Jump to content

Recommended Posts

On macOS, an /Applications/MacUpdater directory will trigger an Adware.Crossrider detection. Note I really do mean the directory. As in, making an empty folder named MacUpdater inside /Applications is enough. This is a false positive—an emtpy directory cannot be harmful. Note MacUpdater is the name of a real (and safe) app.

My appologies for not providing a log. I read your instructions but have neither “Download” nor “Export” available. Perhaps because I’m on the trial?

This was tested on a clean macOS 11.2.1 Virtual Machine, using Malwarebytes 4.13.5.

Link to post
Share on other sites

Hello @CoreCodeLtd and :welcome:

Like many others, I am familiar with the MacUpdater app as I have, and regularly use, a registered Pro Edition (v2.0.4.11700).

I created a /Applications/Empty folder on my MBP11,3 running macOS Big Sur 11.6 with Malwarebytes for Mac 4.13.5.4414

Unfortunately those above troubleshooting instructions you tried are for the Windows® editions. A Mac appropriate procedure is available, but let's try another step first.

I can not yet duplicate the issue you experienced. Could you now please try a macOS system restart and run a demand scan and reply with the system's status.

Although quite obscure, can you detect any Advanced Mac Cleaner or seemingly Adobe Flash Player related presences?

Thank you.

Edited by 1PW
Link to post
Share on other sites

Quote

Like many others, I am familiar with the MacUpdater app as I have, and regularly use, a registered Pro Edition (v2.0.4.11700).

happy to hear that!

 

 

Quote

I created a /Applications/Empty folder on my MBP11,3 running macOS Big Sur 11.6 with Malwarebytes for Mac 4.13.5.4414

well. this won't work. you need to create a folder named 'MacUpdater' (and not 'Empty') in your Applications folder to trigger this false positive 'adware detection'

Link to post
Share on other sites

This looks like it's from an old rule from back in 2016. It should be fixed now.

I suspect it got moved from the False Positive (FP) forum because it's Mac-related, and Mac FP reports are very rare in the FP forum, so whoever moved it wanted to be sure it was seen by the right folks.

Link to post
Share on other sites

7 hours ago, CoreCodeLtd said:

i am not sure why this topic was moved. we've posted in the "False Positive" thread on purpose because this is clearly a false positive detection and something that we'd like to see fixed ASAP as it affects our customers.

I placed a request the topic be moved as Thomas has the most Mac DTBS knowledge and immediate control.

HTH

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.