Recently my Cylance has been treating /Applications/Safari.app/Contents/Resources/Appdiagnose as a Threat. I quarantine it, and then quarantine it again. I've been unable to learn if this is a true threat or something that I can allow.
Advice?
iMac 21.5″, macOS 10.15
We know that Appdiagnose is a legit component of Safari and not a threat.
We also know that Cylance and the class of apps it belongs to (anti-virus, clean up, speed up) are unnecessary and likely to cause more trouble on your Mac than they claim to eliminate or protect against.
I would advise that you uninstall Cylance and any of its components and allow the macOS to protect itself as it is designed to do.
Security. Built right in. - Apple Support:
macOS security built right in. - Apple
App Security overview -Apple Support:
https://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1
Protecting against malware in macOS - Apple Support:
https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/1/web/1
We know that Appdiagnose is a legit component of Safari and not a threat.
We also know that Cylance and the class of apps it belongs to (anti-virus, clean up, speed up) are unnecessary and likely to cause more trouble on your Mac than they claim to eliminate or protect against.
I would advise that you uninstall Cylance and any of its components and allow the macOS to protect itself as it is designed to do.
Security. Built right in. - Apple Support:
macOS security built right in. - Apple
App Security overview -Apple Support:
https://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1
Protecting against malware in macOS - Apple Support:
https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/1/web/1
I agree with muguy's advice; uninstall Cylance. It's giving a false positive. That's one of the reasons for NOT using anti-virus and clean-up apps on the Mac. Appdiagnose is a legit component of Safari and should not be messed with.
Please take a peek at these short support documents –
click> Effective Defenses Against Malware (John Galt)- Apple Community
click> How to install adware (John Galt)- Apple Community
click> Avoid phishing emails, fake 'virus' alerts…and other scams - Apple Support
We know it's legit software. The hash is updated every new OS version that's released and Cylance is flagging it based on AI data.
When looking at the evidence reports you should see:
Deception (1 of 22)
Because it fits the AI model for this "threat" its flagging it even with a valid signature. Contact you IT admin or if you are the IT admin, you should verify the current hash is equal across another mac to ensure validity.
Also, the amount of disinformation in this thread is disappointing. Yes apple takes care of most issues with macOS, but in an enterprise environment, you need to have an additional layer to stop the PEBKAC problem. Normal people won't check hash, will install apps blindly and if restrictions aren't in place, you have a compromised environment that could lead to a multitude of other issues.
Best bet, check the hash against a clean machine that was just updated to the same version and if they match, you're free to release it.
4_2Learn wrote:
Recently my Cylance has been treating /Applications/Safari.app/Contents/Resources/Appdiagnose as a Threat. I quarantine it, and then quarantine it again. I've been unable to learn if this is a true threat or something that I can allow.
Advice?
Typically third party Anti-Virus does nothing but add issues and compete directly with Apple’s® own built in Security:
Uninstall all third party apps that are Cleaners/Optimizers/Anti-Virus/VPN—
All known to cause issues in the macOS.
Look for the in-app official uninstaller, if in doubt contact the Developers website.
Hopefully you are in the trial period—or see if you can get a refund and save your money.
Apple Platform Security - Apple https://support.apple.com/guide/security/welcome/web
Apps like you installed have to find something so you think you are getting something for the money—false positives abound...
this is an Apple® executable file and you would expect to see it if you drill down into the Package Contents files:
Your app interacts with the system during normal execution by calling system APIs. However, you need to communicate information about how to execute your app before you have access to these API calls, this is your executable file:
First, there is no reason to ever install or run any 3rd party "cleaning", "optimizing", "speed-up", anti-virus, VPN or security apps on your Mac. This user tip describes what you need to know and do in order to protect your Mac: Effective defenses against malware and other threats - Apple Community.
There are no known viruses, i.e. self propagating, for Macs. There are, however, adware and malware which require the user to install although unwittingly most of the time thru sneaky links, etc.
Anti Virus developers try to group all types as viruses into their ad campaigns of fear. They do a poor job of the detecting and isolating the adware and malware. Since there are no viruses these apps use up a lot of system resources searching for what is non-existent and adversely affect system and app performance.
There is one app, Malwarebytes, which was developed by a long time contributor to these forums and a highly respected member of the computer security community, that is desshoigned solely to seek out adware and known malware and remove it. The free version is more than adequate for most users.
Also, unless you're using a true VPN tunnel, such as between you and your employer's or bank's servers, they are useless from a privacy standpoint. Read these two articles: Public VPN's are anything but private and Former Malware Distributor Kape Technologies Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites.
Uninstall Cylance according to the developer's instructions. You can check to see if you've removed all of the supporting files by downloading and running the shareware app Find Any File to search for any files with the application's or the developer's name in the file name. For the Cylance software you'd do the following search(es):
1 - Name contains cylance
Any files that are found can be dragged from the search results window to the Desktop or Trash bin in the Dock for deletion.
FAF can search areas that Spotlight can't like invisible folders, system folders and packages.
Remove Cylance. It's unnecessary and will only. cause issues with your Mac.
I am experiencing the same alert using the Cylance antivirus application. I have also quarantine this file.
/Applications/Safari.App/Contents/Resources/Appdiagnose
Do we know if this threat is real or not?
MacOS Catalina
Version 10.15.7
Turnmar100 wrote:
I am experiencing the same alert using the Cylance antivirus application. I have also quarantine this file.
/Applications/Safari.App/Contents/Resources/Appdiagnose
Do we know if this threat is real or not?
See also here:
Effective defenses against malware and ot… - Apple Community
Cylance says "Appdiagnose" is a Threat
