×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
so1955
Contributor II
Message 1 of 7

Artemis false positive detection on Android smartphone - unsolved since 160 days

Jump to solution
I am using McAfee LiveSafe on my Gigaset GS270 plus smartphone (Android 8.1.0). Since 2019-03-29, LiveSafe is permanently reporting a malware in the non-removable system app com.redstone.ota.ui (= Update 6.2.6). Although I had opened a ticket, immediately after the first occurrence, the malware notification still persists which means that till now - 160 days later - there is no solution supplied!
 
Some months ago, McAfee Support told me that it is about a false detection of Artemis!19a7cef5ef05. But if they know that, why do they not fix the problem?
 
Any idea on what is going wrong here? Thanks in advance.
1 Solution

Accepted Solutions
so1955
Contributor II
Message 7 of 7

Re: Artemis false positive detection on Android smartphone - unsolved since 160 days

Jump to solution

Hello all,

Regarding that problem I did some research on the web. Gigaset Support confirmed that the com.redstone.ota.ui package is their FOTA application from the OTA supplier Redstone (China) and that this "Redstone Update Apk" does not contain any malware or virus (refer to: Sophos Community). A comparable information I received from Gigaset via e-mail. Unfortunately, there is no statement from the manufacturer that the Redstone Update Apk is free of adware or that it is trusted.

With the newer McAfee LiveSafe virus definition 5.2.1_29.596.907 the catalog of potential damages by the Redstone Update Apk has been reduced (similar to Sophos who re-classified it to a PUA) - but it remains "suspicious". Meanwhile, I got the statement from German McAfee Support that the detected threat concerns "advertising code" so that it is no longer a false positive detection.

Based on these investigations, I chose the "Accept" option in order to mark this non-removable system app as trusted; since then my LiveSafe icon is green again :-). But I remain watchful and cautious! For, it is good and important that potential threats are detected - even if the manufacturer confirms that the app is free of malware or viruses.

so1955

View solution in original post

6 Replies
Peacekeeper
Message 2 of 7

Re: Artemis false positive detection on Android smartphone - unsolved since 160 days

Jump to solution

@Gokulakrishnan 

Can you assist here please

Gokulakrishnan
McAfee Employee
McAfee Employee
Message 3 of 7

Re: Artemis false positive detection on Android smartphone - unsolved since 160 days

Jump to solution

Hi @so1955 ,

I have sent you a Private message, please do reply back. So that i can look in to the status of your ticket and the resolution from my development team. Meanwhile try the below procedure and post the outcome here.

Please follow the below procedure and post the outcome

  • Open McAfee Mobile Security application
  • Click on the 3 dots at the top right corner
  • Select the option “Scan Info”
  • Choose “Update virus Definition”
  • Post updating virus definition, do a “Deep scan” from the 3 dots at the top right corner

Note : If Virus definition failed to update or above procedure didn't fix the threat alert, please do reinstall McAfee application to get the latest definition.

Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

so1955
Contributor II
Message 4 of 7

Re: Artemis false positive detection on Android smartphone - unsolved since 160 days

Jump to solution

Hi,

I followed your instructions in order to update the automated Virus Definition from yesterday 2019-09-04.

Current outcome (in German) is:

-- Aktuelle Virendefinitionen: 5.1.2_28.593.904
-- Letzte Aktualisierung: 05.09.19
-- Zuletzt überprüft: 05.09.19

Afterwards, I did a "Deep Scan", but nothing changed: This measure did not fix the threat; the false detection does not disappear :-(. I had done this procedure many times in the past 3-4 months, but all these trials had been unsuccessful.

I already had performed several reinstallations in the past. 3 to 5 days later, the false detection came back :-(. So, it cannot be the solution for this problem that I re-install the app all the time.

Some minutes before, I posted the associated ticket number (484570-2613494965). May be that there are some more details on what has been done since 2019-03-29. Fact is that the problem is still unsolved 😞 !

Regards,
so1955 

 

Gokulakrishnan
McAfee Employee
McAfee Employee
Message 5 of 7

Re: Artemis false positive detection on Android smartphone - unsolved since 160 days

Jump to solution

Hi @so1955

Thank you so much for the information. I have sent you a private message regarding the ticket status.

 

Regards

Gokulakrishnan K

McAfee Support Team

so1955
Contributor II
Message 6 of 7

Re: Artemis false positive detection on Android smartphone - unsolved since 160 days

Jump to solution
Hi Gokulakrishnan,
 
Thanks for your latest private message. Yes, I am in contact with the German McAfee Support people since 2019-03-29 and sent numerous e-mails to NonENG_Escalations regarding this problem case.
 
It seems that our conversation here in the McAfee Community helps to accelerate communication and progress with your tech support staff: About 3 hours before your most recent post, I got an e-mail message from German McAfee 2nd Level Support which outlines that the system-app com.redstone.ota.ui (Update 6.2.6) contains "advertising code" (i.e. no longer a "false positive"). This is detected by LiveSafe as a medium risk threat. Usually, system-apps should not contain advertising stuff but who knows what Google & others are doing there?
 
Now I have two options:
 1. Accept the risk (I am already living with since 165 days) OR
 2. Deactivate the risky system-app (which may cause unwanted behavior)
 
But before I try one of these options, I need some more (technical) details about this suspicious "advertising code": What kind of advertising is it? What exactly is the code doing? Is com.redstone.ota.ui an original part of Android 8.1.0 or a 3rd-party system-app?
 
Maybe someone in the community can help. In parallel, I will get in contact with the manufacturer of my GS270 plus.
 
Thanks & regards,
so1955
so1955
Contributor II
Message 7 of 7

Re: Artemis false positive detection on Android smartphone - unsolved since 160 days

Jump to solution

Hello all,

Regarding that problem I did some research on the web. Gigaset Support confirmed that the com.redstone.ota.ui package is their FOTA application from the OTA supplier Redstone (China) and that this "Redstone Update Apk" does not contain any malware or virus (refer to: Sophos Community). A comparable information I received from Gigaset via e-mail. Unfortunately, there is no statement from the manufacturer that the Redstone Update Apk is free of adware or that it is trusted.

With the newer McAfee LiveSafe virus definition 5.2.1_29.596.907 the catalog of potential damages by the Redstone Update Apk has been reduced (similar to Sophos who re-classified it to a PUA) - but it remains "suspicious". Meanwhile, I got the statement from German McAfee Support that the detected threat concerns "advertising code" so that it is no longer a false positive detection.

Based on these investigations, I chose the "Accept" option in order to mark this non-removable system app as trusted; since then my LiveSafe icon is green again :-). But I remain watchful and cautious! For, it is good and important that potential threats are detected - even if the manufacturer confirms that the app is free of malware or viruses.

so1955

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community