Is /var/db/.GKRearmTimer legitimate?

Discussion in 'OS X Yosemite (10.10)' started by neoncontrails, Dec 16, 2015.

  1. neoncontrails macrumors newbie


    Dec 16, 2015

    I've been having some funny issues with Chrome today. Could someone have a look at the following file I found in my /var/db directory? It doesn't appear to be an Apple script, and in fact there's only two exact Google matches for that file name. So I'm a bit puzzled where it came from. I don't want to put my tinfoil hat on just yet, but if I'm not mistaken this header appears to be spoofing the credentials of an Apple server.

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
    <plist version="1.0">

    Any advice would be appreciated. For what it's worth, there is a corresponding event in my console from earlier this evening that reads "12/16/15 5:52:38.023 PM ntpd[175]: time set +0.302704 s."
  2. chrfr macrumors 604

    Jul 11, 2009
    You're mistaken. That is an XML file, and that header indicates that it's an Apple file.
    The particular file in question is related to Gatekeeper, and is legitimate. If you set Gatekeeper to allow all applications, the timestamp will be updated. In 30 days, Gatekeeper reverts to the "Mac App Store and identified developers" setting in the Security & Privacy System Preference.
  3. neoncontrails thread starter macrumors newbie


    Dec 16, 2015

Share This Page