XProtect update due to KeRanger (Transmission)

Discussion in 'macOS' started by Mac2013orlater, Mar 11, 2016.

  1. Mac2013orlater macrumors member

    Feb 2, 2014
    XProtect does not seem to have KeRanger blacklist update as for our Mavericks 10.9.5.
    ma1:~ user22$ cat /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist  \
        | grep KeRanger
    ma1:~ user22$ 
    Nor App Store offers that update.
    What's wrong?
  2. Alrescha macrumors 68020

    Jan 1, 2008
    I do not know, but it seems very unfortunate. My file (El Capitan) was updated with KeRanger on March 5 around Noon EST.

  3. chrfr, Mar 11, 2016
    Last edited: Mar 11, 2016

    chrfr macrumors 604

    Jul 11, 2009
    The Xprotect update which blocked that was released several days ago, even for Mavericks. Do you have the option to install security updates automatically disabled in the App Store system preference?
    Ok, so after digging into the Xprotect file that was most recently released, you're right that KeRanger isn't listed in that file. Curious. There are 2 other malware signatures in the file for 10.11 that aren't in the 10.9.5 version.
  4. Mac2013orlater thread starter macrumors member

    Feb 2, 2014
    Breaking News: KeRanger update of XProtect was conducted by OS X today, according to System Information > Software > Installations
    and the Terminal:
    Last login: Sun Mar 13 20:38:55 on console
    ma1:~ user22$ cat /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist | grep KeRanger
    ma1:~ user22$
    To be honest I doubt this update will help if KeRanger folks will hack some other software download server. Then the game restarts from beginning.

    To be honest at time of opening this thread "install security updates automatically" was disabled.
    This to avoid automatic pulling problems built-in in Fixes by Apple.
    Short time after this thread was open the setting was set to enabled, this way it stays till now.
    However I seriously consider going back to disabled due to experiences like that one with latest ethernet card driver update which caused heavy problems on users side.

Share This Page