Jump to content
downtime

false positive: qemu on Mac

Recommended Posts

The "before you post" directions do not address the Macintosh product, at all.  I am unable to export a scan report.

The free Mac product is detecting qemu as malware ... unsure how you might do this the right way to detect a rogue installation of qemu, but the ones I built and put in /usr/local/bin ... not malware.

1360648364_ScreenShot2020-03-12at12_10_37PM.thumb.png.5a5943472cbaa3b21220c4967e0ff468.png

Share this post


Link to post
Share on other sites

Sorry about that, try running a scan again now and let me know if the problem is fixed.

Share this post


Link to post
Share on other sites

No apology necessary, sir!

I see there's a threat update available, but pressing the "update now" button isn't doing anything ... scanning again is producing the same results.

580822790_ScreenShot2020-03-12at3_17_59PM.thumb.png.435ca2cf30aad3c96bbac85a36ea8ef0.png

Possibly worth noting: similar binaries, also locally compiled, would be found under /opt/local, from MacPorts ... but these didn't get detected.  Curious why.

Share this post


Link to post
Share on other sites

That screen should not normally show up, unless you've disabled automatic checks for protection updates and haven't done a scan in a while, or unless the connection with our server is not working so it's unable to download those updates. I suspect the latter is the problem, since you just ran a scan, which should have updated the rules regardless of the state of the settings.

Do you use something like Little Snitch, or any other kind of outgoing firewall? If so, you'll need to make sure to allow our processes to communicate with our servers. See the firewall access requirements in this document:

https://support.malwarebytes.com/hc/en-us/articles/360038479274

As soon as the software is able to connect to the server, it should be able to download the new rules and the problem should be fixed.

Share this post


Link to post
Share on other sites

Please accept my apology for not checking; I am indeed running Little Snitch, did not think to check it ... and thought I'd green-lit it to phone home, but discovered I was wrong when I looked.  Thanks very much!

I now have a clean scan.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.