Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 4548 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False positive for root

Kreestof Chandley

Device: Galaxy Note 4

OS: Android 6.0.1
Sophos: Sophos Mobile Security 8.1.2669 (21) unmanaged/standalone

Issue: I keep getting a warning that the device is insecure because it's rooted. I don't believe the device is rooted though. If it was rooted, I'd be able to turn Titanium Backup Pro, and I can't because the device isn't rooted. So which application is right?
I didn't root the phone. I haven't seen any knox warnings.

Which application is correct? Has my phone been secretly rooted? Or is this a false positive? If it's a false positive, how do I fix it? 

The option to send logs does not appear to be available.



This thread was automatically locked due to age.
  • 0

    Hi Kreestof,

    I am sure the device would not have been rooted, and for the question why is it showing rooted then? I suggest you get an SMC Android client log and directly check what is causing the violation. 

    How to get a log of the SMC Android client is explained in this article. Within this log, you might find lines like these:


    INFO [SMC Device]: found rooting indicator: no exception was thrown by executing 'busybox' command
    INFO [SMC Device]: found rooting indicator: no exception was thrown by executing 'su' command
    INFO [SMC Device]: found rooting indicator: file '/system/xbin/su'

    Hope this helps.

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Unfiltered HTML