Malware Octagon Security

Thank you.

From part of your original post - A user profile I didn’t set up keeps appearing called ‘wheel’.

Wheel is owned by the OS. It's a root user of Unix (which macOS sits on top of). It means "the big wheel", or "the big cheese". The OS uses it to perform functions the user can't.

You EtreCheck report shows virtually nothing but a few standard Mac processes, except for this one:

DocumentPopoverV 4

This is an unsigned app. And nothing installed by Apple would be unsigned. So this has to be some sort of third party app.

The only thing I can find related to such a name is a bootstrap manager. Something only a few people have any real use for. This may be the wrong item related to that name, but it definitely shouldn't be there.

You may have to start up in Recovery Mode so you can completely erase the drive and reinstall the OS from scratch. DO NOT restore any backup, or you'll just get whatever this is back on the drive.

Yes, and I wasn't clear enough. Barney-15E is quite correct that many parts of Unix will appear as unsigned. I was referring to unsigned third party apps as being something to be wary of.

Check the locations of those unsigned apps. If they're in the System folder (and they likely all are), then there's nothing to worry about. Only Apple can put anything in the System folder.

Do you mean your "new" Mac already had Norton 360 on it, and it was trying to download something on it's own?

If so, you Mac is definitely not new. No Mac comes with any such software preinstalled, and nor does it need it.

There are unknown names in your Keychain this is totally normal on every system. As stated the octagon file is part of the OS security and should not be removed. Modifying keychains is only going to give you problems with your Mac requiring a Factory Reset.

Norton 360 is not recommended to install. You will see false claims of security issues. This is how they keep themselves relevant so you believe you need their software and will continue to pay more for it. Here are just 3 previous articles from this support forum:

https://discussions.apple.com/thread/254569992

Norton 360 deluxe - Do or don't? - Apple Community

Norton 360 Mobile Security - Apple Community

Your Mac has built in protection from viruses and continually gets Security Update. To make sure you keep your Mac safe, do not install any Cleaner App or Anti-Virus software. Along with that, do not install from a Safari notification saying you have a virus or from a pop up on a website. These are known scams.

More importantly is keeping your Apple ID password safe and avoid phishing messages. For more information about these:

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

If you do think that your Apple ID has been compromised, then you can follow this support article:

If you think your Apple ID has been compromised - Apple Support

When using Safari, do not allow Notification or Pop-ups from every site you use. This is the source of common problems and in most cases, you do not need them.

Other than that, enjoy your Mac and try not to be looking for problems you do not have. If you do experience a specific problem when using it, feel free to create a new question with your concerns and issues you are having. At this point, there is nothing you should be concerned with from what you have posted.

CurateHygge wrote:

bought new MacBook Air turned it on last night and today tried downloading Norton 360.

That is your first mistake. Do not install Norton 360.

In addition to the great resources Mac Jim ID cited, see also:

Effective defenses against malware and ot… - Apple Community

I wish I’d read this before my install and annual payment to Norton went though. Is there a tutorial anywhere that can help a layman, such as myself, identify threats by looking through the analytics. A red flag cheat sheet?

Chapmans4972 wrote:

Is there a tutorial anywhere that can help a layman, such as myself, identify threats by looking through the analytics. A red flag cheat sheet?

No. Interpreting analytics requires specialist training and software.

The best advice I can give (and which I have already given once in this thread) is this article:

Effective defenses against malware and ot… - Apple Community

It will tell you how to keep your Mac safe. Spoiler alert: the best defense is the stuff between your ears.

Answered in the Apple Developer's forum.

SecItemAdd creates keychain item w… | Apple Developer Forums

There are hundreds of background processes that will be unknown or unsigned. Most are parts of Unix. Trying to remove them will be unsuccessful or will disable your Mac.

Malware absolutely exists on Macs, .

Only if you install it.

What do you have in Login Items at  > System Settings > General > Login Items? Also take a look at the Apps that are allowed to run in the background. You can disable with the switch or delete the associated app that is usually in the Applications folder. Don't worry about the AdobeAcrobatReader or OSMessageTracer if you have those.

Startup in Safe Boot mode and check these locations by copying and pasting at Finder > Go > Go to Folder:

• /Library/StartupItems - Usually there are no items in there
• /Library/LaunchAgents - Maybe just an Adobe file in there
• /Library/LaunchDaemons - Maybe com.adobe or com.apple files in there

Feel free to ask about a file before deleting if you are unsure. I usually recommend a backup before deleting any System files, but you have made it clear that you are not concerned about the info you have on the device.