Alfred App Google Drive Workflow False Positive

[ChrisSpiegl]

Hello, I think I found a falls Positive with the Alfred Workflow for Google Drive.

I am on macOS and the export of the scan report seems like it's not available to me.

Here is the discussion on the GitHub page of the Alfred Workflow

Here are screenshots showing my findings.

 

[treed]

Running an AppleScript directly from within a launch agent plist via osascript -e is something that is done by malware and is considered suspicious behavior.

A couple recommendations:

• Change the launch agent to remove the osascript call, by pointing it at some kind of executable file. (See suggestion below.)
• Set an exclusion in Malwarebytes for ~/Library/Launchagents/com.alfredapp.googledrive.plist

Note that you can make a directly executable AppleScript file by simply putting the AppleScript into a text file, and using the AppleScript shebang on the first line:

#!/usr/bin/osascript

Then, you just make sure it has execute permissions (chmod +x) and it will be directly executable, so you could replace the ProgramArguments with just the path to that executable file. You can further secure it by making sure root permissions are needed to modify that executable file, while leaving it open to being read by any user.

[ChrisSpiegl]

Thank you, I will let the developer of the Alfred Workflow know about the possibility to change this behaviour.

I appreciate the quick response 🌸.

[treed]

No problem, I hope this helps!