Is /var/db/.GKRearmTimer legitimate?

Discussion in 'OS X Yosemite (10.10)' started by neoncontrails, Dec 16, 2015.

  1. neoncontrails macrumors newbie

    neoncontrails

    Joined:
    Dec 16, 2015
    #1
    Hey,

    I've been having some funny issues with Chrome today. Could someone have a look at the following file I found in my /var/db directory? It doesn't appear to be an Apple script, and in fact there's only two exact Google matches for that file name. So I'm a bit puzzled where it came from. I don't want to put my tinfoil hat on just yet, but if I'm not mistaken this header appears to be spoofing the credentials of an Apple server.

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>event</key>
    <string>reject</string>
    <key>timestamp</key>
    <date>2015-12-17T02:17:11Z</date>
    </dict>
    </plist>

    Any advice would be appreciated. For what it's worth, there is a corresponding event in my console from earlier this evening that reads "12/16/15 5:52:38.023 PM ntpd[175]: time set +0.302704 s."
     
  2. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #2
    You're mistaken. That is an XML file, and that header indicates that it's an Apple file.
    The particular file in question is related to Gatekeeper, and is legitimate. If you set Gatekeeper to allow all applications, the timestamp will be updated. In 30 days, Gatekeeper reverts to the "Mac App Store and identified developers" setting in the Security & Privacy System Preference.
     
  3. neoncontrails thread starter macrumors newbie

    neoncontrails

    Joined:
    Dec 16, 2015

Share This Page