If you configure
endpoint analysis, you need to configure the policy expressions so that the
endpoint analysis scans do not run on Android or iOS mobile devices. Endpoint
analysis scans are not supported on mobile devices.
If you bind an
endpoint analysis policy to a virtual server, you must create a secondary
virtual server for mobile devices. Do not bind preauthentication or
post-authentication policies to the mobile device virtual server.
When you configure
the policy expression in a preauthentication policy, you add the User-Agent
string to exclude Android or iOS. When users log on from one of these devices
and you exclude the device type, endpoint analysis does not run.
For example, you
create the following policy expression to check if the
User-Agent contains Android, if the application
virus.exe does not exist, and to end the process keylogger.exe if it is running
by using the preauthentication profile. The policy expression might look like
NOTCONTAINS Android && CLIENT.APPLICATION.PROCESS(keylogger.exe)
contains || CLIENT.APPLICATION.PROCESS (virus.exe) contains
After you create the
preauthentication policy and profile, bind the policy to the virtual server.
When users log on from an Android or iOS device, the scan does not run. If
users log on from a Windows-based device, the scan does run.
For more information
about configuring preauthentication policies, see
Configuring Endpoint Polices.