Jump to content

SmartSwitch Software Triggers Ransomware Warnings

garioch7
 Share

Recommended Posts

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

MAM

MAM

Posted
Posted (edited)

Hello, weird. When downloading Smart Switch, and installing it, this app will not be misdirected as malware. And even when browsing nothing is detected.Source, was a german googel store. My smartphone, Samsung Galaxy S3 mini, Android 4.2.2 not rooted.

Am I mistreating myself, or was that fixed?

Only, my experience with this App.

MAM

 

Edited by MAM
Link to post
Share on other sites
garioch7

garioch7

Posted
  • Author
Posted

@Vabadus

Thank you for the update.  That Samsung SmartSwitch behaviour sounds like it should be reasonably easy to identify, if there is any consistency to its temporary app backup file naming.  The option might be to identify, if possible, within Android, whether the phone is running the Samsung SmartSwitch external backup app from a computer.

I look forward to a fix in the future, and in the interim, I am pleased that you were able to identify the cause of the issue.  I knew that my cell phone was not infected by any ransomware or malware of any kind, so I was not concerned.  Nothing should have gotten past MBAP and Bitdefender Mobile Security.  It has been mostly a nuisance issue, since the SmartSwitch backups report that they were successfully created.  Nonetheless, being very cognizant of zero-day threats, I ensure that I backup my cell phone weekly, so the buzzing and notifications were a bit of a pain.

Thank you again, Vabadus.  Please let me know when there will be a fix - no rush.  Have a great day.

Regards,
-Phil

Link to post
Share on other sites
garioch7

garioch7

Posted
  • Author
Posted

@Vabadus

I backed up my phone today, and, as expected, on my Window 10 Pro x64, Build 1704 Maingear desktop, the ransomware warnings were triggered during the app backup phase of SmartSwitch.

I then backed up my phone to my Dell Studio XPS 1645 laptop as well, which has Windows 10 Pro x64, Build 1709.  Even though that laptop has had that build for about a month, and the SmartSwitch backups of the phone apps previously triggered the anti-ransomware warnings, today the phone was quiet: no warnings.

Go figure?

Have a great weekend.

Regards,
-Phil

Link to post
Share on other sites
garioch7

garioch7

Posted
  • Author
Posted

@Vabadus

I backed up my Samsung phone again today with SmartSwitch, and this time the laptop was not immune to the ransomware warnings during the application backup phase.

From looking at the messages on the phone screen, it looks like MBA is scanning some apps on my internal 64 GB micro_SD card.  Is that where SmartSwitch is creating temporary files?  Could this issue only affect users who have added a micro_SD card to their phones to increase storage?  I have nothing on the micro_SD but some photos, yet MBA is reporting scanning a backup folder on the card with .apk files inside?

I am just surprised that there have not been other reports of this problem.  I can't be the only Samsung cell phone owner who uses SmartSwitch to backup his/her phone?

Have a great weekend.

Regards,
-Phil

Link to post
Share on other sites
  • 4 weeks later...
Dave77

Dave77

Posted
Posted
On 17/11/2017 at 5:27 PM, garioch7 said:

@Vabadus

I am just surprised that there have not been other reports of this problem.  I can't be the only Samsung cell phone owner who uses SmartSwitch to backup his/her phone?

 

Hi

I have just found this thread as I appear to have the same thing happening since upgrading to Premium with Real-time protection running.

Backing up a Samsung Galaxy S7 running Android 7 to PC running Windows 10

Link to post
Share on other sites
  • 4 weeks later...
  • 5 weeks later...
  • Staff
Vabadus

Vabadus

Posted
  • Staff
Posted

@garioch7i'm much aware of that and i appreciate that one.

We actually made a workaround, however it didn't pass to latest production release. The problem was it required some complicated logic in the app to prevent this case. So it was not a universal solution and only addressing this case. In order to keep the application stable for users, we decided not to release it with the latest version.

I cannot tell you exactly when, but, in this quarter we'll work on a solution which will make everyone (Devs, QAs, customers and you) happy regarding these kind of cases.

Sorry for the inconvenience :(

Link to post
Share on other sites
dkilleen

dkilleen

Posted
Posted

Just to let you know. Smartswitch updated on my PC and does not trigger Malwarebytes anymore. For me at least, the problem seems to be fixed. I've backed up twice with no problems. I'm using Smart Switch 4.2.18014_6 running on Windows 10 Home. Backing up a Samsung Note 8, running Malwarebytes for Android 3.2.0.4.

 

Thanks

Link to post
Share on other sites
garioch7

garioch7

Posted
  • Author
Posted

@dkilleen

I am running the same version of SmartSwitch to back up my Samsung G386W smartphone.  On occasion, I have not received any ransomware warnings, but 98% of the time, Malwarebytes for Android (MBA) reacts to the backup of the applications on the phone.  It appears to be in some way related to the micro SD card that I have installed in the phone, because that is the path that MBA reports during the application phase of the backup.

@Vabadus

Thank you for the update.  I am disappointed that this issue has still not been fixed six months after reporting it and providing Malwarebytes with all of the requested information and logs.  It is even more disappointing that there is no scheduled release date now for a fix.  I hope this issue is fixed before it is time for me to pay for renewal this coming August.

Regards,
-Phil

Link to post
Share on other sites
garioch7

garioch7

Posted
  • Author
Posted

@dkilleen

I don't have any apps on my micro SD card either.  It only has some photos on it.  It appears that when SmartSwitch is backing up the apps on the phone itself, it creates temporary files or somehow accesses the SD card, which triggers the MBA ransomware module.  There are no ransomware warnings when the actual content (.jpg files) that I have stored on the micro SD card is backed up by SmartSwitch.

I know that @Vabadus has analyzed this issue and he does know what is causing the false ransomware warnings.  It seems that fixing the problem, is THE problem.  I wonder if the Android group is sufficiently staffed ... ?  For the price paid for a year's subscription, there should be adequate staff and expertise to remedy this nuisance issue in a reasonably timely manner.  I don't think that putting up with this problem for six months and counting, is reasonable and acceptable customer service.

Just my two cents.  Have a great day, and thank you for your post.

Regards,
-Phil

Link to post
Share on other sites
  • Staff
Vabadus

Vabadus

Posted
  • Staff
Posted

@garioch7i can assure you Android group is sufficiently staffed :)

I can tell you this, there's a solution to almost any technical problem. However, some solutions are not elegant and later on cause other headaches. We definitely do not want to do that, especially when it comes to pro-active scanning. I can tell, we are targeting to provide you an elegant solution which will fix your problems, which will not cause other problems and which actually will be helpful for other customers for different needs :)

I understand your frustration and appreciate your patience on this. I tell you, we'll nicely address this in the coming release in April ;)

Thank you Phil for bearing with us and thanks once again for your patience and all the input you provided to us.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.