False positives for Compromised status on iOS 11.3 and 11.3.1 devices


The VMware Workspace ONE Teams have received reports on false positives for compromised detection on some devices running iOS 11.3 and 11.3.1. This may occur on VMware AirWatch Agent, Workspace ONE, Container or any of the VMware productivity applications.


Preventative Action

To prevent un-enrollment of devices which encounter the false compromised detection, we recommend temporarily disabling the Compromised Protection setting under Groups & Settings > All Settings > Apps > Settings & Policies > Security Policies > Compromised Protection as a workaround for these false positives.

Disabling Compromised Protection will prevent immediate unenrollment of a device when it is detected to be compromised (even for false positives).

Alternatively, to track and detect compromised devices, a compliance policy can be created to detect Compromised devices and Admins can be notified to take an action.



Fix Version

Based on recently received reports, VMware AirWatch has identified a small percentage of iOS devices running unsupported versions of VMware AirWatch applications or internally developed SDK applications with SDK versions lower than and For all iOS 11.3+ devices, please ensure that AirWatch Apps are upgraded to the minimum versions outlined here.

Other Languages: 日本語

Have more questions? Submit a request


Article is closed for comments.