Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

XProtect update due to KeRanger (Transmission)

M

Mac2013orlater

macrumors member
Original poster
Feb 2, 2014
98
2
XProtect does not seem to have KeRanger blacklist update as for our Mavericks 10.9.5.
Code: 
ma1:~ user22$ cat /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist  \
    | grep KeRanger
ma1:~ user22$
Nor App Store offers that update.
What's wrong?
 
I do not know, but it seems very unfortunate. My file (El Capitan) was updated with KeRanger on March 5 around Noon EST.

A.
 
Mac2013orlater said:
XProtect does not seem to have KeRanger blacklist update as for our Mavericks 10.9.5.
Code: 
ma1:~ user22$ cat /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist  \
    | grep KeRanger
ma1:~ user22$
Nor App Store offers that update.
What's wrong?
Click to expand...
The Xprotect update which blocked that was released several days ago, even for Mavericks. Do you have the option to install security updates automatically disabled in the App Store system preference?
Ok, so after digging into the Xprotect file that was most recently released, you're right that KeRanger isn't listed in that file. Curious. There are 2 other malware signatures in the file for 10.11 that aren't in the 10.9.5 version.
 
Last edited:
Breaking News: KeRanger update of XProtect was conducted by OS X today, according to System Information > Software > Installations
and the Terminal:
Code: 
Last login: Sun Mar 13 20:38:55 on console
ma1:~ user22$ cat /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist | grep KeRanger
        <string>OSX.KeRanger.A</string>
ma1:~ user22$

To be honest I doubt this update will help if KeRanger folks will hack some other software download server. Then the game restarts from beginning.

To be honest at time of opening this thread "install security updates automatically" was disabled.
This to avoid automatic pulling problems built-in in Fixes by Apple.
Short time after this thread was open the setting was set to enabled, this way it stays till now.
However I seriously consider going back to disabled due to experiences like that one with latest ethernet card driver update which caused heavy problems on users side.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back