Help

CodeSignSummary.md appearing in Applications

bootrec
New Contributor III

Posted on ‎03-15-2023 01:28 PM

I'm seeing a CodeSignSummary-xxxxxxxxx-xxxx-xxxx-xxxxxxxxx.md appearing in Applications on my computers. File content shows something about wdav-upgrade.zip, which has to do with Defender. Any idea why this file is getting generated?

Screenshot 2023-03-15 at 14.12.49.png

10 REPLIES 10

Corey_Nechkash
New Contributor III

Posted on ‎03-16-2023 10:35 AM

I can confirm that I've been seeing this as well. It does look to be associated with Defender (as noted by the wdav-upgrade.zip file). The file doesn't exist on the machine until Defender is installed then it does its first update and this file shows up.

bootrec
New Contributor III
In response to Corey_Nechkash

Posted on ‎03-16-2023 10:47 AM

The thing is, we've been using Defender for a long time, this file just started popping up a month or so ago. 

Corey_Nechkash
New Contributor III
In response to bootrec

Posted on ‎03-16-2023 10:56 AM

Same here. I thought it was only happening on Ventura machines but I've confirmed its happening on the Monterey machines now as well. 

dvasquez
Valued Contributor
In response to Corey_Nechkash

Posted on ‎03-18-2023 06:34 AM

If you can access the end-point manager tenant console create an MS support case and see what they say. Also from the security portal, you can send MS support requests. Others will want to know what is happening in this case. Anyway, thank you!

0 Kudos

Jay_007
Contributor

4 weeks ago

Was there any new info on this? It's still happening.

0 Kudos

GraemeU
New Contributor II

3 weeks ago

Same here on our devices, have been testing Defender for several months and this has only recently started happening, not sure around which release though!

0 Kudos

jwojda
Valued Contributor II

2 weeks ago

I've got a few of these on my device too, going back to Feb 3rd.  Just opened a ticket with MS about it.  I'm sure it's a feature or something.

 

0 Kudos

GraemeU
New Contributor II

2 weeks ago

Update: Microsoft are aware and have a fix for this. You can get it now via the insider fast ring, assume it will be added to the next release for current channel

Jay_007
Contributor
In response to GraemeU

2 weeks ago

Nice! My temporary fix is to just hide the file from users lol (sudo chflags -h hidden "$file")

0 Kudos

joshuaaclark
New Contributor III

2 weeks ago

Here is a script to hide them:

#!/bin/sh

if [ "$(id -u)" != "0" ]; then
        echo "Error: This script must be run as root" 1>&2
        exit 1
fi

## CAPTURE THE CODESIGNSUMMARY FILES
CODESIGNFILES=$(ls /Applications | grep CodeSignSummary)

## PARSE AND WORK WITH THE CAPTURE
OIFS=$IFS               # CAPTURE OLD SYSTEM DELIMITER
IFS=$'\n'               # IN FIELD DELIMITER IS SET TO CARRIAGE RETURN

for FILE in ${CODESIGNFILES};
do
        echo "--- Hiding ${FILE}"
        chflags hidden "/Applications/${FILE}"
done

IFS=$OIFS               # RETURN SYSTEM DELIMITER TO OLD
0 Kudos