Andoid: Sophos Intercept X for Mobile - ["" wurde gescannt.]

I get the same thing.  Started about 2 weeks ago or so.

This is Pixel 4a

Based on recommendation from Kushal "Qoosh" above I sent myself the logs

smsec.sophos.log seems to be indicating this at about the correct time:

Scanner; 2022/07/04 14:22:02; Automatic scan of app 'trichromelibrary_463807433' (com.google.android.trichromelibrary_463807433) finished. No threats or PUAs found.

com.sophos.smsec.trace.sophos.log shows this:

SMSecLog; 2022/07/04 14:22:02; I; Automatic scan of app 'trichromelibrary_463807433' (com.google.android.trichromelibrary_463807433) finished. No threats or PUAs found.
SMSecLog; 2022/07/04 14:22:02; I; SD
SMSecLog; 2022/07/04 14:22:02; I; SD
ApplicationHelper; 2022/07/04 14:22:02; E; Loading AppName of com.google.android.trichromelibrary_463807433 failed.
Persist; 2022/07/04 14:22:02; I; Command executed: persist_cmd_onInstall_scan id: 704399604

I am guessing the relevant part is this: Loading AppName of com.google.android.trichromelibrary_463807433 failed

Sounds like it scanned it ok but then failed to get the name from it or wherever it is trying to get that name from.

Looks like I did not include enough log lines before.  I sent myself logs again and here are all of the relevant logs entries in com.sophos.smsec.trace.sophos.log  for the most recent occurrence:

SBR; 2022/07/05 15:15:30; I; On install scan started for package: com.google.android.trichromelibrary_463807433
paHistory; 2022/07/05 15:15:30; I; Cannot find package
Persist; 2022/07/05 15:15:30; I; inserted command='Command [type='persist_cmd_onInstall_scan', transitionId='-1', commandId='704399604', delay='null', parameter=[, parameter1='com.google.android.trichromelibrary_463807433']]' in queue.
Persist; 2022/07/05 15:15:30; I; Executing command persist_cmd_onInstall_scan
ApplicationHelper; 2022/07/05 15:15:30; E; Loading AppName of com.google.android.trichromelibrary_463807433 failed.
SavEngineTask; 2022/07/05 15:15:30; W; File not found: com.google.android.trichromelibrary_463807433
ScanThreadTask; 2022/07/05 15:15:30; E; No valid Result in sendItemResultMessage for 'com.google.android.trichromelibrary_463807433'.
SMSecLog; 2022/07/05 15:15:30; I; Automatic scan of app 'trichromelibrary_463807433' (com.google.android.trichromelibrary_463807433) finished. No threats or PUAs found.
SMSecLog; 2022/07/05 15:15:30; I; Automatic scan of app 'trichromelibrary_463807433' (com.google.android.trichromelibrary_463807433) finished. No threats or PUAs found.
SMSecLog; 2022/07/05 15:15:30; I; SD
SMSecLog; 2022/07/05 15:15:30; I; SD
ApplicationHelper; 2022/07/05 15:15:30; E; Loading AppName of com.google.android.trichromelibrary_463807433 failed.
Persist; 2022/07/05 15:15:30; I; Command executed: persist_cmd_onInstall_scan id: 704399604
Sophos; 2022/07/05 15:15:30; I; Start App protection watchdog
AppProtection; 2022/07/05 15:15:30; I; App protection watchdog: load settings
Sophos; 2022/07/05 15:15:30; I; No Apps to protect, run only monitor!
Sophos; 2022/07/05 15:15:30; I; No monitor present
Sophos; 2022/07/05 15:15:30; I; Leaving App protection watchdog

It does not appear that the scan is succeeding after all. It looks more like the file goes missing from the scan engine view instead.  Also it says this is triggered by an "On install scan".  So this looks more concerning to me now.

Cannot find package

File not found: com.google.android.trichromelibrary_463807433

No valid Result in sendItemResultMessage for 'com.google.android.trichromelibrary_463807433'.

From the following forum link, I was able to gather some additional information on this. "trichromelibrary" is a system app pushed out to Android devices to aid in rendering web pages. Previously, this was handled using Google Chrome built into the OS.
- Trichromelibrary was suddenly downloading from Google Play Store

This application should be treated as a system app. Do you know if you have the option "Scan system apps" enabled?

From the following forum link, I was able to gather some additional information on this. "trichromelibrary" is a system app pushed out to Android devices to aid in rendering web pages. Previously, this was handled using Google Chrome built into the OS.
- Trichromelibrary was suddenly downloading from Google Play Store

This application should be treated as a system app. Do you know if you have the option "Scan system apps" enabled?

Scan system apps is not enabled.  This is occurring when I am not using the device usually just once a day around the same time.  I researched that app as well.  Some people were suggesting to update Android System WebView but when I go to that in the play store it doesn't seem to actually be installed.  I updated all of my apps that offered updates including chrome and it still happened again today.  I removed and reinstalled sophos yesterday as well but still happening.

It sounds similar to this issue related to bitdefender: https://community.bitdefender.com/en/discussion/89223/bitdefender-security-keeps-uninstalling-com-google-android-trichrome-library

In that case bitdefender devs rolled out a fix of some kind.

Not sure it matters but when I go to apps >> show system apps - This com.google.android.trichromelibrary is not listed.  Many other system apps seem to follow that same sort of naming pattern, com.android.whatever, com.google.android.whatever, etc...  But com.google.android.trichromelibrary is not there.

Thank you for helping and verifying that I'm not alone.

My logs doesn't helped anyway, I didn't found a log entry that would help to find the app.

I even didn't had scan system app enabled, but enabled for test, but same issue comes up.

[EDIT]

Tonight, I've got finally the same log as PBJ_Family 

SDCard ObserverWrapper; 2022/07/08 03:51:22; I; Removed 3 recently scanend file(s) from list.
SBR; 2022/07/08 03:51:34; I; On install scan started for package: com.google.android.trichromelibrary_463807433
paHistory; 2022/07/08 03:51:34; I; Cannot find package
Persist; 2022/07/08 03:51:34; I; inserted command='Command [type='persist_cmd_onInstall_scan', transitionId='-1', commandId='704399604', delay='null', parameter=[, parameter1='com.google.android.trichromelibrary_463807433']]' in queue.
Persist; 2022/07/08 03:51:34; I; Executing command persist_cmd_onInstall_scan
ApplicationHelper; 2022/07/08 03:51:34; E; Loading AppName of com.google.android.trichromelibrary_463807433 failed.
SavEngineTask; 2022/07/08 03:51:34; W; File not found: com.google.android.trichromelibrary_463807433
ScanThreadTask; 2022/07/08 03:51:34; E; No valid Result in sendItemResultMessage for 'com.google.android.trichromelibrary_463807433'.
SMSecLog; 2022/07/08 03:51:34; I; Automatischer Scan von App „trichromelibrary_463807433“ (com.google.android.trichromelibrary_463807433) beendet. Keine Bedrohungen oder PUAs gefunden.
SMSecLog; 2022/07/08 03:51:34; I; Automatischer Scan von App „trichromelibrary_463807433“ (com.google.android.trichromelibrary_463807433) beendet. Keine Bedrohungen oder PUAs gefunden.
SMSecLog; 2022/07/08 03:51:34; I; SD
SMSecLog; 2022/07/08 03:51:34; I; SD
ApplicationHelper; 2022/07/08 03:51:34; E; Loading AppName of com.google.android.trichromelibrary_463807433 failed.
Persist; 2022/07/08 03:51:34; I; Command executed: persist_cmd_onInstall_scan id: 704399604
Sophos; 2022/07/08 03:51:36; I; Start App protection watchdog
AppProtection; 2022/07/08 03:51:36; I; App protection watchdog: load settings
Sophos; 2022/07/08 03:51:36; I; No Apps to protect, run only monitor!
Sophos; 2022/07/08 03:51:36; I; No monitor present
Sophos; 2022/07/08 03:51:36; I; Leaving App protection watchdog

[/EDIT]

Thank you both for sharing additional information on this. I have reached out internally to inquire further into this so changes can be made to recognize the app correctly. I will follow up on this thread with any information I'm able to share.

Updated my last post, because I've got finally the same log entries.

It seems that the app "com.google.android.trichromelibrary_463807433" get's an update (install scan) but was removed directly so the scan doesn't get the name of the app.