diff --git a/mvt/android/modules/adb/packages.py b/mvt/android/modules/adb/packages.py
index 412dea8..b5e7678 100644
--- a/mvt/android/modules/adb/packages.py
+++ b/mvt/android/modules/adb/packages.py
@@ -66,6 +66,13 @@ ROOT_PACKAGES = [
     "com.kingouser.com",
     "com.topjohnwu.magisk",
 ]
+SECURITY_PACKAGES = [
+    "com.policydm",
+    "com.samsung.android.app.omcagent",
+    "com.samsung.android.securitylogagent",
+    "com.sec.android.soagent",
+    "com.wssyncmldm",
+]
 
 
 class Packages(AndroidExtraction):
@@ -122,6 +129,10 @@ class Packages(AndroidExtraction):
                 self.detected.append(result)
                 continue
 
+            if result["package_name"] in SECURITY_PACKAGES and result["disabled"]:
+                self.log.warning("Found a security package disabled: \"%s\"",
+                                 result["package_name"])
+
             if not self.indicators:
                 continue