Does anyone know what I need to put in restricted softwares to prevent the 2 new macOS malwares from running?
OSX.Backdoor.Eleanor
OSX.Keydnap
Question
How to restrict new malwares
+4
+26You might also consider deploying and running Malwarebytes or having SavingThrow set up as a rolling policy.
+13According to the licensing of Malwarebytes, you can't run the free version unless you are a Student or a home user. You can't set up Malwarebytes to run automagically or un attended.
+16Are we 100% sure that the process is EasyDoc Converter.app?
I wasn't able to find the app to test myself : )
Thanks
C
+24For something like this, if you plan on using Restricted Software, I recommend trying to get the actual executable name and not the app bundle name, and putting that into Restricted Software. Using the app bundle name is not very reliable, because the malware writer or even a person could easily rename it before running it, and your Restricted Software process will miss it since its looking for the bundle name.
@CapU Malwarebyes won't scan automatically, but you can still do it using their published malware profiles. Look through this thread...
https://jamfnation.jamfsoftware.com/discussion.html?id=13053
It's not exactly up-to-date, but I can still get it to work. It will at least identify effected machines and you can go from there.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.