How to Configure Mobile Threat Defense Policies in Harmony Mobile

Check Point Harmony Mobile provides comprehensive mobile threat defense through configurable policies that protect against network attacks, malicious applications, and device vulnerabilities. This guide covers creating and configuring threat defense policies to secure your mobile fleet while maintaining user productivity.

Prerequisites

Before configuring threat defense policies, ensure you have:

• Harmony Mobile deployed to your organization's devices
• Administrator access to the Check Point Infinity Portal
• Device groups created for policy assignment
• Understanding of your security requirements and risk tolerance
• UEM/MDM integration configured (optional, for Conditional Access)

Understanding Harmony Mobile Protection

Harmony Mobile provides protection across multiple threat vectors:

Protection Layer	Threats Addressed
Network Protection	MitM attacks, rogue WiFi, SSL stripping, network exploits
Application Security	Malware, spyware, PUPs, vulnerable apps
OS Protection	Jailbreak/root detection, OS vulnerabilities, risky configurations
Anti-Phishing	SMS phishing (smishing), malicious URLs, social engineering

Step 1: Access Policy Configuration

1. Sign in to https://portal.checkpoint.com
2. Navigate to Harmony > Mobile
3. Go to Policy in the left menu
4. You'll see the default policy and any custom policies you've created

Step 2: Configure Network Protection

Network protection detects and prevents network-based attacks.

Access Network Protection Settings

1. In the Policy section, click on your policy (or the default policy)
2. Click Network Protection to expand settings

Configure WiFi Protection

Protect against rogue and malicious WiFi networks:

1. Rogue Access Point Detection

   • Enable Detect rogue corporate WiFi
   • Configure the risk level when detected:

     Risk Level	Effect
     Low	Logged only
     Medium	User notification
     High	Conditional Access triggered

   • Click Save

2. Unsecured WiFi Warning

   • Enable Warn on unsecured WiFi
   • Configure notification settings
   • Users will be alerted when connecting to open networks

3. Network Blacklist

   • Add specific SSIDs to block
   • Useful for known malicious networks or competitor networks
   • Enter SSID names to blacklist

Configure Port Scan Detection

Detect reconnaissance attempts against mobile devices:

1. Navigate to Network > WiFi Network > Port Scan Settings
2. Enable Alert on Port Scanning
3. Select the device risk level for port scan detection:
   • Low: Informational only
   • Medium: User notification
   • High: Trigger Conditional Access
4. Click Save

Configure HTTPS Inspection

Enable deep packet inspection for encrypted traffic:

1. Go to Network Protection > HTTPS Settings
2. Enable HTTPS Inspection checkbox
3. Under Inspection CA, select:
   • Central CA for UEM Deployment: Same CA across all devices (recommended)
   • CA Certificate per device: Unique CA for each device
4. If using Central CA:
   • Click Generate CA Certificate
   • Download and deploy via MDM
5. Click Save

Note: HTTPS inspection requires the CA certificate to be trusted on devices. Deploy via MDM for seamless user experience.

Configure On-Device Network Protection (ONP)

Enable network protection without routing traffic through a VPN:

1. Go to Network Protection > On-Device Network Protection
2. Enable ONP for lightweight protection
3. Configure:
   • Malicious URL blocking: Block known phishing and malware URLs
   • Anti-bot protection: Detect command-and-control communications
   • ThreatCloud intelligence: Use Check Point threat feed

Step 3: Configure Application Security

Protect against malicious and risky applications.

Access Application Settings

1. In your policy, click Application Security to expand
2. Configure settings for application protection

Configure Malware Protection

1. Malware Detection

   • Enable Scan for malware
   • Configure scan triggers:
     • On app install
     • On app update
     • Periodic background scan
   • Set risk level for malware detection: High (recommended)

2. Malware Actions

   • Configure response when malware is detected:

     Action	Description
     Alert only	Notify user and admin
     Quarantine	Isolate the app
     Block	Prevent app from running

   • Click Save

Configure Potentially Unwanted Programs (PUP)

1. Enable Detect potentially unwanted programs
2. Configure risk level (Medium recommended)
3. Define categories to detect:
   • Adware
   • Spyware
   • Remote access tools
   • Rooting/jailbreak tools

Configure App Vulnerability Scanning

1. Enable Detect vulnerable applications
2. Harmony Mobile will identify:
   • Apps with known CVEs
   • Outdated app versions
   • Apps with dangerous permissions
3. Configure risk level based on vulnerability severity

Configure App Reputation

1. Enable App reputation checking
2. Harmony Mobile uses ThreatCloud to verify:
   • App publisher reputation
   • App behavior analysis
   • Community risk ratings
3. Configure actions for low-reputation apps

Step 4: Configure OS Protection

Detect and respond to device operating system risks.

Access OS Protection Settings

1. In your policy, click OS Protection to expand
2. Configure device-level security settings

Configure Jailbreak/Root Detection

1. iOS Jailbreak Detection

   • Enable Detect jailbroken devices
   • Set risk level: High (recommended for corporate devices)
   • Actions: Alert, block corporate resources, or both

2. Android Root Detection

   • Enable Detect rooted devices
   • Set risk level: High
   • Configure response actions

Configure OS Version Policy

1. Enable OS version compliance
2. Define minimum supported versions:
   • iOS minimum: 15.0 (or your requirement)
   • Android minimum: 11.0 (or your requirement)
3. Set risk level for outdated OS:
   • Low: Advisory only
   • Medium: User notification
   • High: Block corporate access
4. Click Save

Configure Risky Configuration Detection

Detect device settings that increase risk:

1. Enable Detect risky configurations
2. Configure detection for:
   • Developer mode enabled
   • USB debugging enabled (Android)
   • Unknown sources enabled (Android)
   • Screen lock disabled
3. Set risk levels for each configuration

Step 5: Configure Anti-Phishing Protection

Protect users from phishing attacks across multiple channels.

Configure SMS Phishing Protection (Android)

1. Navigate to Network > SMS Phishing
2. Enable Enable SMS Phishing Protection checkbox
3. Configure:
   • URL scanning: Check links in SMS messages
   • ThreatCloud lookup: Verify URLs against threat intelligence
4. Click Save

Recommendation: Enable both ONP (On-device Network Protection) and SMS Phishing Protection for comprehensive URL protection.

Configure URL Filtering

1. Go to Network Protection > URL Filtering
2. Enable URL filtering
3. Configure blocked categories:
   • Phishing sites
   • Malware distribution
   • Command and control servers
   • Newly registered domains (optional)
4. Configure risk levels for each category

Configure Safe Browsing

1. Enable Safe browsing warnings
2. Users will receive warnings when:
   • Visiting known phishing sites
   • Clicking suspicious links in apps
   • Accessing risky URLs from any app

Step 6: Configure Risk Levels and Actions

Define how different risk levels affect device status and access.

Understanding Risk Levels

Risk Level	Description	Typical Response
Low	Minor concern, informational	Log event, optional notification
Medium	Moderate risk, action recommended	User notification, advisory
High	Significant risk, immediate action	Block access, mandatory remediation
Critical	Severe threat, device compromised	Full lockdown, isolate device

Configure Conditional Access Integration

For Microsoft Intune integration:

1. In Harmony Mobile, go to Settings > Device Management

2. Verify Microsoft Intune is configured

3. Go to Policy > Conditional Access

4. Map risk levels to access decisions:

   • Low risk: Full access
   • Medium risk: Access with warnings
   • High risk: Limited access (email only)
   • Critical risk: No access

5. In Microsoft Intune:

   • Create a device compliance policy
   • Add Require the device to be at or under Device Threat Level
   • Select maximum allowed threat level
   • Assign to user groups

Configure Admin Alerts

1. Go to Settings > Alerts
2. Configure alert triggers:
   • High-risk events
   • Malware detections
   • Device compromise
3. Set alert recipients (admin email addresses)
4. Configure alert frequency (immediate, daily digest, etc.)

Step 7: Create Custom Policies

Create different policies for various user groups.

Create a New Policy

1. Go to Policy in Harmony Mobile
2. Click Add Policy or Create New Policy
3. Enter a policy name (e.g., "Executive Devices - Strict")
4. Configure settings specific to this group:
   • More restrictive for executives
   • Balanced for general employees
   • Monitoring-only for contractors

Policy Configuration Examples

Executive Policy (Strict):

Setting	Configuration
Network Protection	All enabled, High risk
HTTPS Inspection	Enabled
Malware Detection	Block immediately
Jailbreak/Root	High risk, block access
OS Compliance	Current version required

Standard Employee Policy (Balanced):

Setting	Configuration
Network Protection	Enabled, Medium risk
HTTPS Inspection	Optional
Malware Detection	Alert and quarantine
Jailbreak/Root	High risk, alert
OS Compliance	N-1 version allowed

Contractor Policy (Monitoring):

Setting	Configuration
Network Protection	Monitor only
HTTPS Inspection	Disabled
Malware Detection	Alert only
Jailbreak/Root	Alert only
OS Compliance	Advisory

Assign Policies to Groups

1. Go to Devices > Groups
2. Select a device group
3. Click Assign Policy
4. Select the appropriate policy
5. Click Save

Step 8: Test Policy Configuration

Verify policies work as expected before full deployment.

Test Network Protection

1. On a test device, connect to an unsecured WiFi network
2. Verify warning appears (if configured)
3. Check event logged in dashboard

Test Malware Detection

1. Download the EICAR test file (safe test malware)
2. Verify Harmony Mobile detects and handles it
3. Check device risk level changed appropriately

Test Conditional Access

1. Manually set a test device to high risk
2. Attempt to access corporate resources
3. Verify access is blocked (if Conditional Access configured)
4. Clear the risk level and verify access restored

Troubleshooting Policy Issues

Policies Not Applying

Symptoms: Devices not following configured policy settings.

Solutions:

1. Verify device is assigned to a group with the correct policy
2. Check device has synced recently (force sync from app)
3. Confirm policy changes are saved
4. Restart the Harmony Mobile app on the device

False Positive Detections

Symptoms: Legitimate apps or activities flagged as threats.

Solutions:

1. Review the detection in the Events log
2. If false positive, add to whitelist/exceptions
3. Adjust sensitivity settings for that threat category
4. Report false positive to Check Point support

Conditional Access Not Triggering

Symptoms: High-risk devices still accessing corporate resources.

Solutions:

1. Verify UEM integration is properly configured
2. Check Conditional Access policy is assigned in UEM
3. Confirm risk level mapping is correct
4. Verify device is enrolled in UEM and Harmony Mobile

Best Practices

1. Start with monitoring: Enable detection without blocking initially
2. Gradual enforcement: Increase protection levels over time
3. User communication: Explain why protections are in place
4. Regular review: Audit events and adjust policies monthly
5. Test changes: Always test policy updates on a pilot group
6. Document exceptions: Track any whitelisted apps or networks
7. Stay updated: Keep threat definitions and app versions current

Next Steps

After configuring threat defense policies:

1. Monitor dashboard: Review threat trends and device compliance
2. Set up reporting: Schedule regular security reports
3. Integrate SIEM: Forward events to your security operations center
4. Train users: Educate on responding to security alerts
5. Review and refine: Adjust policies based on operational experience

Additional Resources

• Harmony Mobile Policy Documentation
• Network Protection Configuration
• Microsoft Intune MTD Integration
• Miercom 2025 MTD Assessment Results

---

Need expert help with mobile security? Inventive HQ specializes in enterprise mobile threat defense deployments and policy optimization. Contact us for a security assessment.