To Customer Support To Customer Support
Solved

El Capitan - Threat detection - Genieo & TuneUpMyMac

B
Rank
Am I the only one?
 
I am signed up to the El Capitan betas and for the last couple of updates (Public Beta 4 & Public Beta 5) Webroot has detected 2 threats. 
 
After Public Beta 4 - /System/Library/CoreServices/MRT.app/Contents/MacOS/MRT - Detected as Genieo
 
After Public Beta 5 - /System/Library/Frameworks/CoreFoundation.framwork/Versions/A/CoreFoundation Detected as TuneUpMyMac
 
As far as I can tell, both of these are part of OSX and not the applications they are being detected as.
 
I am therefore assuming these are false positives, but I can't find anyone else experiencing the same problem. Are these safe to just ignore and move to the safe files list or is this going to get fixed???
icon

Best answer by Wanderingbug 20 August 2015, 16:41

View original

17 replies

Ssherjj
Rank
Userlevel 7
Badge +62
Hello ?,
 
Welcome to the Community,
 
Please havea look here https://discussions.apple.com/thread/6113220 and look here https://discussions.apple.com/thread/5554258
 
If Webroot detects these as a threat then they generally are. I have a Mac and do not have these applications.
 
Do not move to the safe file list.
 
Let me ping ? who is our Mac Threat Researcher and he can advise further.
 
Otherwise you can submit a Support Ticket free of charge with an active subscription and they will gladly check these threats for you and see if they are a false positive. But what I know of these they are not.
 
 
Hope this helps,
 
 
KInd Regards!
 
 
 
 
 
 
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
B
Rank
Hi Sherry,
 
Many thanks for the reply. I have checked the links you have provided, which I have tried following before. I cannot find any of the files specified in the removal processes which leads me to believe than none of these applications (Genieo or TuneUpMyMac) are on my machine.
 
Kind regards,
 
Bazrat
Wanderingbug
Userlevel 7
Hello BazRat,
The reason that we are detecting these apps is because Apple did not encrypt their software properly and they both have malicous strings in them.  We have pushed an update to our system with will ignore those two files please make sure that the last three digits of your WSA version is 335 or higher.  One other thing to mention is that we are not currently supporting El Capitan since it is still in Beta versions so if you do have issues with it then our support team may have issues determining the problems.  Please feel free to reach out to me with any questions or concerns that you may have regarding the Mac version of our product.
Regards,
Devin T Byrd Former Mac Threat Research Analyst
B
Rank
Hi Devin,
 
Many thanks for your response.
 
I appreciate that El Capitan is still in Beta and it is not currently supported. I was just a little concerned I wasn't seeing anyone else experiencing the detections so was reaching out to the Webroot community :D.
 
Thanks for putting my mind at rest.
 
Kind regards,
 
Bazrat
Wanderingbug
Userlevel 7
I am currently testing with the beta as well to make sure we will be good for the release but as you are aware betas can be more of a pain than they are worth at times lol.
Devin T Byrd Former Mac Threat Research Analyst
B
Rank
Hi Devin,
 
Yes... being in the IT industry, unfortunately I am more than aware of issues with Beta software. Somehow tho I keep talking myself into ensuring I'm on the cutting edge!!! Always a bad idea :D
 
I take it, it will take a while for the updates to populate through your servers? Mine is still reporting as 334 and says no updates available.
 
Kind regards,
 
Bazrat
Wanderingbug
Userlevel 7
you should consider running our betas, we should be pushing a new one soon.
Devin T Byrd Former Mac Threat Research Analyst
B
Rank
Hi Devin,
 
I tried registering for the Beta a while ago, but haven't received anything so I am assumed the Beta registration is currently closed.
 
I take it that 'Web Threat Shield' also doesn't currently work for El Capitan for web searches. I just get the spinning circle aginst each result and never finishes. Thankfully it does work if you click on a link.
 
I will just have to wait for the official releases.
 
Many thanks for all your help.
 
Kind regards,
 
Bazrat
Wanderingbug
Userlevel 7
Im not sure about the threat shield, I havent tested with it recently.  I will see if ? can help with the Beta info as I dont handle that myself.
Devin T Byrd Former Mac Threat Research Analyst
nic
Userlevel 7
Badge +56
Sorry, I must have missed your beta application. I'll get that taken care of now and send you a keycode and an invite to the group.
S
Hi there, i have the same problem only i'm not using a beta version of El Capitan.
is there any updates for WSA or are these threats actual threats that need to be removed? if so, how do i manually remove them?
thanks
shorTcircuiT
Rank
Userlevel 7
Hello there ?, welcome to the Community!
 
Beta versions of any OS are not able to be officially supported.  This is because of the nature of Beta OS: they may change very frequently as the software is developed and fine tuned.  Once a new build is released, then Webroot officially supports it.  This is normal, and is the case with new builds of Windows as well.
 
You CAN submit a Trouble Ticket though.  While the beta is not officially supported, so Support might not be able to fix things, there is always a chance that can still take a look and whitelist the files in question.
Wanderingbug
Userlevel 7
@ wrote:
Hi there, i have the same problem only i'm not using a beta version of El Capitan.
is there any updates for WSA or are these threats actual threats that need to be removed? if so, how do i manually remove them?
thanks
These traces should have been fixed now.  What is the locations of the threats that you are getting? Are they local or on a backup?
 
Devin T Byrd Former Mac Threat Research Analyst
I
I'm having the same issue with the 2 Mac apps. I have version 8.0.10.18.  I dont see a 335? Suggestions?
Wanderingbug
Userlevel 7
Hello iluis,
Can you please provide a screenshot of the threats being detected or the path that is being detected.  The current production release is no longer 335, it should be somewhere around 380ish. 
Regards,
 
Devin T Byrd Former Mac Threat Research Analyst
W
Rank
I am still getting these "Threats" being picked up on El Capitan 10.11.6.
 
I am using Webroot Secure Anywhere Ver 9.0.4.23: 530.
 
Any ideas on fixing this?
 
 
 
 
Ssherjj
Rank
Userlevel 7
Badge +62
Hello wanchaiman,
 
My advise would be to Submit a Support Ticket and have the Support Team assist you. This is a free service with a Webroot subscription.
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.