Hello wonderful people,
So this keeps appearing in my Security preferences, which is odd as I'm not trying to install, well anything, and no profiles are appearing in preferences.
Has anyone else encountered this or similar?
MacBook Air (2020 or later)
EtreCheck report doesn't list the Configuration Profiles nor the kernel / system extensions. Please run the commands below and Terminal and copy paste the output in a reply.
List kernel extensions excluding Apple extensions
kextstat | grep -v com.apple
List the system extensions
systemextensionsctl list
It should list any unapproved extensions requiring activation which should list the MyApplication pending kernel extension
Next, let's capture all the Configuration Profile details.
By default this should return "There are no configuration profiles installed for user <username>"
profiles show
By default this should return "There are no configuration profiles installed in the system domain"
sudo profiles show
If you get a huge amount of results on this last profiles command run this to capture it to a file
sudo profiles show > /Users/Shared/profile_list.txt
Then attach the /Users/SHared/profile_list.txt by copying it's contents and using the Additional Text button in reply
EtreCheck report doesn't list the Configuration Profiles nor the kernel / system extensions. Please run the commands below and Terminal and copy paste the output in a reply.
List kernel extensions excluding Apple extensions
kextstat | grep -v com.apple
List the system extensions
systemextensionsctl list
It should list any unapproved extensions requiring activation which should list the MyApplication pending kernel extension
Next, let's capture all the Configuration Profile details.
By default this should return "There are no configuration profiles installed for user <username>"
profiles show
By default this should return "There are no configuration profiles installed in the system domain"
sudo profiles show
If you get a huge amount of results on this last profiles command run this to capture it to a file
sudo profiles show > /Users/Shared/profile_list.txt
Then attach the /Users/SHared/profile_list.txt by copying it's contents and using the Additional Text button in reply
If this is Adware -- Suggest downloading the Application Etrecheck directly from a well Respected ASC Contributor. and Should identify it as such and offer a solution.
If this is Malware -- Suggest downloading from a Respected ASC Contributor the application Malwarebytes for Mac. It is free or paid for added features. Run the Application and it should remove the malware / adware. Once done, restart computer and test.
There are no known Viruses in the wild that self replicate and affect macOS. There are Malware and Adware that does affect macOS and are often times downloaded as part of an Application from Third Party UnTrusted Site and get installed along with the Application.
Suggest downloading the Application Etrecheck directly from a well Respected ASC Contributor. The application is free or paid from added features. Run the application with Full Disc Access ( Security & Privacy - Full Disc Access ). It will take a Snap Shot - both the hardware and software. The Report will Not Reveal Any Personal Information. Post back the Full Report - copy and paste - using the Additional Text Icon ( 3rd Icon to last )
We can have a look at the report for possible issues and may have possible suggestions to resolve the issues.
Until that is done and addition questions in earlier posting are answered - it is difficult to know what is what. Has the University Mandated a VPN or their VPN ??
Do they Mandate surrounding the control of your computer to a MDM Service of their choosing ??
Oddly, according to terminal I have:
sjha[1] attribute: profileIdentifier: system.donotdisturb.digital_health_restrictions.system.donotdisturb
sjha[2] attribute: profileIdentifier: system.gamecenter.digital_health_restrictions.system.gamecenter
sjha[3] attribute: profileIdentifier: system.camera.digital_health_restrictions.system.camera
sjha[4] attribute: profileIdentifier: system.tvprovider.digital_health_restrictions.system.tvprovider
sjha[5] attribute: profileIdentifier: system.music.digital_health_restrictions.system.music
sjha[6] attribute: profileIdentifier: system.siri.digital_health_restrictions.system.siri
sjha[7] attribute: profileIdentifier: system.carplay.digital_health_restrictions.system.carplay
sjha[8] attribute: profileIdentifier: application.store.digital_health_restrictions.application.store
sjha[9] attribute: profileIdentifier: application.settings.digital_health_restrictions.application.settings
sjha[10] attribute: profileIdentifier: passcode.settings.digital_health_restrictions.passcode.settings
sjha[11] attribute: profileIdentifier: legacy.restrictions.apps.digital_health_restrictions.legacy.restrictions.apps
sjha[12] attribute: profileIdentifier: media.settings.digital_health_restrictions.media.settings
sjha[13] attribute: profileIdentifier: system.airdrop.digital_health_restrictions.system.airdrop
sjha[14] attribute: profileIdentifier: network.cellular.settings.digital_health_restrictions.network.cellular.settings
sjha[15] attribute: profileIdentifier: account.settings.digital_health_restrictions.account.settings
There are 15 configuration profiles installed
Here is an example of one of them (They are all similar):
sjha[2] attribute: name: (null)
sjha[2] attribute: configurationDescription: (null)
sjha[2] attribute: installationDate: 2021-09-04 10:37:14 +0000
sjha[2] attribute: organization: (null)
sjha[2] attribute: profileIdentifier: system.music.digital_health_restrictions.system.music
sjha[2] attribute: profileUUID: digital_health_restrictions.system.music
sjha[2] attribute: profileType: Configuration
sjha[2] attribute: removalDisallowed: FALSE
sjha[2] attribute: version: 1
sjha[2] attribute: containsComputerItems: FALSE
sjha[2] attribute: installedByMDM: FALSE
sjha[2] attribute: internaldata: TRUE
sjha[2] payload count = 1
sjha[2] payload[1] name = (null)
sjha[2] payload[1] description = (null)
sjha[2] payload[1] type = com.apple.applicationaccess
sjha[2] payload[1] organization = (null)
sjha[2] payload[1] identifier = com.apple.applicationaccess.digital_health_restrictions.system.music
sjha[2] payload[1] uuid = CCC9CAC6-8A34-4E53-A48B-B02A771A6564
All 15 of them have attribute: removalDisallowed: FALSE, which I assume (looking at the double negative) means removal is allowed, however,
sudo /usr/bin/profiles -D
Are you sure you want to remove all device configuration profiles? [y/n]:y
profiles: There are profiles installed that marked non-removable
Is this noteworthy or just standard behaviour? I don't even use most of those services anyway
P. Phillips wrote:
Suggest downloading the Application Etrecheck directly from a well Respected ASC Contributor. The application is free or paid from added features. Run the application with Full Disc Access ( Security & Privacy - Full Disc Access ).
Etre is fantastic.
This could be dangerous malware. We really need to see the EtreCheck report and if you click that Open Profiles button it should display the profile information, capture a screenshot of it and attach the image in your reply.
DO NOT ALLOW the "MyApplication". When opening the Profile do not allow it if prompted on the Profile screen. Just take a screen shot.
Next time you see the screen, click the Open Profiles button. That should be safe. Then screenshot the Profile screen so we can what it installed.
Oh I am the biggest idiot in the known cosmos. These are from my screen time restrictions...
If you do not see the Profiles icon try searching for Profiles on the search box within the System Preferences window.
Can you locate "MyApplication"?
Can you click on the Open Profiles button and take a screenshot of the profile it's trying to install?
Do not install it however.
That's how I removed it. Via Prefs - Profiles - minus - uninstall. University have said this application and profile that keeps being mentioned is not them.
Removed just before that comment 4:26pm GMT Friday ?
Just the one local user.
Question - it the VPN came from what source ?? Was it downloaded from the University IT Department or was is download by your choice of Source ??
Point # 2 A - Commercial VPNs should only be used if Mandated by Corporate Head Office for working remotely. Otherwise - ones Privacy and Security touted by the VPN is suspect.
Cambridge University UIS and I recall having this come up before that was installed. From their website and checked its provenance with my college. Only for the purpose of access to journals etc.
I mean maybe it's all fine and I'm just being too curious:
Until that is done and addition questions in earlier posting are answered - it is difficult to know what is what. Has the University Mandated a VPN or their VPN ??
Uni Cam created it for access to content such as journals. For publisher IP purposes...
Do they Mandate surrounding the control of your computer to a MDM Service of their choosing ??
Nope. Have checked. I did wonder...
All null, this is the odd thing, yet this strange Security and Privacy screen keeps coming back. The other odd thing about the screen is that normally I have it set to only allow Apps downloaded from Apple Store and not identified developers (which I manually check). Maybe it's just a bug and I'm fussing about nothing. That's very possible. Oddly, though it seemed to be preventing an MRT update (which I've just done manually - despite my having it all set up to auto update all in system prefs).
sjha@pc-1-2 ~ % kextstat | grep -v com.apple
Executing: /usr/bin/kmutil showloaded
No variant specified, falling back to release
Index Refs Address Size Wired Name (Version) UUID <Linked Against>
sjha@pc-1-2 ~ % systemextensionsctl list
0 extension(s)
sjha@pc-1-2 ~ % profiles show
There are no configuration profiles installed for user 'sjha'
sjha@pc-1-2 ~ % sudo profiles show
Password:
There are no configuration profiles installed in the system domain
Ps . I've removed the Cambridge VPN - the only one showing - to see if it happens again
Gatekeeper - Strange unknown application trying to constantly install and bypass GK and mention of a profile that doesn't seem to exist
