Not quite sure what to do...

Marcees1436 wrote:

Hi Etresoft,

Running etrecheckPro immediately after a clean reinstall and update. Why would system integrity protection be off??

System Integrity Protection is not disabled on your computer. Security updates are disabled. Technically that does mean that Apple's default security isn't properly configured. But it's not horribly bad. I think many people confuse this setting with software updates, which I actually do recommend disabling.

I did not turn it off. Do you find that odd?

It is odd, but there are some reasonable explanations.

Your program caught com.apple.applicationaccessforceAutomaticDateAndTime = 1. as a configuration profile... is it? It may not be malware but is a configuration profile? and if yes what does it do?

This setting prevents you from turning off automatic date and time updates. Supposedly, it should only be used on iOS. But you aren't the only person to have this turned on. I don't know why it's turned on. I think this may be a side effect/bug of Screen Time.

I am running firewall because I want to block anything that can access my computer. It is no longer off by default unless my firewall alone allows ssh-kegen-wrapper and others to be allowed by default after installing sequoia. Maybe that's what you mean by "causing problems"... firewall would not let me untick the allow for ssh so I added it again, and blocked it...

No. I mean the Sequoia forums are just lighting up with people having problems because of the firewall. Just turn it off entirely. It doesn't do what you think it does. It's a long story. But if you are concerned because of odd things happening, the firewall in Sequoia is a great way to generate lots of new odd things.

I am not looking for bugs.... I understand the system is complicated... that's why I ran your software... so I could see what was installed, running etc.

EtreCheck is designed to be used as a way to investigate some other problem. I really don't want people to see something in EtreCheck and identify it as a problem only because it shows up in an EtreCheck report. I find that distressing.

Marcees1436 wrote:

Hi EtreSoft...

Application access is screentime..... so I suppose it would be considered a "managed client" although I would call it a managed app... Its not listed under profiles its listed under managed client....

I actually posted the previous long reply before I saw this one. If you were using ScreenTime, then this is actually just a bug in EtreCheck. That makes two bugs you've found in EtreCheck with one question.

Marcees1436 wrote:

I have been here before and told I was insane... New computer, not logged into my Apple ID, I erased Mac, reinstalled and updated this morning. Only app installed is etrecheck.

Why are you running EtreCheck on a brand new, Apple Silicon computer?

EtreCheck is designed to help resolve problems. It just prints everything it finds and then your job is to cross-reference that information with whatever poor experience you are suffering from.

Please see report and help.... I did not disable security...I DID re-enable it just now..when I look under profiles there are none there, all remote management is blocked via firewall.

Why are you running the firewall? It is disabled by default and should stay that way. It is causing significant problems for people who are using it in these early builds of Sequoia.

Configuration Profiles

Type: com.apple.applicationaccessforceAutomaticDateAndTime = 1

Configuration profiles can be used to override user preferences. Configuration profiles are normally used only in enterprise or education environments. They are also commonly used by malware. This table shows the installed profiles, the application affected, and the changes being made. Click the About button to learn more from Apple about Configuration profiles.

If there are malicious profiles installed, click on the Open button to open Profiles in System Settings. There, you can remove any profiles that have been installed by malware.

I'm afraid the best I can do is update EtreCheck and remove some of those remarks about possible malware. I actually haven't seen any malicious configuration profiles for a long time, or perhaps ever. When I investigate, it looks like this could have simply been an artifact from back when I was more naive about internet misinformation.

The macOS operating system is complicated. It is easily the most complicated operating system ever made. Anyone who goes looking for unusual things is going to find them, thousands of them. I assume you bought this computer for some reason other than looking for computer bugs. Think of what that was, and then go do that. Stop looking for bugs. You can't possibly find them all.

Marcees1436 wrote:

Thank you Mr. Hoffman,

Ahh, the year 2000... not fun for me. Yes my computer and other devices were infected by some sort of ransomware that hijacked the admin account on my Mac, locked me out of making any changes to my computer... and came back even after wipe and reinstall as files aren't gone until the are written over.. or something like that. So yes, I do check for oddities...and I do use the firewall, when things change without me changing them I get a bit nervous. When I see Marcee's MacBook Air change to Mr. I look.

EtreCheck....

No Time Machine backup - Time Machine backup not found.

Security updates disabled - Security updates are disabled. This computer is at risk of malware infection.

Kernel panics - This system has experienced kernel panics. This could be a sign of hardware failure.

Apple security disabled - Apple security software is disabled. This computer is at risk of malware infection.

Yes the updates were disabled but so was Apple security... I literally just reinstalled macOS and did not disable it. I would know if I went to terminal in recovery and did that. I did not. I did enable it after I saw the report.

The commands you posted below......

You’re likely already aware of the typo in what you entered, given the error.

I’d suggest learning more about Terminal from the following linked resources or similar:

• https://academind.com/tutorials/terminal-zsh-basics
• https://www.youtube.com/watch?v=ogWoUU2DXBU

Older, and describes bash and not zsh, but can provide some background: Introduction

Paid: https://scriptingosx.com/macos-terminal-and-shell/

Last login: Mon Oct  7 09:38:30 on console

marcee@Mr ~ % sudo-s

zsh: command not found: sudo-s

That’s an odd choice to input, given it wasn’t requested, and given how long you’ve been using Terminal.

marcee@Mr ~ % sudo scutil --get HostName 

Password:

HostName: not set

So no host name is set.

marcee@Mr ~ % sudo scutil --get LocalHostName 

Mr

There’s the host name shown by the prompt.

marcee@Mr ~ % sudo scutil --get ComputerName

Marcee’s MacBook Air

Looks like a default setting.

You can set the above from the command line as were shown, or probably better to use the GUI.

Here is the GUI path to most of that: Find your computer’s name and network address on Mac - Apple Support (BY)

marcee@Mr ~ % whoami

marcee

marcee@Mr ~ % 

There’s the rest of the default prompt string. That’s your login name / shortname, and the name of your home directory. For more on that, see the link in my previous reply.

I wish you well with whatever your goal here might be.

I'm sorry. Not sure what you think is wrong.

The Etrecheck report shows nothing out of the ordinary, except the turned off security options.

Beyond that, everything looks fine.

What is it you think is working with it?

What unauthorized apps are you seeing?

Discussions about the various surprises arising from the default prompt (accessible as the PS1 and PROMPT variables in zsh) are common. They don’t always work as expected, and folks’ choices for host names and usernames can vary, and (as is likely the case here) the DNS network host name responses arising in some networks are not always as expected, and can be inconsistent over time.

Set the default prompt (PS1) and the host names as you want.

Here is how to view the three host names related to most macOS operations:

sudo scutil --get HostName 
sudo scutil --get LocalHostName 
sudo scutil --get ComputerName

Here re the commands to change these, with example text shown for the new values:

sudo scutil --set HostName HostName.example.com 
sudo scutil --set LocalHostName HostName
sudo scutil --set ComputerName FriendlyHostName

To view the current prompt in your current environment:

echo $PS1
echo $PROMPT

To see the current active username (shortname):

whoami

Some background on zsh prompts and prompt syntax:

• https://davidmyers.dev/blog/a-guide-to-customizing-the-zsh-shell-prompt
• https://www.makeuseof.com/customize-zsh-prompt-macos-terminal/

Marcees1436 wrote:

I am running firewall because I want to block anything that can access my computer. It is no longer off by default unless my firewall alone allows ssh-kegen-wrapper and others to be allowed by default after installing sequoia. Maybe that's what you mean by "causing problems"... firewall would not let me untick the allow for ssh so I added it again, and blocked it...

Where is your Mac located? If it's at home behind a router running WPA2 Personal wireless security or better you don't need a firewall. It's sufficient to keep others out.

The firewall is primarily for mobile devices, i.e. laptops, that are using public WiFi, i.e. like Starbucks, hotels, etc.

satcomer wrote:

"Apple security disabled - Apple security software is disabled. This computer is at risk of malware infection.

Why to you want NO built in Trojan Scanning into your system from Apple?

Probably for the same reason there are no backups — this particular Mac doesn’t look like it’s much past initial install, as was mentioned earlier here. OP is clearly familiar with and experienced with security as well, so disabling the built-in anti-malware setting seems a deliberate choice. (Or maybe this is a bug in EtreCheck reporting in macOS 15 Sequoia? No local macOS 15.0.1 configuration handy to check that, though.)

OP has also had previous concerns over security, based on an earlier security-related thread:

• ASL Manager Question - Apple Community

That thread includes clear and detailed security concerns, such as the following from OP: “Mac is full of malware I know that, one Mac is at Black Swan in TN, they are a forensics facility trying to decode some…”, as well.

Based on this new thread, security issues or security concerns have arisen anew, or issues or concerns have been ongoing for the past several years, as well.

Given the previous and current issues and concerns and the inferred years-long duration, and whatever Black Swan Digital Forensics might or might not have found, this whole situation seems unlikely to be resolved around here. This likely means (re-)obtaining specialized help for the concerns and for whatever has (or hasn’t) happened (again?). What that all might entail?

satcomer wrote:

"Apple security disabled - Apple security software is disabled. This computer is at risk of malware infection.

Why to you want NO built in Trojan Scanning into your system from Apple?

It's actually not that bad. In this case, only security updates are disabled. For all practical purposes, the system is still secure.

I realize that I'm using some of the same kind of fear mongering that I complain about from others. I would welcome any better ideas on how to present this. Technically it's true, but system security is still functional. There's no valid reason not to have security updates enabled.

Unfortunately, this is a common problem. People who are most affected by internet misinformation and think they are actively being hacked are also the most likely to take security risks and make poor security decisions. The most secure that every Mac ever gets is with default settings, when it is first turned on out of the box. But when people get scared, and "influenced" over social media, the first thing they do is start hacking around on those default settings and making all kinds of changes.

etresoft wrote:

satcomer wrote:

"Apple security disabled - Apple security software is disabled. This computer is at risk of malware infection.

Why to you want NO built in Trojan Scanning into your system from Apple?

It's actually not that bad. In this case, only security updates are disabled. For all practical purposes, the system is still secure.

I realize that I'm using some of the same kind of fear mongering that I complain about from others. I would welcome any better ideas on how to present this. Technically it's true, but system security is still functional. There's no valid reason not to have security updates enabled.

Perhaps you can soften the message a bit. Maybe something like "the computer is more susceptible to malware".