BOTNET DETECTION

SAV Mac HE is not a firewall, so it's not going to detect and block rogue apps communicating with a botnet.

However, it does detect the majority of botnet executables, as well as their installers.  It even detects botnet executables for other platforms.

To protect against botnets, you need AV, an egress firewall (stops things from going out as well as from coming in), and up-to-date (patched) software.

Thankfully, OS X takes care of most of the other issues by design.

Personally, I run Little Snitch alongside SAV Mac HE and the built-in OS X firewall (and my router's firewall).  This combination works quite well.

Thanks Andrew for replying.

The reason I asked was that I heard that machines may be part of a BOTNET without their owners knowledge.

A SOPHOS scan highlighted the following:

• Mal/JavaHeL-H

• Mal/JavaKP-G

• Mal/JavaKP-H

I wonder if these are WINDOWS oriented and can't cause harm on a MAC ?

Quarantine Manager shows clean up manually, - why can't SOPHOS remove them automatically ?

Those are all Java-based infections, and so *could* apply to OS X, but these don't.

Mal/JavaHeL0H detects a crimepack for Windows XP/IE

Mal/JavaKP-G detects a java-based downloader (downloads Windows malware)

Mal/JavaKP-H works with the other two to make all the magic happen.

So what you've got is likely a Windows-targeted drive-by download in your JavaWebCache.

If I understand correctly, it is "clean up manually" because it's attempting to clean up cache files that you don't have direct access to as a regular user -- so you need to custom scan and clean up instead.

In SAV, "Clean up manually" doesn't mean you have to go and remove the files yourself; it just means the software won't do everything for you without some user interaction.  "Clean up manually" is language from the Enterprise version where a system admin does most of the work automatically from a management console and doesn't touch the endpoints himself.