Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 7636 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMC 5.1.3 (rev 3921) - Root rights detected

BenesJ

Hi all,

 I have one question on you If someone find this problem or solution. 

 After update to new 5.1.3 we found that on mobil phone Jiayu S3 LTE (And 4.4.4) and Lenovo Yoga Tablet 2 (And 4.4.2)  compiance violation Root rights detected but there is no app which need root rights (checked).

Other devices are OK (same or different Android versions)

Only these 2 have some kind of problem.

Ty for your answer

Jakub

:58094


This thread was automatically locked due to age.
  • 0

    Hi Jakub,

    the SMC server version has in general nothing to do with the root right detection.

    The root right detection is performed directly on the device by the SMC client directly.

    With SMC 5 we have added some additional checks for root rights which are executed by the SMC client.

    If one of these checks apply for the device, it is shown as rooted.

    You can get an SMC Android client log and directly check what is causing the violation. How to get a log of the SMC Android client is explained in this article. Within this log, you might find lines like these:


    INFO [SMC Device]: found rooting indicator: no exception was thrown by executing 'busybox' command
    INFO [SMC Device]: found rooting indicator: no exception was thrown by executing 'su' command
    INFO [SMC Device]: found rooting indicator: file '/system/xbin/su'

    Hope this helps.

    Best regards

    Stefan

    :58101
  • 0

    Hello I have a similar problem on a Xiaomi PRO device. I installed severla Root checker apps and all show this device is NOT rooted, but sophos tells me the device is rooted. I checked in the log file and he finds :

     INFO [SMC Device]: found rooting indicator: file '/system/lib64/libsu.so'

    After doing a lot of research with the Manufacturer, long story short:

    ...whatever file the system might find. Fact is that device was with an unlocked bootloader and rooted to install a GLOBAL ROM but afterwards (now) the bootloader is locked again and the device unrooted!! Sadly there is this one file left as a not 100% clean unroot. The big problem is only: Because of this stupid thing a cannot use my phone for work mail anymore!! - Because it is not compliant. 

    There has to be an option for the Admin to "Exclude suspicious files from the root check" or local on the device or global. Please help us solving this problem.  

    There should be at least 2-3 indications a phone is rooted, not just by 1 file. Today, since the bootleoader is locked and unrooted again I'm not able to delete this specific system file. I can only view it in an explorer. - Very Sad - Please help!

    Regards,

    Michael

Unfiltered HTML