×
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dtbullock
Former Member
Message 1 of 8
‎09-07-2013 08:11 PM

McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

I have a Galaxy 4S and McAfee All Access.

McAfee is currently reporting:

CloudAgent 1.2.0.19  - High threat risk - Your app is a Trojan and it can:

- Tracks your device's battery status

- Tracks when you use Wi-Fi and data networks

- May access your device's battery status

McAfee All Access offers to remove this application.  However, it is not able to - it says "Uninstallation unsuccessful" when pressing the "Remove" button.  Indeed, in Android's 'Application Manager', CloudAgent only appears under the 'All' tab, and it is only possible to 'Disable' it where the 'Uninstall' button should be.

I suspect that, while McAfee's assessment may be heurisitcally correct, CouldAgent is in actually a part of the phone's firmware.

At the direction of McAfee's useless technical support for All Access, I already upgraded the phone's firmware from:   PDA:MDE / PHONE:MD8 / CSC:MD8 (TEL)

to: PDA:MG4 / PHONE:MG1 / CSC:MGA (TEL).   While this did increment the version number of the CloudAgent 'trojan', it did not cause McAffee to stop classifying CloudAgent as a Trojan in scans.

So, what's the story?  Is this:

a) a false positive;

b) a true positive, which indicates:

     i) that my phone firmware is non-stock;

    ii) that my phone firmware is stock, but that it has a genuine security flaw which should be corrected?

thanks,

David.

0 Kudos
Reply
7 Replies
Peacekeeper
MVP
MVP
Message 2 of 8
‎09-08-2013 01:25 AM

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

I will ask a Mcafee lab tech to popin and comment

0 Kudos
Reply
vinoo
Former Member
Message 3 of 8
‎09-08-2013 01:51 AM

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

Could you please provide a screenshot of the detection or the ‘Log’ screen after the detection occurred?

‘Log’ can be displayed by navigating from the initial screen of McAfee All Access to ‘Security Scan’, and select ‘Log’ from the menu bar. The screen should display the detection name, which is required for us.

0 Kudos
Reply
dtbullock
Former Member
Message 4 of 8
‎09-08-2013 04:32 AM

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

Hi, thanks for looking into this.  I can't find any kind of 'menu bar' from which I can choose 'log', however.  Um, sorry about the large screen grabs.  So labour-intensive preparing these, I don't have time to make them smaller.  Are you sure you can't bake in some easier system for having this conversation for next time?

The 'Home' screen:

Screenshot_2013-09-08-21-19-30.png

I choose 'Security Scan'.  No 'Log' option that I can see.  No 'Menu bar' that I can see.

Screenshot_2013-09-08-21-19-45.png

Mid-way through the scan:

Screenshot_2013-09-08-20-53-50.png

The threat detected:

Screenshot_2013-09-08-21-06-18.png

'Details' on the theat, including the 'Remove' button.  (Whinge: McAfee is clearly not making any distinction between 'downloaded' and 'firmware-provided' apps).

Screenshot_2013-09-08-21-06-43.png

After hitting the 'remove' button:

Screenshot_2013-09-08-21-07-10.png

After hitting 'OK'.  Oh well.  I must admit, as a consumer in the information age, I do kind of expect something along the lines of "Clearly something is very wrong - we've notified McAfee engineers and with your permission we'll contact you shortly".  It has been genuinely annoying to have spent in excess of 2 hours tracking this matter down.

Screenshot_2013-09-08-21-07-23.png

So what do you reckon?  False positive?

I am happy to re-do it with a 'Log', if you can furnish me with adequate instructions about how to log it.

thanks,

David.

0 Kudos
Reply
vinoo
Former Member
Message 5 of 8
‎09-08-2013 07:21 AM

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

Hi David,

Thanks for the screenshots. What we're looking for in particular is a detection name starting with Artemis!

I'll detail the exact steps to get this once the office opens on Monday. Until then, if you could naviage and find it - that would really help.

Best,

Vinoo

0 Kudos
Reply
vinoo
Former Member
Message 6 of 8
‎09-08-2013 09:07 PM

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

David,

You mentioned that you're using a non stock rom.

It might be using a modified version of the app that needs to be investigated.  Would you be able to provide a copy of the actual app for analysis?

Best,

Vinoo

0 Kudos
Reply
dtbullock
Former Member
Message 7 of 8
‎09-08-2013 11:43 PM

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

Hi Vinoo,

Not exactly.  I'm using the firmware supplied by my telco (Telstra).  The question about "is this stock?" was me trying to get an opinion of whether the detection is a true-positive on account of a virus making my handset 'non-stock'. by its nefarious activites  However, I did just update the firmware, it seems unlikely.

I'm willing to enable the log and get some low-level details of the detection, but I honestly can't find how to do that.  Can you supply links/instructions?  The screens I posted were what I see in the Mc Afee All Access software on my phone.  Do I ge tthe right screens? Where is the 'log' option you speak of?

thanks,

David.

0 Kudos
Reply
dtbullock
Former Member
Message 8 of 8
‎09-10-2013 10:24 PM

Re: McAfee All Access detects threat on Android smartphone: CloudAgent. False positive?

Just to say that I'm willing to do all you have recommended:

- turn on logging to get the details of the detection;

- provide an copy of the app for analysis;

... however, I'm going to need instructions about how to perform each of these tasks.  Can you refer me to resources that explain these tasks?

0 Kudos
Reply
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community

* Important Terms and Offer Details:

  Subscription, Free Trial, Pricing and Automatic Renewal Terms:

  • The amount you are charged upon purchase is the price of the first term of your subscription. The length of your first term depends on your purchase selection (e.g. 1 month or 1 year).  Once your first term is expired, your subscription will be automatically renewed on an annual basis (with the exception of monthly subscriptions, which will renew monthly) and you will be charged the renewal subscription price in effect at the time of your renewal, until you cancel (Vermont residents must opt-in to auto-renewal.)
  • Unless otherwise stated, if a savings amount is shown, it describes the difference between the introductory first term price (available only to customers without an existing McAfee subscription) and the renewal subscription price (e.g., first term price vs. each year thereafter).
  • Pricing is subject to change. If the renewal price changes, we will notify you in advance so you always know what’s going on.
  • You can cancel your subscription or change your auto-renewal settings any time after purchase from your My Account page. To learn more, click here.
  • You may request a refund by contacting Customer Support within 30 days of initial purchase or within 60 days of automatic renewal (for 1 year terms or longer).
  • Your subscription is subject to our License Agreement and Privacy Notice. Subscriptions covering "all" devices are limited to supported devices that you own. Product features may be added, changed or removed during the subscription term.  Not all features may be available on all devices.  See System Requirements for additional information.
  • Free Trial Terms: At the end of your trial period you will be charged $39.99 for the first term. After the first term, you will be automatically renewed at the renewal price (currently $124.99/yr). We will charge you 7-days before renewal. You can cancel at any time before you are charged. ​

 **Free Benefits With Auto-Renewal:

  • For many qualifying product subscriptions McAfee offers additional benefits for free when you are enrolled in auto-renewal. You can check your eligibility for these benefits in your My Account page. Not all benefits are offered in all locations or for all product subscriptions.  System Requirements apply.   Turning off auto-renewal terminates your eligibility for these additional benefits. 
  • Virus Protection Pledge (VPP): If we cannot remove a virus from your supported device we’ll refund you the amount you paid for your current term subscription.  The refund does not apply to any damage or loss caused by a virus.  You are responsible for backing up your data to prevent data loss. See terms here: mcafee.com/pledge.
  • Safe Connect VPN:  You will receive free, unlimited access to our VPN wireless on supported devices. Users not on auto-renewal have access to 500 MB/month of bandwidth.

   Additional Terms Specific to Identity Monitoring Service:

  • Eligibility: McAfee® Identity Monitoring Service Essentials is available within active McAfee Total Protection and McAfee LiveSafe subscriptions with identity monitoring for up to 10 unique emails. Phone number monitoring is enabled upon activation of Automatic Renewal. Not all identity monitoring elements are available in all countries. See Product Terms of Service for more information. 
  • Your subscription is subject to our License Agreement and Privacy Notice. Product features may be added, changed or removed during the subscription term. Some features may require registration and a valid ID number to activate. See System Requirements for additional information.
  • While McAfee Identity Monitoring Service provides you tools and resources to protect yourself from identity theft, no identity can be completely secure.
  • US Only:
    Fair Credit Reporting Act: You have numerous rights under the FCRA, including the right to dispute inaccurate information in your credit report(s). Consumer reporting agencies are required to investigate and respond to your dispute, but are not obligated to change or remove accurate information that is reported in compliance with applicable law. While this plan can provide you assistance in filing a dispute, the FCRA allows you to file a dispute for free with a consumer reporting agency without the assistance of a third party.
  • Identity theft coverage is not available in New York due to regulatory requirements.


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Products

McAfee® Total Protection
McAfee® Gamer Security
McAfee® Identity Monitoring Service
McAfee® Security Scan Plus
McAfee® WebAdvisor
McAfee® Techmaster Concierge
McAfee® Virus Removal Service

Resources

Antivirus
Free Downloads
Parental Controls
Malware
Firewall
 Blogs
Activate Retail Card
Threat Center
McAfee Enterprise

Support

Consumer Support
FAQs
Renewals
Support Community

About

About McAfee
Careers
Contact Us
Newsroom
Investors
Legal Terms
Your Privacy Choices
System Requirements
Sitemap

Copyright © 2022 McAfee, LLC
Copyright © 2022 McAfee, LLC