Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Solution Framework
  3. Security Posture & Compliance

Category filter

Automating Jailbreak/Root Detection and Remediation

Jump To

This document outlines the operational and technical framework for implementing Jailbreak and Root Detection within Hexnode UEM. It covers the detection logic, the configuration of automated response workflows, and remediation protocols to ensure zero-trust security across the mobile fleet.

  1. The Automated Defense Loop

    In a Hexnode UEM environment, detection is the trigger for an Automated Quarantine Workflow. When the Hexnode agent identifies a compromised kernel or unauthorized binary managers (e.g., Cydia, Magisk), it transitions the device into a “digital isolation” state. This prevents a single compromised endpoint from serving as a lateral movement gateway into the corporate network.

  2. Detection Mechanisms

    Hexnode utilizes multi-layer sensors to verify OS integrity. These checks occur during periodic syncs or are triggered by specific security events.

  3. Configuration Steps (Hexnode UEM)

    Step A: Enable Detection Sensors

    1. Navigate to Policies > Compliance Policies > New Policy > Android/iOS > New Blank Policy.
    2. Under Basic Settings for iOS, enable the checkboxes for Device is Jailbroken for iOS/iPadOS devices.
    3. Under Advanced Settings for Android, add the criteria Device Root Status is True to mark device as non-compliant.
    4. Set the Scan Frequency (under Admin > General Settings) to ensure periodic validation.

    Step B: The Quarantine Workflow (Dynamic Groups)

    Dynamic groups serve as the “logical engine” for automation.

    1. Navigate to Manage > Device Groups > New Dynamic Group.
    2. Define the Filter Logic: Compliance Status is Non-Compliant AND Compliance info for Jailbreak AND Rooted is True.
    3. Name this group QUARANTINE_COMPROMISED.

    Step C: Automate Access Revocation

    Create a Quarantine Policy associated with the dynamic group above to enforce the following:

    • Device Restrictions: Disable Wi-Fi, Camera, and Bluetooth to prevent data exfiltration.
    • App Management: Configure “Blocklisted Apps” or remove managed corporate apps (e.g., Outlook, Slack) upon non-compliance.
    • Network Isolation: Use the Global HTTP Proxy or VPN-based Data Restrictions to redirect web traffic to a security warning page.

  4. The Quarantine Matrix: Severity Actions

    Detection Type Severity Hexnode Action
    Suspected Root Medium Block Access: Revoke email/IdP tokens via Okta/Entra ID integration.
    Confirmed Jailbreak High Enterprise Wipe: Automatically remove all corporate-installed apps, accounts, and profiles.
    Integrity Failure High Lost Mode/Lock: Enable Hexnode “Lost Mode” to render the device unusable.

  5. User Remediation & Troubleshooting

    Set an automated broadcast message to be sent to the devices in this dynamic group to initiate at device non-compliance.
    CRITICAL SECURITY ALERT: Your device has been flagged for “Unauthorized OS Modification.” To protect company data, all corporate apps have been removed. Please contact the IT Security team immediately.

Common Issues

  • False Positives: Certain developer-centric Android devices may ship with unlocked bootloaders. These should be manually added to an Exclusion Group.
  • Delayed Status: If a user “reverts” a jailbreak, the status remains “Non-Compliant” until a Manual Scan is triggered from the Hexnode console.
  • Agent Protection: Always enable the “Prevent MDM Profile Removal” restriction to prevent users from bypassing detection.
Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Solution Framework