Jamf Nation Community

irod87 · ‎07-13-2016

Does anyone know what I need to put in restricted softwares to prevent the 2 new macOS malwares from running?

OSX.Backdoor.Eleanor

OSX.Keydnap

Lhsachs · ‎07-13-2016

Below is a screen shot of the restriction I put in

emily · ‎07-14-2016

You might also consider deploying and running Malwarebytes or having SavingThrow set up as a rolling policy.

CapU · ‎07-14-2016

According to the licensing of Malwarebytes, you can't run the free version unless you are a Student or a home user. You can't set up Malwarebytes to run automagically or un attended.

gachowski · ‎07-14-2016

Are we 100% sure that the process is EasyDoc Converter.app?

I wasn't able to find the app to test myself : )

Thanks

C

jlbrown · ‎07-14-2016

Won't it be blocked by Apple's xProtect? (Although I see the layered defence argument).

mm2270 · ‎07-15-2016

For something like this, if you plan on using Restricted Software, I recommend trying to get the actual executable name and not the app bundle name, and putting that into Restricted Software. Using the app bundle name is not very reliable, because the malware writer or even a person could easily rename it before running it, and your Restricted Software process will miss it since its looking for the bundle name.

cwaldrip · ‎07-15-2016

@CapU Malwarebyes won't scan automatically, but you can still do it using their published malware profiles. Look through this thread...
https://jamfnation.jamfsoftware.com/discussion.html?id=13053

It's not exactly up-to-date, but I can still get it to work. It will at least identify effected machines and you can go from there.

Jamf Nation Community

How to restrict new malwares