MacOS environment: no actions for Adwares ?

SecurMander

Hi,

Have received some notifications from my PMS about some Adwares detected on MacOS environment with no action done.

This is the detail:

Security alert: Spyware detected. No action done.

Details: Spyware detected in /System/Volumes/Data/Users/XXXX/Library/Safari/Extensions/QuickBrowse.safariextz. Infection : Adware.ADWARE/OSX.Spigot.twnbe Action : none. File hash: 2eecd50383676738a4a5e171b042c7cc2fb25706 Accessor path: N/A Accessor hash: N/A Access operation: N/A

Have the same with Adware.ADWARE/OSX.WeDownload.woyy and Adware.ADWARE/OSX.adw.13727

In the PMSC - Settings - Realtime Scanning - all options are set to Custom: Quarantine Automatically. (Both settings, both servers and workstations)

Is there any other settings I have to set properly ?

Thanks for your help.

JamesC

Hi,

I had to check this with our detection team.

Based on the file path that you mentioned, this might be related to Safari browser infection. Unable to tell at he moment but it could have been an unsigned / untrusted extension.

As the malicious part is in the browser extension, fully resetting the browser should do the job for most of the cases.

It is a common issue that our product didn't get to remove as it is being used by the browser in the background.

SecurMander

I did a mistake about the settings description: I was in the Windows Settings.

In the Mac settings, there is no way to set any spyware action?

JamesC

Hi

Yes, that is correct. There is no way to set different spyware action in mac agent settings.

SecurMander

Hi,

Thanks your your reply.

OK I got it that I cannot set different spyware action but I hope that clients are still protected ? If not action is done, what does that mean ? spywares are still there but blocked ? Ignored ?