I have a Galaxy 4S and McAfee All Access.
McAfee is currently reporting:
CloudAgent 126.96.36.199 - High threat risk - Your app is a Trojan and it can:
- Tracks your device's battery status
- Tracks when you use Wi-Fi and data networks
- May access your device's battery status
McAfee All Access offers to remove this application. However, it is not able to - it says "Uninstallation unsuccessful" when pressing the "Remove" button. Indeed, in Android's 'Application Manager', CloudAgent only appears under the 'All' tab, and it is only possible to 'Disable' it where the 'Uninstall' button should be.
I suspect that, while McAfee's assessment may be heurisitcally correct, CouldAgent is in actually a part of the phone's firmware.
At the direction of McAfee's useless technical support for All Access, I already upgraded the phone's firmware from: PDA:MDE / PHONE:MD8 / CSC:MD8 (TEL)
to: PDA:MG4 / PHONE:MG1 / CSC:MGA (TEL). While this did increment the version number of the CloudAgent 'trojan', it did not cause McAffee to stop classifying CloudAgent as a Trojan in scans.
So, what's the story? Is this:
a) a false positive;
b) a true positive, which indicates:
i) that my phone firmware is non-stock;
ii) that my phone firmware is stock, but that it has a genuine security flaw which should be corrected?
I will ask a Mcafee lab tech to popin and comment
Could you please provide a screenshot of the detection or the ‘Log’ screen after the detection occurred?
‘Log’ can be displayed by navigating from the initial screen of McAfee All Access to ‘Security Scan’, and select ‘Log’ from the menu bar. The screen should display the detection name, which is required for us.
Hi, thanks for looking into this. I can't find any kind of 'menu bar' from which I can choose 'log', however. Um, sorry about the large screen grabs. So labour-intensive preparing these, I don't have time to make them smaller. Are you sure you can't bake in some easier system for having this conversation for next time?
The 'Home' screen:
I choose 'Security Scan'. No 'Log' option that I can see. No 'Menu bar' that I can see.
Mid-way through the scan:
The threat detected:
'Details' on the theat, including the 'Remove' button. (Whinge: McAfee is clearly not making any distinction between 'downloaded' and 'firmware-provided' apps).
After hitting the 'remove' button:
After hitting 'OK'. Oh well. I must admit, as a consumer in the information age, I do kind of expect something along the lines of "Clearly something is very wrong - we've notified McAfee engineers and with your permission we'll contact you shortly". It has been genuinely annoying to have spent in excess of 2 hours tracking this matter down.
So what do you reckon? False positive?
I am happy to re-do it with a 'Log', if you can furnish me with adequate instructions about how to log it.
Thanks for the screenshots. What we're looking for in particular is a detection name starting with Artemis!
I'll detail the exact steps to get this once the office opens on Monday. Until then, if you could naviage and find it - that would really help.
You mentioned that you're using a non stock rom.
It might be using a modified version of the app that needs to be investigated. Would you be able to provide a copy of the actual app for analysis?
Not exactly. I'm using the firmware supplied by my telco (Telstra). The question about "is this stock?" was me trying to get an opinion of whether the detection is a true-positive on account of a virus making my handset 'non-stock'. by its nefarious activites However, I did just update the firmware, it seems unlikely.
I'm willing to enable the log and get some low-level details of the detection, but I honestly can't find how to do that. Can you supply links/instructions? The screens I posted were what I see in the Mc Afee All Access software on my phone. Do I ge tthe right screens? Where is the 'log' option you speak of?
Just to say that I'm willing to do all you have recommended:
- turn on logging to get the details of the detection;
- provide an copy of the app for analysis;
... however, I'm going to need instructions about how to perform each of these tasks. Can you refer me to resources that explain these tasks?