Intercept X on Android 15 found no issue with Rustdesk up to version 1.4.0. However, it does mark Rustdesk 1.4.1 as malware, specifically finding andr/Xgen2-AQS.
Others find the same issue: https://github.com/rustdesk/rustdesk/discussions/12477
I find it unlikely that the rustdesk project did turn evil or that they did overlook a major mistake.
Do I delete rustdesk or do I delete Intercept X?
Hello, Michael Schefczyk,
We appreciate your reaching out to the Sophos Community Forum.
Please refer to this information if that helps you.
There have been reports of Sophos Intercept X detecting Rustdesk version 1.4.1 on Android devices as malware (specifically identified as andr/Xgen2-AQS). This appears specific to the 1.4.1 release; earlier versions, such as 1.4.0, haven’t been flagged. Such detections are often false positives, which can occur following legitimate software changes or updates to threat detection algorithms.
Please note the following recommendations:
Don’t uninstall Sophos Intercept X; these provide important security protections.
If you urgently need Rustdesk, consider temporarily reverting to version 1.4.0 or earlier until this detection has been reviewed.
Additionally, I recommend opening a Technical support case. This will allow us to investigate this issue further. Please share the support case ID here so we can monitor its progress.
Let me know if you need any further help.
Hello Michael,
Thank you for your update and for sharing the difficulties you’re experiencing with registering on the Sophos Support Portal.
We understand how important timely access to technical support is, especially when dealing with potential security alerts. Portal registration can occasionally be delayed or denied due to verification processes for new accounts, especially for individual users or new organisations.
To assist you further, we recommend the following steps:
Please verify that all registration details submitted match your official contact and organisational information precisely, as mismatches can cause automated denials.
If the issue persists, please get in touch with Sophos Customer Care Support directly via phone or chat. Contact Sophos support. Our support team can assist you in resolving registration issues or may open a support case on your behalf.
If possible, allow a little more time while you resolve the support access issue and create a case. Uninstalling Sophos Intercept X could expose your devices to genuine threats.
When contacting support, you may also provide your community post link or case details so the teams know the context.
We appreciate your patience and cooperation and are committed to quickly helping you resolve this issue. Please keep us posted on your progress or if you need any further guidance.
Quote