cancel
Showing results for 
Search instead for 
Did you mean: 
dtbullock
Level 7

McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

I have a Galaxy 4S and McAfee All Access.

McAfee is currently reporting:

CloudAgent 1.2.0.19  - High threat risk - Your app is a Trojan and it can:

- Tracks your device's battery status

- Tracks when you use Wi-Fi and data networks

- May access your device's battery status

McAfee All Access offers to remove this application.  However, it is not able to - it says "Uninstallation unsuccessful" when pressing the "Remove" button.  Indeed, in Android's 'Application Manager', CloudAgent only appears under the 'All' tab, and it is only possible to 'Disable' it where the 'Uninstall' button should be.

I suspect that, while McAfee's assessment may be heurisitcally correct, CouldAgent is in actually a part of the phone's firmware.

At the direction of McAfee's useless technical support for All Access, I already upgraded the phone's firmware from:   PDA:MDE / PHONE:MD8 / CSC:MD8 (TEL)

to: PDA:MG4 / PHONE:MG1 / CSC:MGA (TEL).   While this did increment the version number of the CloudAgent 'trojan', it did not cause McAffee to stop classifying CloudAgent as a Trojan in scans.

So, what's the story?  Is this:

a) a false positive;

b) a true positive, which indicates:

     i) that my phone firmware is non-stock;

    ii) that my phone firmware is stock, but that it has a genuine security flaw which should be corrected?

thanks,

David.

0 Kudos
7 Replies
Peacekeeper
Level 20

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

I will ask a Mcafee lab tech to popin and comment

0 Kudos
vinoo
Level 13

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

Could you please provide a screenshot of the detection or the ‘Log’ screen after the detection occurred?

‘Log’ can be displayed by navigating from the initial screen of McAfee All Access to ‘Security Scan’, and select ‘Log’ from the menu bar. The screen should display the detection name, which is required for us.

0 Kudos
dtbullock
Level 7

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

Hi, thanks for looking into this.  I can't find any kind of 'menu bar' from which I can choose 'log', however.  Um, sorry about the large screen grabs.  So labour-intensive preparing these, I don't have time to make them smaller.  Are you sure you can't bake in some easier system for having this conversation for next time?

The 'Home' screen:

Screenshot_2013-09-08-21-19-30.png

I choose 'Security Scan'.  No 'Log' option that I can see.  No 'Menu bar' that I can see.

Screenshot_2013-09-08-21-19-45.png

Mid-way through the scan:

Screenshot_2013-09-08-20-53-50.png

The threat detected:

Screenshot_2013-09-08-21-06-18.png

'Details' on the theat, including the 'Remove' button.  (Whinge: McAfee is clearly not making any distinction between 'downloaded' and 'firmware-provided' apps).

Screenshot_2013-09-08-21-06-43.png

After hitting the 'remove' button:

Screenshot_2013-09-08-21-07-10.png

After hitting 'OK'.  Oh well.  I must admit, as a consumer in the information age, I do kind of expect something along the lines of "Clearly something is very wrong - we've notified McAfee engineers and with your permission we'll contact you shortly".  It has been genuinely annoying to have spent in excess of 2 hours tracking this matter down.

Screenshot_2013-09-08-21-07-23.png

So what do you reckon?  False positive?

I am happy to re-do it with a 'Log', if you can furnish me with adequate instructions about how to log it.

thanks,

David.

0 Kudos
vinoo
Level 13

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

Hi David,

Thanks for the screenshots. What we're looking for in particular is a detection name starting with Artemis!

I'll detail the exact steps to get this once the office opens on Monday. Until then, if you could naviage and find it - that would really help.

Best,

Vinoo

0 Kudos
vinoo
Level 13

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

David,

You mentioned that you're using a non stock rom.

It might be using a modified version of the app that needs to be investigated.  Would you be able to provide a copy of the actual app for analysis?

Best,

Vinoo

0 Kudos
dtbullock
Level 7

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

Hi Vinoo,

Not exactly.  I'm using the firmware supplied by my telco (Telstra).  The question about "is this stock?" was me trying to get an opinion of whether the detection is a true-positive on account of a virus making my handset 'non-stock'. by its nefarious activites  However, I did just update the firmware, it seems unlikely.

I'm willing to enable the log and get some low-level details of the detection, but I honestly can't find how to do that.  Can you supply links/instructions?  The screens I posted were what I see in the Mc Afee All Access software on my phone.  Do I ge tthe right screens? Where is the 'log' option you speak of?

thanks,

David.

0 Kudos
dtbullock
Level 7

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

Just to say that I'm willing to do all you have recommended:

- turn on logging to get the details of the detection;

- provide an copy of the app for analysis;

... however, I'm going to need instructions about how to perform each of these tasks.  Can you refer me to resources that explain these tasks?

0 Kudos