / WPA2 - PSK

  • 802.1x EAP

The settings for each type is explained in the next table Wi-Fi configuration type settings.


Wi-Fi Configuration Type settings


Wi-Fi Configuration Type Settings - Table of Parameters

Security Configuration Type

Description

Open

No password is required for accessing the Wi-Fi network by the user.

WEP

Authentication Password - Enter the password to access the Wi-Fi network.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

WPA / WPA2 - PSK

Authentication Password - Enter the password to access the Wi-Fi network.


Click the variables button   to insert dynamic values. See Create and Manage Custom Variables for more details on variables.

802.1x EAP

1. EAP Authentication Protocol - Select the EAP authentication protocol from the drop-down. Applicable for Samsung for Enterprise devices KNOX 2.0 + version.

  • PEAP

  • TLS

  • TTLS

2. Phase 2 Authentication Protocol - Select the Phase 2 authentication protocol from the drop-down. Applicable for Samsung for Enterprise devices KNOX 2.0 + version.

  • None

  • PAP

  • MSCHAP

  • MSCHAPV2

  • GTC

3. Certificate - Select the user certificate from the drop-down or upload it using the 'Add New' button.


4. CA Certificate - Select the CA certificate from the drop-down or upload it using the 'Add New' button.


5. Authentication Username - Enter the username for Wi-Fi authentication. Applicable for Samsung for Enterprise devices KNOX 2.0 + version.


6. Authentication Password - Enter the password for Wi-Fi authentication. Applicable for Samsung for Enterprise devices KNOX 2.0 + version.


7. Authentication Domain - Enter the details for RADIUS Server authentication. Applicable for Samsung for Enterprise devices KNOX 2.0 + version.


8. Anonymous Identity - Enter the username that can be used for anonymous access. Applicable for Samsung for Enterprise devices KNOX 2.0 + version.


9. Encryption Key - Enter the encryption key to access the Wi-Fi network.


Click the variables button to insert dynamic values. See Create and Manage Custom Variables for more details on variables.


  • Click the 'Save' button after entering or selecting the parameters.

The 'Wi-Fi' network' is saved to the profile.




  • Click 'Add Wi-Fi' and repeat the process to add more Wi-Fi networks.

  • Click the SSID of the network to view and edit its settings.

You can add or remove Wi-Fi networks at any time. See Edit Configuration Profiles for more details.



Configure 'Other Restrictions' settings


The feature is supported for Samsung for Enterprise (KNOX) devices only.

  • Click 'Other Restrictions' from the 'Add Profile Section' drop-down



Form Element

Description

Allow USB

Allows users to establish connections via USB ports.

Use Network Time

Allows users to enable/disable network provided values in Date & Time settings.

Allow Microphone

Allows users to use microphone. If this is disabled, users can use microphone for receiving and making calls only.

Allow Near Field Communication (NFC)

Allows devices to establish connection via NFC

Allow Mock Locations

Allows users to enable/disable 'Mock Location' in developer mode settings.

Allow SD Card

Users can use SD card on their devices.

Allow SD Card Write

Users can store data on the SD card

Allow Screen Capture

Users can take screenshot of the device screen.

Allow Clipboard

Users will be allowed to use clipboard memory.

Backup my data

Users will be allowed to take a backup of data in their devices.

Visible Passwords

Allows users to enable/disable show password feature.

Allow USB Debugging

Allows users to enable/disable 'USB Debugging' option in developer mode settings.

Allow Factory Reset

Allows users to reset the device to factory settings.

Allow OTA Upgrade

Allows devices to receive Over-the-air (OTA) upgrade for software updates.


  • Click the 'Save' button.

The settings are saved and shown under 'Other Restrictions' tab. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.

Configure Update Settings

The updates section of a Android profile lets you configure when managed devices should check for new version updates.

  • Click 'Updates' from the 'Add Profile Section' drop-down
The Updates settings screens will be displayed.




 

  • Allow agent to show new version availability pop-up - Forces the endpoint to check the new version update pop-up. Deselect if you want to disable auto-updates.(Default = Enabled)

  • Update Check Period - Choose how often the agent should check for updates. (Default = 1 hour, Maximum = 1 day)

The available options are:

    • Choice of every one hour to 1 day.You can increase the update check period by moving the blue coloured dot icon.

    • The agent checks for a new version update within the selected period.

  • Click the 'Save' button.

  • The settings are saved and shown under 'Updates' tab. You can edit the settings or remove the section from the profile at anytime. See Edit Configuration Profiles for more details.
Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2025. All rights reserved.