CodeSignSummary.md appearing in Applications

bootrec
Contributor

I'm seeing a CodeSignSummary-xxxxxxxxx-xxxx-xxxx-xxxxxxxxx.md appearing in Applications on my computers. File content shows something about wdav-upgrade.zip, which has to do with Defender. Any idea why this file is getting generated?

Screenshot 2023-03-15 at 14.12.49.png

10 REPLIES 10

Corey_Nechkash
New Contributor III

I can confirm that I've been seeing this as well. It does look to be associated with Defender (as noted by the wdav-upgrade.zip file). The file doesn't exist on the machine until Defender is installed then it does its first update and this file shows up.

The thing is, we've been using Defender for a long time, this file just started popping up a month or so ago. 

Same here. I thought it was only happening on Ventura machines but I've confirmed its happening on the Monterey machines now as well. 

If you can access the end-point manager tenant console create an MS support case and see what they say. Also from the security portal, you can send MS support requests. Others will want to know what is happening in this case. Anyway, thank you!

Jay_007
Contributor

Was there any new info on this? It's still happening.

GraemeU
New Contributor III

Same here on our devices, have been testing Defender for several months and this has only recently started happening, not sure around which release though!

jwojda
Valued Contributor II

I've got a few of these on my device too, going back to Feb 3rd.  Just opened a ticket with MS about it.  I'm sure it's a feature or something.

 

GraemeU
New Contributor III

Update: Microsoft are aware and have a fix for this. You can get it now via the insider fast ring, assume it will be added to the next release for current channel

Nice! My temporary fix is to just hide the file from users lol (sudo chflags -h hidden "$file")

joshuaaclark
Contributor

Here is a script to hide them:

#!/bin/sh

if [ "$(id -u)" != "0" ]; then
        echo "Error: This script must be run as root" 1>&2
        exit 1
fi

## CAPTURE THE CODESIGNSUMMARY FILES
CODESIGNFILES=$(ls /Applications | grep CodeSignSummary)

## PARSE AND WORK WITH THE CAPTURE
OIFS=$IFS               # CAPTURE OLD SYSTEM DELIMITER
IFS=$'\n'               # IN FIELD DELIMITER IS SET TO CARRIAGE RETURN

for FILE in ${CODESIGNFILES};
do
        echo "--- Hiding ${FILE}"
        chflags hidden "/Applications/${FILE}"
done

IFS=$OIFS               # RETURN SYSTEM DELIMITER TO OLD