Samsung knox manage. Google Project Zero: How we cracked Samsung s DoD- and NSA-certified Knox

Hexnode vs Knox Manage: Strategic considerations for making the right choice

It has been traditionally difficult for enterprise IT to keep pace with the rapidly changing workplace mobility landscape. Digital transformation of enterprises has urged IT to find a unified method of managing the diverse device form factors that came into the workplace, and with these diverse assets taken out of the corporate perimeter, the pandemic now has made it further harder.

Most of the enterprises the world over have already employed work from home, and many are planning to continue this even after the crisis ends, considering the competitive edge it can impart to the company’s overall operations. So, as long as this “Everywhere Enterprise” trend shows no signs of slowing down, relying on endpoint management solutions is not just a choice, but a necessity for robust enterprise security. All these facts have collectively driven a new wave of interest among organizations in investing in potential endpoint management solutions more than ever.

  • Things to consider before choosing your UEM solution
  • Hexnode UEM
  • Knox Manage
  • Hexnode vs Knox Manage: Top reasons why Hexnode wins
  • Meets requirement
  • Ease of use and setup
  • Quality of support
  • Product direction
  • What’s new in Hexnode UEM
  • Plan pricing
  • What our customers had to say about Hexnode
  • The verdict
  • Start your free trial today!

Things to consider before choosing your UEM solution

UEM solutions are critical infrastructure components for any business, and as every organization varies in its reliance on workplace technologies, the one that best suits each depends upon its unique administration, management and support requirements. However, the general things to keep in mind while choosing a UEM solution includes:

  • The solution should be scalable and need to work seamlessly across multi-OS and multi-vendor devices supporting a globally distributed workforce.
  • The solution should augment the organization’s security posture.
  • The solution should manage the entire device life cycle.
  • The solution should automate all possible time-consuming tasks from onboarding to decommissioning devices.
  • The solution should be able to set up policies for all management scenarios related to different job functions.
  • The solution should be cost-effective and should drive an impressive ROI.

Now that you have an idea of the best practices of choosing UEMs for organizations struggling with traditional IT management methods. As a further step, let us evaluate and break down the differences between the industry-leading UEM solution Hexnode and Samsung-owned mobility management suite Knox Manage to check how the two compares, especially in the case of Android device management.

Hexnode UEM

Hexnode UEM is an award-winning enterprise security and endpoint management offering from Mitsogo Inc., a San Fransisco based IT service provider founded in 2013. With its extensive feature stack and comprehensive platform support, Hexnode has been trusted by industry leaders around the world. Hexnode’s kiosk management capabilities and enterprise-ready integrations make it a key player in the UEM market for which Gartner has recognized Hexnode in its Midmarket Context: Magic Quadrant for UEM 2021.

When the functionalities offered by its industry peers fall short of meeting enterprise requirements, Hexnode takes a few steps further in offering unique features to let organizations secure their heterogeneous environments and stay within regulatory guidelines. Same day support for new OSs and the latest management APIs enable Hexnode always to be ahead of the curve. With the rising number of businesses supporting remote and distributed workforces, Hexnode’s Remote Monitoring and Management services are more relevant than ever to address the demanding challenges of Anywhere Enterprise.

Samsung S-Health Knox 0x1 простое решение проблемы запуска приложения на телефоне с рутом!

Knox Manage

Knox Manage is the cross-platform EMM solution offered by Samsung and comes as an additional management service in its Knox Suite apart from other offerings like Knox Platform for Enterprise, Knox Mobile Enrollment and Knox E-FOTA. Being a Samsung offering, Knox Manage highly focuses on Android device management, along with which it offers support for a few other platforms widely used by enterprises.

The real time monitoring and remote management features with Knox Manage work well in troubleshooting issues with the corporate endpoints at different geographic locations. This Cloud based solution leverages the capabilities of all other Samsung management offerings for automated and hassle-free device management. Integration with other enterprise programs like Android Enterprise also makes it easy for Knox Manage to handle different enterprise scenarios.

Hexnode vs Knox Manage: Top reasons why Hexnode wins

Shoulder-to-shoulder comparison: Hexnode vs Knox Manage

Meets requirement

Hexnode supports a variety of OS platforms like Android, iOS, iPadOS, Windows, macOS, tvOS, FireOS and even plans to add support for platforms like ChromeOS. Knox Manage, being optimized for only managing Samsung Galaxy devices offers less in the way of other Androids, iOS and Windows for which they have support. To add, there is no support for any other commonly used OS platforms, which means that you will have to depend on another solution to manage the other corporate assets, and the more products you depend upon, the harder it is to take action promptly and more complex the endpoint management process becomes.

Both the players play fairly well in remote management, content management, application management and compliance management for the platforms they support, but Hexnode’s extensive integration with all the several manufacturers like Kyocera, Honeywell, LG GATE and even Samsung Knox gives it an upper hand in integrating any new management features to its console in no time leveraging OEMConfig.

Both the solutions have a host of kiosk management features for handling single app, multi app and website lockdown scenarios but the good perk of Hexnode here is that it offers kiosk lockdown for most of the platforms it supports in contrast to Knox Manage which has kiosk support for only Legacy Android and Android Enterprise devices.

As Knox Manage is primarily focused on Android device management, weighing up the Android management pros and cons makes sense. Here’s is a quick chart showing some of the core management features for which Hexnode has proved to be organizations’ odds-on-favorite.

Ease of use and setup

An easy to manage web console that gives IT visibility into the management policy status and a flawless UI which makes it easy to configure, manage and monitor enterprise assets is something both the solution has. When the Quick Start Wizard with Knox Manage makes the setup process easier, the Getting started section of Hexnode quickly guides the users and helps them make their endpoints work-ready.

Quick and over-the-air enrollment methods are another important factor that makes the onboarding processes easy. Both the vendors streamline mass enrollment of devices using Android Zero Touch Enrollment and Knox Mobile Enrollment for Android, and Apple Business Manager for iOS. When it comes to Windows, their automated enrollment program, the Windows Autopilot, is something Hexnode has in its pipeline though it supports mass deployments through ppkg enrollment. Apart from these automated enrollment methods, Hexnode has some nearer to hands-free methods like QR code enrollment and ROM enrollment.

When it comes to the case of over-the-air app deployments, both the solution offers support for Apple’s VPP program, thereby enabling bulk purchase and distribution of iOS apps, though Hexnode supports the program for macOS and tvOS as well. However, this makes a win-win situation for both the parties in terms of quick app distribution, with Knox Manage having the feature for at least iOS, the only Apple platform it has support for.

Quality of support

Technical support is an area Hexnode always pioneers since its inception. The unmatched support offered by Hexnode’s technical support team involves 24/5 dedicated live chat and call support and anytime access through emails. The product demonstrations, prompt replies to queries and quick troubleshooting, everything is praised by their customers. Apart from this, Hexnode also has a comprehensive knowledge base with getting started and troubleshooting guides along with exclusive guides all the supported features and other resources in the library, including blogs, white papers, datasheets and Hexnode Connect – the forums, only makes it easier for the users to get to know Hexnode.

Knox Manage also has a good support team consisting of technical experts (no need to mention the expertise they will be having in managing Samsung gadgets) but reaching out to them is much complex as there is a set of procedures to enable technical support in Knox Manage. Though the technical documentation and resource inventory speaks for it, the inconvenience caused by the set of processes the admins have to set up really counts as a drawback.

Product direction

Hexnode UEM always tries to be an all-encompassing solution, and these efforts have contributed greatly towards its journey towards a one-size-fits-all solution. The Hexnode team always focuses on user experience and is sure to give priority to customer requested features whenever they are adding new features to their management suite. Well, into the future, the product is looking to extend its support to more OS platforms, even non-standard operating systems on which the latest Smart devices run along with IoT device variants like wearables and printers.

What’s new in Hexnode UEM

Catch up with 2021’s exciting enhancements to Hexnode’s extensive directory of enterprise-grade management services.

Being a Samsung-offered management solution, Knox Manage focuses on making most of its offerings optimized for Samsung Knox device management. This indeed makes it a real contender in the case of Samsung Knox device management, but it would have been better if the solution has the same FOCUS for other OSs too or at least for other Android vendors, only after which we can consider them as a good to have Android Management solution.

Plan pricing

Reasonable pricing is Hexnode’s another sweet perk. Five different pricing plans starting from the basic management suite offered at a 1 per month rate makes Hexnode a much affordable solution for SMEs.

Knox Manage can be obtained either as a part of Knox Suite or as an individual solution that could be purchased from its resellers. However, if used as a part of the Knox Suite, the organization needs to obtain the Knox Suite license key from a Reseller. Anyhow, the individual annual commercial license for Knox purchased from a reseller costs something around 16 to 20.

Talking about the trials offered, both the solutions offer a free full-feature trial to explore their products, the trial period being 14 days for Hexnode UEM and 90 days for Knox Manage.

What our customers had to say about Hexnode

Hexnode’s prime FOCUS is customer satisfaction

Don’t just take our word for it, see what our customers are saying!

The service and the product has been excellent as well as the follow up from the marketing team. – Reg W.

Our implementation of Hexnode started as a replacement for some very expensive time-clocks from our HR partner, we needed a way to centrally manage the iPads for use as time-clocks. Now, we’re using Hexnode for temperature logging kiosks, timeclocks, iPhones for our security, and more iPads soon to be used for our maintenance staff. – Steven B.

Hexnode offers several different levels of features. We needed to lock down a Samsung Galaxy Tab E to only use one program. Their first level feature, Kiosk mode, is all we needed to be able to do this. It works great. The tablets auto boot into the program we have installed and all other functions of the tablet are disabled or not accessible. On top of this, they are by far the cheapest company we’ve found to offer this feature. Software is easy to install and easy to use. The intial policy setup in the management URL takes a little time, but is also easy. Once the setup is complete, you can assign the policy to whatever device needs it. You can have multiple policies if needed as well. I’ve contacted customer service a few times for figuring out how to do something, finding where a setting is, and purchasing a license. Each time the representative was kind and knowledgeable. – Christopher H.

The verdict

From what we have discussed so far, it is evident that Knox Manage is a satisfactory provider of Android management offerings, but it fails to scale up as an overarching solution tackling the management hazards coming with all the corporate devices regardless of their platform. Hexnode, on the other hand, enables a single-interface control over the wide spectrum of connecting devices and acts as the one-stop solution for all UEM needs. Even when we stress on Samsung Knox device management for which the latter is clearly the top contender, Hexnode being a Samsung Knox Validated Partner makes the cut by integrating all the Samsung offered cutting-edge device management features like Knox Platform for Enterprise, Knox Mobile Enrollment, Knox Service Plugin and everything in between.

Start your free trial today!

samsung, knox, manage, google, project

Sign up for Hexnode’s 14-days fully functional free trial and see yourself whether it’s worth it.

Disclaimer All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

​Google Project Zero: How we cracked Samsung’s DoD- and NSA-certified Knox

Google‘s Project Zero hackers have detailed several high-severity flaws that undermined a core defense in Samsung’s Knox platform that protects Galaxy handsets in the enterprise.

Since launching Knox in 2013, the platform has been certified for internal use by UK and US government departments, including the US DoD and NSA. Given these certifications, defense-in-depth mechanisms should be rock solid.

Israeli researchers poke holes in Samsung KNOX security system

The serious vulnerabilities impact Samsung’s Knox security sandbox.

But according to Project Zero’s Gal Beniamini, who last year tore apart Android’s full disk encryption, a Knox hypervisor designed to protect the Linux kernel during runtime can be subverted multiple ways.

Beniamini details four key errors he used to bypass Knox’s kernel protections on a Galaxy S7 edge with Samsung’s Exynos chipset. They’re rather serious given that compromising the kernel would allow an attacker to access system data, hide malware, change system behavior, or take over the system.

While Android’s Trusted Boot protects the integrity of the kernel during boot, it doesn’t protect the kernel after it’s booted and running. This shortcoming was why Samsung introduced its Knox hypervisor, known as Real-time Kernel Protection or RKP, which uses the ARM TrustZone to create a secure world walled from the normal world.

Samsung fixed the six RKP issues reported by Beniamini in its January Android patch and lists them as memory corruption, information disclosure, privilege escalation, and authentication bypass bugs.

As Beniamini explains, since Knox v2.6, Samsung devices implemented an exploit-mitigation feature called Kernel Address Space Layout Randomization (KASLR), which should prevent an attacker predicting the address the kernel is loaded to. However, a simple coding error by Samsung made it possible to calculate the location.

This security feature introduces a random ‘offset’, generated each time the device boots, by which the base address of the kernel is shifted. Normally, the kernel is loaded into a fixed physical address, which corresponds to a fixed virtual address in the VAS of the kernel. By introducing KASLR, all the kernel’s memory, including its code, is shifted by this randomized offset, also known as a ‘slide’, explains Beniamini.

However, as he notes, since all of the kernel is shifted by a single slide value, leaking any pointer in the kernel which resides at a known offset from the kernel’s base address would allow us to easily calculate the slide’s value.

Beniamini says most Android devices correctly implement a function known as ktpr_restrictto hide a pointer’s value using the anonymizing format specifier %pK, specifically with an upper case K. As Beniamini has previously highlighted, all kernel pointers printed using %pK are hidden. However, Samsung rather amusingly used a lowercase k.

This allows us to simply read the contents of pm_qos, and subtract the pointer’s value from its known offset from the kernel’s base address, thus giving us the value of the KASLR slide, he explains.

Beniamini details three other RKP mitigations he got around, and several recommended steps Samsung could take to shield it from future attacks.

How to Remove Knox Mobile Enrollment Service from Samsung?

Beth Nichols

Samsung Knox Enrollment Service is heavily used in the cooperative world to fulfill different use cases securely. You might be a user who wants to know-how devices are secured by Knox, or you might be a user who wants to remove Knox Mobile Enrollment from the device. Whatever the case, this article will provide you with a complete guide on how Knox Mobile Enrollment works and how we can remove it easily.

What Is Samsung Knox Enrollment Service?

Knox Mobile Enrollment (KME) is a service provided by Samsung to register or enroll thousands of Samsung devices into one enterprise at once. This is an automated process, and no manual effort is required. When enterprises have their IT policies and Enterprise Mobility Management (EMM) policies that require to be enrolled to devices, they can use this service to get it done at once. This process can be done by an authorized reseller or an IT administrator on behalf of the organization as a bulk process.

What are the benefits of using Samsung Knox Enrollment Service?

There are multiple benefits, and we have listed down a few below. 1. Seamless bulk setup Devices can be enrolled in the Knox service as bulk and can be enrolled at once. This ensures that less manual work is involved and is time-saving. 2. Automated configuration and Administration When all the devices are enrolled in one service, it is easy for the administrators to track the services configurations and manage them rather than individually attending to problems. 3. Security management Knox service provides a security layer to organizational data from unauthorized people. Also Read: Samsung MDM Does Not Allow Factory Reset

How to Disable/Delete Knox App?

We discussed how important the Knox Enrollment service is to users. But sometimes, we might need to disable or delete the Knox app from the device. If you are using an older version of the non-rooted Samsung model, you can follow the below steps to perform Knox Enrollment service deactivate. Step 1: Open the Settings app on the Samsung device. Step 2: Scroll down the list and tap on the Apps option. Step 3: You can find 3 dots available at the top right corner of the screen. Tap on it and select the “Show system apps” option from the list. That will show all the system apps on the phone. Step 4: Tap on the search icon available in the top right corner. Type “Knox” keyword to find the installed Knox app. Step 5: Tap on the app to open it. This will show the app information.

Step 6: Users can use the “Force stop” button to disable the app and “Uninstall” button to remove the app from the phone completely. You might need an offline unenrollment code given by the manager role.

How to Uninstall Knox without Root?

Are you looking for a way to uninstall Knox without rooting? Enrolling devices using the Knox app restricts the users from deleting the Mobile Device Management apps without admin permissions. This is advantageous, especially to IT administrators, and they can use the Samsung Knox portal to remove Knox Mobile Enrollment. Samsung Knox portal helps access different Knox services like administrating registered devices, creating support tickets, managing licensing, etc.

Samsung Knox: Official Introduction Film | Samsung

Step 1: Sign into the “Samsung Knox portal” using the admin credentials. After entering the username/email and the password, tap on the Sign In button. Step 2: Next, select the “Samsung Knox Mobile enrollment” and tap on the “Devices” option. Step 3: Select the device from the list and tap on “Actions”. Step 4: Selecting the “Clear Profile” option will delete all the profiles associated with the selected device.

Step 5: Selecting the “Delete Device” option will disable the Knox enrollment service. To force device unenrollment, users can use the Unenrollment code provided in offline conditions.

Note: Once the Samsung Knox is disabled and wants to re-enroll, users need to use the Knox portal and add the device.

How to Remove Knox without Password?

Step 2: To flash Team Win Recovery Project (TWRP) into the device, enable the OEM unlocking and USB debugging.

Step 3: Download and install the Odin software used to flash the device into the PC.

Step 4: To root the phone, download and install the TWRP onto your PC.

Step 5: Now connect the Samsung device to the PC using the USB cable. Then boot the device into Download mode.

Step 6: Launch Odin software and click on the AP button. Then load the TWRP tar file and click Start.

Step 7: Boot the Samsung device into Recovery mode.

Step 8: Once the device is in recovery mode with TWRP, tap on the Advanced option followed by the File Manager option.

Step 9: From the list of folders, select the “data” folder. Then select the “knox” folder inside that.

Step 10: Tap on the folder icon at the bottom right corner of the screen. Then select Delete.

Step 11: Swipe the widget at the bottom to the right to confirm the option.

Step 12: Tap on the Reboot System to restart the locked Samsung phone with factory settings with Knox guard remove and passwords.

Bonus Tip: Unlock Samsung Phone Forgot Password

Did you forgot Samsung phone password and had no way to unlock the device? Sometimes this happens to all of us due to different reasons. Many have the question of how to remove forgotten password from Android phone. Don’t worry. We are here to introduce you to the perfect tool to bypass the screen lock.

iToolab UnlockGo (Android) is a must-have software for Android users which can remove all types of screen locks, including PIN, password, pattern, fingerprint and face unlock. If your Samsung phone is locked out, UnlockGo (Android) can bypass the lock in just a few minutes. Apart from Samsung, it supports major brands like Xiaomi, Huawei, Lenovo, Google, Vivo, etc. Users can install the software in Windows 7 and above. There is no need to be a technical expert in using this software. UnlockGo will guide you through all the steps.

  • One-click Google lock removal
  • Bypass Samsung FRP lock on Android 5~13
  • Unlock Android without any tech skill
  • Remove all Android screen locks
  • Free to factory reset Samsung

FREE DOWNLOAD for Windows 11/10/8/7

FREE DOWNLOAD for Mac 10.11 or later

How to remove screen lock with UnlockGo (Android)

Step 1: Connect PC and mobile

Connect the mobile device using the USB cable after installing the iToolab UnlockGo (Android) on the PC. Then open the UnlockGo software. Click on the Unlock Screen Lock option and click the Start button on the home screen.

Step 2: Confirm the device information

Check the selected mobile brand on the next screen and then click on the Unlock button.

Step 3: Boot the mobile into recovery mode

The way to boot the device to Recovery Mode may vary depending on the device you use.

Step 4: Remove lock screen

After booting into the recovery mode, follow the instructions on the screen.

Step 5: Complete the unlocking

samsung, knox, manage, google, project

In the end, reboot the device to complete the unlocking process. Now you will have a device with no screen lock.


In brief, Knox Mobile Enrollment is a useful service to many users. This article has described how important it is and how we can remove it when needed. Knox enrollment service uninstalls easily when you follow this guide. For users who forgot password on Samsung phone, we recommend using iToolab UnlockGo (Android), which will remove the screen lock and Google FRP lock in a few minutes.

samsung, knox, manage, google, project

FREE DOWNLOAD for Windows 11/10/8/7

FREE DOWNLOAD for Mac 10.11 or later

Samsung Knox Manage

Secure and control your operations with Samsung Knox Manage. Available at TELUS branches.

Productivity and safety

Samsung gives you a secure productivity solution to deploy within a fleet of business devices or even according to your personal needs. Protect and control your devices and data with Samsung Knox Manage.

Representatives who work in our branches, TELUS and KOODO authorized retailers, offer you the option of adding a security screening package made available by Samsung.

This low-cost feature allows you to generate components and secure data on different types of devices at any quality range. Knox Manage gives you superior security, while ensuring easy, fast deployment and quality monitoring according to your needs.


Samsung’s secure Cloud Knox Manage is an efficient and secure control solution for your business and for your personal needs.

  • Management according to strategic events and specific circumstances
  • Remote device management: control of functionalities and configuration of parameters
  • Management of applications: restriction or incentive of use
  • Management of data and secure content
  • Management of sub-administrators and technical support administrators
  • Remote lock and delete
  • Remote technical support
  • Firmware management

“We have been using Samsung’s Knox Manage system for 4 months now. All direct sellers, totaling 90 devices, use it daily. Soon 350 new cellphones will also be managed by Knox Manage.As IT director at Vertdure and V Extermination, I am able to control cellphone access more effectively and lock devices to authorized applications only, all in one single click.

I chose to do business with Knox Manage since all of the cellphones I use are Samsung. This MDM allowed me to do a lot more control, to be up to date almost in real time and to have support in French which the old MDM did not allow me. Knox Manage is really good at controlling bandwidth, incoming and outgoing calls, cell phone theft and many other options.

On a daily basis, Knox Manage allows me to report on the geolocation of each of the direct sellers. Honestly I like Knox Manage a lot and I also like the support from the folks at Bravad and Samsung. I recommend this product to those who have a large number of cellphones for ultra-precise management of mobile devices. “

Carl Bilodeau, IT Director Vertdure and V Extermination