Phone Manager Virus

[Patricia]

Samsungtakes your security seriously and has partnered with McAfee to provide pre-installed anti-malware protection on your Galaxy phone. Flagship Samsung smartphones, including the sensational Galaxy Z Fold3 5G, Galaxy Z Flip3 5G, Galaxy S21 series and the latest Galaxy A series come pre-installed with McAfee anti-malware protection.

Samsung Knox provides another incredible layer of security. Built into Samsung devices including the epic Galaxy Z Fold3 5G, Galaxy Z Flip3 5G and Galaxy S21 Ultra 5G, you can be safe in the knowledge that your Galaxy phone is secure from the moment you unpack it and turn it on. The Knox platform contains security mechanisms that protect your data from malware and malicious threats. You can find a full list of Knox supported devices here.

You can also scan your device for malware and suspicious activity in the Battery and Device Care app*. Older Galaxy devices operating on Android 6 (Marshmallow) and below are protected by Samsung's Smart Manager application. Unsure which version of Android you have? You can check your Galaxy operating system here.

Whilst viruses and malware do not pose a significant threat to your Galaxy phone due to Samsung's industry leading security features, it is still important to be vigilant to a virus attack. The signs that your phone has been infected with a virus or malicious malware include:

Be aware that unscrupulous advertisers will often use 'your device is infected' pop-ups to persuade you to click on them. These can be malware or phishing attempts, but they can also be trying to persuade you to download an app or visit their website. These pop-ups will usually turn up while you are browsing the Internet and signs that they are not genuine include continual buzzing, bright flashing lights or garish text.

Galaxy security software will be working hard to keep your phone secure from any threats to your personal data. Samsung devices operating Android 7 (Nougat) and above will automatically run a diagnostic check to ensure your phone is protected. Your Galaxy phone is set to automatically optimise itself once a day and check for any security threats. You can find out more information on our Device Care page.

Most malware can be removed by performing a factory reset on your phone. Before you undertake a factory reset you need to ensure that you have saved any data you want to access after you perform the reset, otherwise you run the risk of losing it all. Follow the steps below to factory reset your Galaxy phone:

Malware is ultimately designed to generate revenue for cybercriminals. If you leave malware or viruses on your phone cybercriminals can access your data and steal your personal information for illicit purposes.

This allows us to a closer look at what is happening. The data is anonymised and only held for the duration of the investigation. Find out more about sending an error report through the Samsung Members app.

I know this is not directly related to Merkai however I'm hoping some users can provide some recommendations to the following.

We are about to deploy Systems Manager to all our devices and was seeing what people use for anti- virus and anti- malware for their devices on Systems manager (Windows & MacOS). I would love to be able to use Systems manager to push these apps out to the devices and register the license etc. via either some sort of package or script. I currently don't have a anti-virus/malware vendor so willing to pick one that works better with Systems manager.

I quite like Trend Worry-Free Remote Services (the "services" bit mean it is the cloud based version). I prefer all my technology like this to be cloud managed. The same platform does both Windows and Mac.

I'm on my 3rd day of the Trend Micro Worry Free trial. So far so good with our test system; however, we had to manually install it. I was not able to push it out via the Meraki Applications push.

Furthermore, the link provided in the email to install it would not work in MacOS Chrome. We had to do it from Safari (weird I thought).

@Stoffe did you run into anything similar? How did you push this to your users?

Aaah! gotcha. We have very few win machines. The macOS versions vary.... our devs work on 10.12.1 - 10.13.4 (I know, this makes it a little harder to narrow down). I thought at first it was related to the test machine having 10.13.4 with the new KEXT enforcement, but we've eliminated that as the culprit.

Well our Trial has come and gone. Although I liked the dashboard interface and their support was responsive when we needed them, Trend Micro's Worry Free Business Security Services is not the ideal solution for a mac shop. We were unable to remote install TMWF without end-user interaction, and the uninstall from dashboard does not work. Systems with macOS require a manual uninstall (found in the tools section). Most concerning was the fact that we were unable to create directory exclusions with wildcards. Most of our users use some kind of mounted cloud directory file share, the scan would attempt to include the entire directory... and due to the lack of wildcard usage, we were unable to use the targeted scan options to only include certain directories (which would require a wildcard in lieu of each username). Most of their documentation and advanced scripting/support is geared for Windows environments. Overall, it was very limited functionality.

We know this is not TrendMicro's only offering, so we will be reaching out to sales and consulting on whether they offer something different for our needs.

We are also trying out Sophos (which so far seems more robust for macs although it has the same limitation for user interaction for install). I'll gladly return and post what I find.

Hey Phil! We've crossed each other in the IT nether!!!

I was just on a demo with a couple of the CrowdStrike folks just yesterday afternoon Their product is nothing short of amazing. But truthfully, although it was SUUUPER cool and the insight it offered was mind-blowing, it was also overkill for what we need... I think we're still going to trial it in the interest of being thorough (And because I'm dying to play with their features).

Please do follow up and let me know what you decide at the end. We're still on the Sophos trial ourselves. And considering ESET next. Feels like I've been researching and testing this stuff for ages

Update: Meraki Systems Manager is unable to deploy the software with out user interaction. Although Apple have provided a way to allow this with MDM Meraki does not have this feature enabled and recommend I place a Make a wish in the dashboard.

Honestly I think this is ridiculous as Crowd Strike installs fine on Mac OS Sierra, its only High Sierra that has the problem. More and more people are going to have this issue when trying to install certain apps on their Mac unless Meraki provide this feature. I have raised a wish please give it Kudos to get the ball rolling on this one.

edit: I see that you ran into that thread. I do agree that this shouldn't have to be a "thing". It's taking a bit of time for developers to catch up to these added securities at the kernel level. I will kudos your post for sure.

I've actually been looking for an antivirus solution as well (but in our case, it's nearly 100% mac users). I tried AVG's and found that it "does not play well" with Meraki. Despite hours of troubleshooting, we (both AVG support and Meraki internal support) were unable to get AVG's antivirus service to work allow Meraki traffic on macbooks properly.

The short version: A macbook that already has the SM installed receives the pushed app AVG from Meraki. It will check-in and work as expected until a reboot. Once it reboots, the AVG service super imposes itself and does not allow the Meraki MDM traffic through (and there was no way to whitelist on the macOS version of the AVG app).

So, I do not recommend AVG. Someone mentioned Sophos to me, but while looking at their website, it looks like they are a whole MDM solution itself (which includes endpoint protection). I'll report back if I find anything useful during the trial to address just the endpoint protection part.

For the past several days I suddenly started receiving spam/phishing text messages 3 and 4 times per day and spam phone calls as well and my understanding is I thought Intercept X For Android/Anti-virus & Security detected those type threats and alerts the user but I was never alerted of such. Can you please give me an explanation of why it didn't detect any threats? If so, I need some guidance on how I am to proceed where there is a threat?

My 2nd question; The storage manager in my android settings had Sophos Anti-virus & Security App listed as an App that had been Idle or not been used for the past 90 days (option to uninstall). How can this be true when I see the log files and should I be concerned if suspicious files or apps are slipping through?

I appreciate your response. As far as I know, my text messages come directly through the Android Messages App. I don't know how to tell otherwise. I'm still currently receiving phishing texts but not as frequent as they were, all I know to do is block them but it's not really fixing the issue.

The other issue I found was with the storage manager listing the Sophos Security & Anti-virus App as an app that hadn't been used in 98 days (as of today). I took a screenshot but I can't seem to find an option to share to this reply. Any advise you can share would be appreciated. Thank you Jasmin for your help and time with these issues.

Sophos Security & Anti-virus guard is an add-on plugin for Sophos Intercept X for mobile and Sophos mobile control. It just makes sure that both the applications are running in the background. Because in most the Android OSes, there is battery optimization enabled which terminates the applications as both of consumes battery all the time while running in the background. Security & Anti-Virus guard just make sure that battery optimization doesn't hurt these apps and they run continuously in the background.

3a8082e126