Setting this up in Hazel couldn’t have been simpler. So that silent automatic update appeared genuine in every respect, and there is not the slightest suggestion that it could have been malicious in any way. But tagged onto the end of /Library/Receipts/ist was an entry which identified the installer package as .pkg, and confirmed that it had been installed by Apple’s installer.Ī fuller account was in /var/log/install.log, which remains browsable in Console, and gave a blow-by-blow account of the running of the update’s install scripts. It was listed in Installations in System Information, but the information given there is so thin as to be almost useless.Īs a third-party update, it didn’t leave much useful information about the installation, and isn’t of course listed in my app SystHist. The update had also passed through a legitimate installation process. 10:23:24.814 hazelworker Hazel Alert: ist was added to /Library/LaunchAgents at 10:23 10:23:24.813 hazelworker ist: Rule Newly added matched. Hazel’s log gave me a good estimate of the time that this had happened: All four signatures looked good when checked using Objective-See’s What’s Your Sign?, and those signatures hadn’t come from Denton Rublaiev or similar, but from Adobe itself. I checked those, and although the Acrobat Update Helper app itself hadn’t been updated, its. Your guess is as good as mine.Ī click on Hazel’s notification opened the folder, and displayed the offending file, which looked to be an addition to run the Acrobat Update Helper buried in Adobe’s support folders. With the absurd name ist it could only be genuine or malicious. Midway through the morning, up popped a notification that a new property list had been installed in my /Library/LaunchAgents folder. Yesterday, Hazel showed how useful it is, when it detected a silent update arranged by one of the few remaining Adobe products I have installed, Acrobat (Pro, as used to be before we went all silly and CC/DC). One reason that I have installed Hazel is to keep a close watch on changes in those LaunchAgents and LaunchDaemons folders which are so useful to malware. And you know that, one day, that fresh and innocent-looking property list quietly tucked away in a LaunchAgents or LaunchDaemons folder could turn out to be malicious. Don’t you just hate silent automatic updates? Sometimes you don’t realise that they have taken place until something misbehaves or crashes.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |