Capabilities by Deployment Type

The capabilities of Workspace ONE Mobile Threat Defense depend on which app you deploy to devices in your integration with Workspace ONE UEM.

Threat Protection Capability Intelligent Hub Lookout for Work
ACCESS_CONTROL_VIOLATION Access Control Violation due to a possible device compromise X X
ACTIVE_MITM Allows a malicious actor to intercept data sent between two parties X X
ADWARE Serves intrusive ads or sends excessive PII to ad networks X X
APP_DROPPER Downloads malicious apps to the device X X
BACKDOOR Opens up protected components to an attacker X X
BOT Enables remote access and control of the device X X
CHARGEWARE Misleadingly charges the device user X X
CLICK_FRAUD Defrauds ad networks by faking clicks or downloads X X
DATA_LEAK Leaks PII or other sensitive data off the device X X
DENYLISTED_APP App denylisted as it violates policies or is unsafe X X
DENYLISTED_CONTENT The device encountered denylisted content either through user activity in apps or browsers or through background app activity . X
DEVELOPER_MODE_ENABLED Device has developer mode enabled X X
EXPLOIT Leverages OS flaws to gain escalated device privileges X X
MALICIOUS_CONTENT The device encountered malicious content either through user activity (in apps or browsers) or through background app activity . X
NO_DEVICE_LOCK Device does not have a lock screen or passcode enabled X X
NON_APP_STORE_SIGNER There is a trusted signing identity on the device that may be used to install and execute 3rd party apps not from the iOS App Store X X
OFFENSIVE_CONTENT The device encountered offensive content either through user activity (in apps or browsers) or through background app activity . X
OUT_OF_DATE_ASPL Device has an out-of-date Android security patch level X X
OUT_OF_DATE_OS Device has an out-of-date OS version X X
PCP_DISABLED The phishing and content protection feature has been disabled on the device . X
PHISHING_CONTENT The device encountered phishing content either through user activity (in apps or browsers) or through background app activity . X
RISKWARE Engages in risky behavior X X
ROGUE_WIFI A wireless access point that imitates a known Wi-Fi to intercept and modify users private data by executing Man-in-the-Middle attacks.

When Workspace One Mobile Threat Defense detects a rogue WiFi or Man-in-the-Middle attack on a device, an alert is sent to the device about the threat, MTD disconnects from the rogue WiFI, and attempts to connect via a cellular backchannel on the device. If there is no cellular backchannel available to reestablish connectivity to the MTD console, this results in a threat not immediately shown in the MTD console. As such, it requires the rogue WiFi to be disconnected. Only after a safe network connection is used to reestablish connectivity will the threat display in the MTD console.
ROOT_ENABLER Enables root access to the device X X
ROOT_JAILBREAK Device has been rooted or jailbroken X X
SPAM Uses device to send spam email or SMS X X
SPYWARE Engages in broad-based data collection X X
SURVEILLANCEWARE Engages in targeted data collection X X
TOLL_FRAUD Fraudulently charges user through premium SMS or carrier fees X X
TROJAN Performs malicious activities that are not disclosed X X
UNENCRYPTED Device does not have storage encryption enabled X X
UNKNOWN_SOURCES_ENABLED Device can install applications from unofficial app stores (supported on Android 4.1-7.1) X X
USB_DEBUGGING_ENABLED Device has USB debugging enabled X X
VIRUS A test application used to prove detection efficacy X X
VPN_NOT_ENABLED The permission for the local VPN used for phishing and content protection and on-device threat protection was not accepted on the device X X
VULNERABILITY App has an exploitable vulnerability X X
WORM Replicates malicious code from one device to another X X
check-circle-line exclamation-circle-line close-line
Scroll to top icon