About those "<app> will damage your computer" messages

Problem

Annoying and persistent messages (typical example below) keep appearing on your Mac:

This is just one of hundreds of examples that have appeared on this site over the past several years.

The names that appear in quotation marks tend to be arbitrary and meaningless. Selecting OK doesn't cause them to stop, and "Show in Finder" doesn't seem to help either. What's worse is that no file with that name is likely to exist in a readable form anywhere on your Mac, making it impossible to find and fix even if you perform an exhaustive search.

If that's the problem that brought you to this User Tip, the following describes how to fix it. You can fix it completely on your own, or with some help from your fellow Apple Support Communities members.

It begins with an abbreviated version intended for highly experienced Mac users, followed by step-by-step instructions for those who need more explicit help, for navigating to certain folders and taking screenshots of them, and to Ask the Community for an answer tailored to their specific needs.

Instructions for highly experienced Mac users

Begin with inspecting the contents of the following three separate folders:

/Library/LaunchDaemons

/Library/LaunchAgents

~/Library/LaunchAgents

A new Mac ships with those folders — mostly — empty. You may find one or two files Apple included with macOS, or with some macOS updates, but that's it. Everything else they contain will be for products you deliberately installed on your Mac.

A few examples of files obtained from legitimate developers contain the following in their names:

Adobe

Amazon

Citrix

Dropbox

Google

Microsoft

Teamviewer

Zoom

That short list encompasses about 95% of all legitimate software you are likely find on a Mac. There are two salient points to bear in mind regarding the contents of those three folders:

1. Everything you find in those folders is related to something you installed. Obviously, whatever you choose to install on your Mac is your business, and you should have at least a passing familiarity with its contents.
2. Legitimate software makes no attempt to obscure its name behind incomprehensible or randomly chosen file names with the intent to hide an equally legitimate purpose.

That means everything else you find in those folders should be regarded as suspicious.

If you are comfortable with fixing it on your own, here is the short version:

1. Restart your Mac in "Safe Mode": Use safe mode on your Mac - Apple Support
2. Drag all suspicious files out of those folders and into the Trash.
3. Restart your Mac normally, and evaluate.

If the problem is resolved, you're finished. If the annoying dialog reappears, reconsider any additional files that you did not consider suspicious at first, and repeat the above numbered steps.

If you dragged a file required for legitimate software you installed into the Trash, you can effectively undo that action by selecting that item in the Trash and selecting the Finder's File menu > Put Back.

That's it!

The conclusion of this User Tip contains a few comments highly experienced Mac users may find useful. They can skip everything in between.

Expanded instructions for everyone

This section describes how to navigate to the folders that need to be examined, followed by capturing their contents so that they can be included in a question for your fellow Apple Support Communities members.

To open those folders, start with this one:

~/Library/LaunchAgents

To open that folder, copy the entire line above and paste it in the Finder's Go menu > Go to Folder... field:

Make it look like this:

... and click the Go button. A Finder window will open. Leave it on the Desktop.

Open a new Finder window (File > New Finder Window) and then open the next folder:

/Library/LaunchAgents

Notice its pathname is different than the last one. The Finder's Go menu > Go to Folder... field should look like this:

... and click the Go button.

Leave that Finder window on your Desktop, open a New Finder Window once again, and then open one more folder:

/Library/LaunchDaemons

The Finder's Go menu > Go to Folder... field should look like this:

... and click the Go button once again.

In the end, you will have opened these three separate folders:

~/Library/LaunchAgents

/Library/LaunchDaemons

/Library/LaunchAgents

Now, in each of those three windows, select View > as List or other selection that shows that folder's complete contents, including complete file names. Modify the column widths if necessary. Expanding the window's overall width so as to encompass the file's modification dates will help also, so please endeavor to do that.

You can now take a screenshot of each of those windows: Take a screenshot on your Mac - Apple Support.

• If there are too many files in a folder to capture in one single screenshot, take multiple screenshots, scrolling down in between each one, to include that folder's entire contents, from beginning to end.
• It is not necessary to capture anything other than what is displayed in that Finder window. "How to capture a window or menu" in Take a screenshot on your Mac describes how to capture only what needs to be shown. Please endeavor not to capture any information that should be considered personal.

Those screenshots will appear on your Mac's Desktop with names "Screen Shot... " followed by the date and time they were captured.

Next, either post a reply to your existing Discussion or post a brand new Discussion containing the entire contents of all three of those windows, one at a time, using the "picture" icon that appears below your reply text:

• When posting your message, please review and confirm the screenshots you post reveal complete, readable file names. If they do not, then please review the above instructions.

Then, your fellow Apple users or the author of this User Tip or even you yourself will be able to identify the files that are likely to be causing the problem.

Please wait for that reply. While you wait, be sure that you create a backup of your Mac's contents. Why? The reason is only peripherally related to the issue at hand — any device can fail at any time for any reason, or no apparent reason whatsoever. If you do not have a backup of your Mac, it means the prospect of permanently losing all the information on it does not concern you.

Back up your files with Time Machine on Mac - Apple Support describes how to use Apple's Time Machine backup software, which every Mac already includes. If you have not been using Time Machine, now would be a good time. Don't put it off any longer.

So why did this happen? And why now?

The underlying reason has been brewing for years. You may have installed something long ago and regretted it, or thought you uninstalled it, or have long since forgotten about it. In fact macOS's XProtect and other malware remediation efforts have already rendered the potentially malicious software inactive. The only problem is the annoyance of a persistent dialog that won't go away.

Why doesn't Apple fix it? Good question. They can, but the short answer is that "it's complicated". For a long time Apple was happy to merely intercept and invalidate malware before it can affect macOS, and that hasn't changed. What has changed is their apparent decision to reveal the existence of malware remnants that have only recently become to be associated with known malware of the past. As such, the dialog itself can be arguably characterized as a bug in macOS, but that's a decision only Apple can address.

Why can't non-Apple anti-malware developers fix it? Again, it's a good question. Malware can only be identified and / or eradicated if they know what to look for, and most products fail miserably in that regard. False positives and false negatives will always be a threat.

The best any product can do is to identify potential malware so the user can make his or her own decision regarding that uncertainty — a salient point of this User Tip. If a package installer is signed and notarized by a large, well-known developer, it's not likely to be malware. However, there are lots of valuable products from small developers that should not be excluded from the marketplace. Conversely, there are lots of worthless junk products from legitimate developers that probably should be excluded.

In the end, you are the final judge of the products you choose to install on your Mac. Choose wisely.

A glaring omission

Very experienced Mac users are now asking themselves "wait, what? This does NOTHING to get rid of the REAL malware!" And they're right. The malware "payload" actually exists in an Application Support folder. This User Tip is completely silent on that fact, because those files can do nothing unless invoked by processes in files whose removals are addressed herein. Unless reactivated by the installation of new files, that "payload" will remain inert and will just occupy space — and installing additional malware could just install them anew anyway.

Many of those files in Application Support are hidden. Describing how to reveal them adds additional complexity to these remediation instructions. Then, you have to correlate them to the Launch Agents and Daemons that call them. There is a limit to the length of a User Tip, as well as a limit to any reasonable Mac user's patience reading it. But if you made it this far, you already know how to find those items and drag them to the Trash if their existence concerns you. The same caveats apply — legitimate software doesn't hide behind obscure names, and it definitely doesn't make itself invisible.