Jump to content

Alfred App Google Drive Workflow False Positive


ChrisSpiegl
 Share

Recommended Posts

  • Staff

Running an AppleScript directly from within a launch agent plist via osascript -e is something that is done by malware and is considered suspicious behavior.

A couple recommendations:

  • Change the launch agent to remove the osascript call, by pointing it at some kind of executable file. (See suggestion below.)
  • Set an exclusion in Malwarebytes for ~/Library/Launchagents/com.alfredapp.googledrive.plist

Note that you can make a directly executable AppleScript file by simply putting the AppleScript into a text file, and using the AppleScript shebang on the first line:

#!/usr/bin/osascript

Then, you just make sure it has execute permissions (chmod +x) and it will be directly executable, so you could replace the ProgramArguments with just the path to that executable file. You can further secure it by making sure root permissions are needed to modify that executable file, while leaving it open to being read by any user.

  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.