How to get detailed information about virus threat, when F-Secure SAFE Android detects one?
F-Secure safe reported with Google meet, that it is infected with virus. I uninstalled and reinstalled that from Google Play Store with equal result. So I am quite sure that this is a false positive, because I am quite sure Google would not release harmful packages of packages they by them-self create. Maybe heuristics has detected potential harmful coding pattern and not something like virus?
However, what is really bothering me with this program is, that it only shows a virus found, now please delete program, but gives me no indication, why and what is detected. I tried to search settings for advanced mode, or how to activate what is shown about details, but found no such settings.
I have another example of this with a package for Chinese voltage control program outside Google Play and all details shown about that thread is also word: “a Virus!” without any details. This program could be harmful, but now I cannot check it. Can you give so info about "DPS5020\DPS(H) Series_V1.0.8.apk", have you found this apk to have included viruses?
Could you please make a simple information addition, where at least the tread name would be visible, or is it a heuristic code analysis result? It would be nice to click that name, which would redirect in your site for more information about that current suspection.
Also it would be nice to check selected files/folders with F-Secure in Android device. Or have I just not found it?
Our security products recently had a False Positive related flag for Google Meet but has been fixed and all engine and cloud returned clean. Please test again and let us know if you still face this issue.
As for the mentioned APK from the third party store, we found this DPS(H) Series 1.0.8 Android APK with the hash a0044575f5b2d8c08d52267f5b6de374fe39007c but no detection found on that sample. Other way to check whether this is the exact APK/hash that you experienced is if you send us the logs which should contain the hash.
Here's how to generate and send us the log from an Android device;
- Open the F-Secure SAFE application on your Android device
- Open the menu from the upper left-hand corner
- Choose About
- Click on the version number (at least) 7 times
- Scroll down and press Send log file
- Send the log file to the predefined email address with the preferred email application
- If you have any other attachments (e.g. screenshots) you may add those to the same generated email
- Reply to the support request with the information that you have sent the diagnostic log file
Thank you for your response, Jaims!
Sorry for late response, I forgot this almost totally... I found the log, where it was stated harmful. It was at 2021-12-26. The next automatic detection at 2021-02-19 did not find it harmful. However, I was not able to download, that file directly from Google Drive at Android to its local drive, but that may be Android security policy restriction (.apk-file), because F-secure did not complain anything anymore. I send the logs with the advice you gave and linked this conversation into it.
I calculated the hash with MD5, SHA-1, SHA-256 , SHA-512 and some other for that file, but those did not match the hash that you send. This is what I got with one Windows tool:
Name: DPS(H) Series_V1.0.8.apk
Size: 3820985 bytes (3731 KiB)
We managed to get detection details for this sample. First of all, this sample should not be detected now as it is now identified as safe. Then for the detection on the date (26-12-2021) you mentioned, the detection name is Riskware:Android/GenericAI.100!fsmind. It is just a generic PUA (Potentially Unwanted App) detection from MindControl.
Regarding the issue where SAFE mobile is not showing the detection name, do you mind if we create a ticket and follow up with you via email as we would need our product team to have a look?1 1Like
Thank you! Yes, you may create a ticket. I can send you eg. screenshot of this if that helps, but currently at check history, when I open one identification, there is orange question mark and text identification , but the description is just “Problems identified: Potentially unwanted file”. I have F-secure in Finnish so I translated that to English.