Help

CodeSignSummary.md appearing in Applications

bootrec
Contributor

Posted on ‎03-15-2023 01:28 PM

I'm seeing a CodeSignSummary-xxxxxxxxx-xxxx-xxxx-xxxxxxxxx.md appearing in Applications on my computers. File content shows something about wdav-upgrade.zip, which has to do with Defender. Any idea why this file is getting generated?

Screenshot 2023-03-15 at 14.12.49.png

Reply
10 REPLIES 10

Corey_Nechkash
New Contributor III

Posted on ‎03-16-2023 10:35 AM

I can confirm that I've been seeing this as well. It does look to be associated with Defender (as noted by the wdav-upgrade.zip file). The file doesn't exist on the machine until Defender is installed then it does its first update and this file shows up.

Reply

bootrec
Contributor
In response to Corey_Nechkash

Posted on ‎03-16-2023 10:47 AM

The thing is, we've been using Defender for a long time, this file just started popping up a month or so ago. 

Reply

Corey_Nechkash
New Contributor III
In response to bootrec

Posted on ‎03-16-2023 10:56 AM

Same here. I thought it was only happening on Ventura machines but I've confirmed its happening on the Monterey machines now as well. 

Reply

dvasquez
Valued Contributor
In response to Corey_Nechkash

Posted on ‎03-18-2023 06:34 AM

If you can access the end-point manager tenant console create an MS support case and see what they say. Also from the security portal, you can send MS support requests. Others will want to know what is happening in this case. Anyway, thank you!

0 Kudos
Reply

Jay_007
Contributor

Posted on ‎05-09-2023 02:37 PM

Was there any new info on this? It's still happening.

0 Kudos
Reply

GraemeU
New Contributor III

Posted on ‎05-18-2023 08:54 AM

Same here on our devices, have been testing Defender for several months and this has only recently started happening, not sure around which release though!

0 Kudos
Reply

ImAMacGuy
Valued Contributor II

Posted on ‎05-19-2023 11:11 AM

I've got a few of these on my device too, going back to Feb 3rd.  Just opened a ticket with MS about it.  I'm sure it's a feature or something.

 

0 Kudos
Reply

GraemeU
New Contributor III

Posted on ‎05-20-2023 12:11 AM

Update: Microsoft are aware and have a fix for this. You can get it now via the insider fast ring, assume it will be added to the next release for current channel

Reply

Jay_007
Contributor
In response to GraemeU

Posted on ‎05-22-2023 08:33 PM

Nice! My temporary fix is to just hide the file from users lol (sudo chflags -h hidden "$file")

0 Kudos
Reply

joshuaaclark
Contributor

Posted on ‎05-25-2023 11:36 AM

Here is a script to hide them:

#!/bin/sh

if [ "$(id -u)" != "0" ]; then
        echo "Error: This script must be run as root" 1>&2
        exit 1
fi

## CAPTURE THE CODESIGNSUMMARY FILES
CODESIGNFILES=$(ls /Applications | grep CodeSignSummary)

## PARSE AND WORK WITH THE CAPTURE
OIFS=$IFS               # CAPTURE OLD SYSTEM DELIMITER
IFS=$'\n'               # IN FIELD DELIMITER IS SET TO CARRIAGE RETURN

for FILE in ${CODESIGNFILES};
do
        echo "--- Hiding ${FILE}"
        chflags hidden "/Applications/${FILE}"
done

IFS=$OIFS               # RETURN SYSTEM DELIMITER TO OLD
0 Kudos
Reply