Help

App Packager is being flagged as Eleanor malware

AVmcclint
Honored Contributor

Posted on ‎07-13-2016 10:22 AM

@mm2270 Today our McAfee ePO software began flagging App Packager as the OSX/Backdoor.Eleanor malware. I tried to download it again from your github page but McAfee is insistent that it is malware.

I'm not sure that there's much you can do on your end, but I wanted to let you know.
4b2fcc3d2fc243f0a7911c8420412e91

0 Kudos
Reply
9 REPLIES 9

mm2270
Legendary Contributor III

Posted on ‎07-13-2016 10:31 AM

@AVmcclint Thanks. It might because its seeing it was created by Platypus, which I think was the app creation tool that was used to make the Eleanor malware. I'm not sure if there's going to be a good workaround for that if McAfee is simply flagging anything made with Platypus as being malware. I hope that's not the case, since that would be pretty stupid.

We're using McAfee here so I can do some testing to see if I get the same problem.

Thanks for the heads up though. I was concerned something like this could happen when I heard the malware writer used Platypus to create it. :(

0 Kudos
Reply

AVmcclint
Honored Contributor

Posted on ‎07-13-2016 10:40 AM

I agree with your assessment. It would be a huge tragedy if McAfee and other antivirus makers were using a blanket description of everything built with Platypus to flag as malware.

I think it may only be certain types of Platypus projects that are affected. The first Platypus project I ever made was just a menubar widget to display the uptime of the computer. After discovering App Packager was flagged and suspecting platypus, I launched, quit and relaunched my menubar widget to see if it ever triggered any alerts and it did not.

I wonder if the Platypus guys are aware of this.

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎07-13-2016 10:48 AM

I'm sure the dev heard the news, but whether anything specific can be done, I don't know.

Oddly, I have several Platypus made apps on my Mac, not just App Packager. There's also Self Service Icon Maker. My copy of App Packager was also flagged by McAfee. Self Service Icon Maker was not.

I just pulled up the original project in Platypus and rebuilt it and its running fine with no warnings. Weird! The one I had on my Mac that was flagged was the one I originally made in Platypus, not one I downloaded, so something pretty strange is going on. I need to do more investigation.

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎07-14-2016 02:41 PM

I think Adobe uses (or used?) Platypus for some of their AAMEE/CCP tools?

--
https://donmontalvo.com
0 Kudos
Reply

gachowski
Valued Contributor II

Posted on ‎07-14-2016 05:20 PM

Any chance we can get a confirmation on Adobe using Platypus? I am using this an example of why we shouldn't be using AV on the Mac

C

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎07-14-2016 10:56 PM

Mentioned here

--
https://donmontalvo.com
0 Kudos
Reply

AVmcclint
Honored Contributor

Posted on ‎07-15-2016 04:21 AM

I submitted App Packager to McAFee as a false positive via instructions in this link https://kc.mcafee.com/corporate/index?page=content&id=KB85567 but I haven't heard anything from them yet. Maybe more people submitting it will let them know that they need to do something to fix their definitions.

0 Kudos
Reply

gachowski
Valued Contributor II

Posted on ‎07-18-2016 08:58 AM

@donmontalvo Thank you very much : ): )

C

0 Kudos
Reply

Kaltsas
Contributor III

Posted on ‎07-19-2016 06:03 AM

Submitted as a False Positive, thanks for the heads up @AVmcclint

0 Kudos
Reply