Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 18 replies
  • Answers 2 answers
  • Subscribers 11 subscribers
  • Views 147744 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anr/xgen-vc

Joachim Hoster

How can I remove andr/xgen-vc? I did'nt find this malware in internet, exept in an Sophos help file. Several other antimalware does'nt find it at all. Is it a fake?

Thanks for kindly help



This thread was automatically locked due to age.
  • 0 in reply to SDU

    Seems to be a Gigaset problem: I have a Gigaset GS170, Android 7.0, Build GIG_GS170_S110, Kernel 3.18.35+, Baseband-Version MOLY.LR9.W1444.MD.LWTG.MP.V110.5.P33 2017/11/14

    [#8244402] Web support query won't help me, because it doesn't apply to the free version

  • 0 in reply to SDU

    Hi Stefan,

    GS270 plus

    android 7.0

    Baseband ver. MOLY:LR11.W16.30.MD.MP.V16.3.P17, 2018/05/08

    Kernel ver. 3.18.35+

    Build GIG_GS270_plus_S120

     

    I ask for help though I have a freeware version.

    Thank you in advance,

    Joachim

  • 0 in reply to Joachim Hoster

    Hi everyone,

    thank you for the device details.
    I have forwarded them to our Labs team for further investigation.
    Once I get additional information from them, I will update this thread.

    Best regards
    Stefan

  • 0 in reply to SDU

    So another five days have passed. Are there any solid news on this yet? Still getting the same results here.

    Is there an ETA as to when this will be resolved? What's the current status of this? Are more tickets necessary or will this issue be taken care of via the information you forwarded to the "labs team".

    I'm running a Sophos UTM home license and was very happy with the product. It led me to believe Sophos is a trustworthy and experienced security company but so far I'm utterly disappointed by the handling of this issue.

    1. First of all do you realize that Sophos Mobile Security (SMSecurity from now on) is currently blocking the updater component for all of the affected devices? Currently you are denying security upgrades for affected devices - in other words Sophos Mobile Security makes those devices less secure. Why? And why the relaxed approach to resolve this brand wide issue?
    2. Secondly the app (SMSecurity) does not allow whitelisting apps. The Manage Allowed Apps feature does not work - it only has a trashcan icon, no icon to add apps.
    3. Third, once "detected" SMSecurity will not forget about that - even if you DISABLE scanning system apps or blocking PUAs as well as running a new manual scan.
    4. Also the scanner itself cannot be disabled! Even if you disable all checkmarks in the scanner settings the scanner shows itself as still active.
    5. Next is why the hell is the software so restrictive about PUAs anyways. The definition of PUA is potentially unwanted application. Please make sure you are correct on the labeling
    6. Furthermore this issue affects all devices from gigaset. In my case a GS370 Plus - the severity is very high, the response time very poor. Nothing even close I am expecting from a security company trying to keep my device up to date and secure.
    7. Sixth is I have to doubt that the setting Data Tracking works for the benefit of the user if all this can be seen in plain daylight and nothing is done. Putting the security of affected devices at SERIOUS risk.
    8. The information on the "scan result" is not helpful at all. "Malicious object > Threat Andr/Xgen-VC identified". What's making me more secure now based on that information?
      Is it being blocked? Removed? Quarantined? Allowed? Can I whitelist it?
      The info on the "More Details..." page is useless again. It's a search on sophos.com for andr~xgen-vc!
    9. How does the app handle exceptions and issues? How can I report issues? Even the help section is broken (not sure if always but when I last checked it gave me: "Help is currently unavailable. Please try again later."
      I expect a lot more from a security tool and especially the incident process.

    One threat or PUA found.
    Security assessment; 2018/07/27 01:01:35; com.gigaset.helpapp added to security assessment
    Scanner; 2018/07/27 01:01:17; Threat 'Andr/Xgen-VC' was found in app 'Upgrade' (com.redstone.ota.ui).
    Security assessment; 2018/07/27 01:01:16; com.redstone.ota.ui with threat Andr/Xgen-VC added to security assessment
    Scanner; 2018/07/27 00:59:51; Virus definitions updated to version 3.72.42:2018072512.

     

    Please forward this to the team and act on this issue. The android landscape is very diverse - it takes decent processes to keep up with it. App signature scans are not the solution.

  • 0 in reply to SDU

    Anything new?

    It's quite some time now since we forwarded our details!!

  • 0 in reply to G Szilinsky

    Gigaset just wrote me that the Update application is harmless [:O]

    Looks like Sophos doesn't care about it/does not provide whitelist

  • 0 in reply to Armin Fischer

    I think everything is said. This company disqualifies itself.

    My consequence, never again SOPHOS

  • 0 in reply to Ano Nymous

    Hi Ano Nymous,

    The system update is now re-classified as PUA (earlier it was andr/xgen-vc). Upon investigation, it was confirmed that there is analytics info sent out and it has the potential to install the app not related to firmware. Hence this detection is unlikely to be changed/ revoked.

    Since the classification is moved to PUA, you should be able to set the action (Allow or delete) or even disable the PUA detections.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Unfiltered HTML