User profile for user: KCSOS1300
KCSOS1300 Author
User level: Level 1
6 points

Flagged in Carbon Black: /usr/libexec/xpcproxy Is This Malicious?

The application /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking invoked the application /usr/libexec/xpcproxy. The operation was successful.


Carbon Black flagged this and was quarantined, is this malicious?

Posted on May 12, 2022 3:10 PM

Reply
Question marked as Top-ranking reply
User profile for user: VikingOSX
VikingOSX
User level: Level 10
123,152 points

Posted on May 13, 2022 6:18 AM

Since the Catalina and later System partition is read-only, anything in /usr/libexec is provided exclusively by Apple as part of the operating system. This is the problem with all so-called endpoint security solutions throwing up false positives for legitimate files in the operating system.


man xpcproxy


View in context

Similar questions

6 replies
User profile for user: IdrisSeabright
IdrisSeabright
User level: Level 10
185,813 points

May 13, 2022 7:13 AM in response to KCSOS1300

KCSOS1300 wrote:

Thanks for the response! VMware Carbon Black Cloud is a software as a service (SaaS) solution that provides next-generation anti-virus (NGAV), endpoint detection and response (EDR), advanced threat hunting

It is most likely unnecessary on your Mac and may in fact, cause problems. See here for more information:


Effective defenses against malware and ot… - Apple Community

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Flagged in Carbon Black: /usr/libexec/xpcproxy Is This Malicious?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up