This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

one client: almost 1000 PUA detected - how to automatically delete?

Hello,

beginning yesterday one MAC client managed in Central reported 792 PUA. This is massive mail spam, I can tell!

The problem was, the PUA were not detected at one, they were detected over some time - so the mail flood never stopped. Even today we received mails.

The PUA were all from one app the user once had installed, then deleted: MacKeeper.app

1. I find it some kind of unprofessinal to send so many mails. There must be a way to limit such a flood of notifications. How?

2. Why do you only block PUA? I have not found a way to automatically delete it when detected.

3. I'm unsure, if this really did what it should. I clicked on Clean Up yesterday. Still mails were received all evening.

Medium,"2020-10-30T13:27:39+01:00","PUA detected: 'Generic PUA GP' at '/private/var/root/.Trash/MacKeeper 09-16-19-090.app/Contents/Frameworks/NotificationEngineCommunication.framework/Versions/A/NotificationEngineCommunication'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:38+01:00","PUA detected: 'Generic PUA PB' at '/private/var/root/.Trash/MacKeeper 09-16-19-090.app/Contents/PlugIns/AdwareCleaner.plugin/Contents/MacOS/AdwareCleaner'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:38+01:00","PUA detected: 'Generic PUA FO' at '/private/var/root/.Trash/MacKeeper 09-16-19-090.app/Contents/PlugIns/Shredder.plugin/Contents/MacOS/Shredder'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:37+01:00","PUA detected: 'Generic PUA HB' at '/private/var/root/.Trash/MacKeeper 09-16-48-538.app/Contents/PlugIns/FabricServicesAggregator.plugin/Contents/MacOS/FabricServicesAggregator'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:35+01:00","PUA detected: 'Generic PUA GL' at '/private/var/root/.Trash/MacKeeper 09-34-46-933.app/Contents/PlugIns/LanguageStripper.plugin/Contents/MacOS/LanguageStripper'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:35+01:00","PUA detected: 'Generic PUA IL' at '/private/var/root/.Trash/MacKeeper 07-46-06-248.app/Contents/PlugIns/FilesFinder.plugin/Contents/MacOS/FilesFinder'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:35+01:00","PUA detected: 'Generic PUA DN' at '/private/var/root/.Trash/MacKeeper 09-34-46-933.app/Contents/PlugIns/LogCacheCleaner.plugin/Contents/MacOS/LogCacheCleaner'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:32+01:00","PUA detected: 'Generic PUA IH' at '/private/var/root/.Trash/MacKeeper 07-46-06-248.app/Contents/PlugIns/Support.plugin/Contents/MacOS/Support'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:31+01:00","PUA detected: 'Generic PUA GD' at '/private/var/root/.Trash/MacKeeper 07-46-06-248.app/Contents/Services/MacKeeper Helper.app/Contents/PlugIns/UninstallerAgent.plugin/Contents/Resources/MacKeeperUninstaller.app/Contents/PlugIns/FabricServicesAggregator.plugin/Contents/MacOS/FabricServicesAggregator'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:30+01:00","PUA detected: 'Generic PUA HG' at '/private/var/root/.Trash/MacKeeper 08-27-59-271.app/Contents/Services/MacKeeper Helper.app/Contents/PlugIns/MCTrackerAgent.plugin/Contents/Resources/MCTrackerDaemon.app/Contents/MacOS/MCTrackerDaemon'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:28+01:00","PUA detected: 'Generic PUA MN' at '/private/var/root/.Trash/MacKeeper.app/Contents/Services/MacKeeper Helper.app/Contents/PlugIns/MCTrackerAgent.plugin/Contents/MacOS/MCTrackerAgent'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:25+01:00","PUA detected: 'Generic PUA MG' at '/private/var/root/.Trash/MacKeeper 08-27-06-746.app/Contents/PlugIns/Undeleter.plugin/Contents/Resources/MacKeeper Undelete'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:22+01:00","PUA detected: 'Generic PUA FG' at '/private/var/root/.Trash/MacKeeper 08-27-59-271.app/Contents/Services/MacKeeper Helper.app/Contents/PlugIns/MCTrackerAgent.plugin/Contents/MacOS/MCTrackerAgent'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:21+01:00","PUA detected: 'Generic PUA LN' at '/private/var/root/.Trash/MacKeeper 08-27-59-271.app/Contents/Services/MacKeeper Helper.app/Contents/PlugIns/UninstallerAgent.plugin/Contents/MacOS/UninstallerAgent'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:19+01:00","PUA detected: 'Generic PUA FD' at '/private/var/root/.Trash/MacKeeper 08-27-59-271.app/Contents/Services/MacKeeper Helper.app/Contents/PlugIns/TrialPopupsAgent.plugin/Contents/MacOS/TrialPopupsAgent'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:18+01:00","PUA detected: 'Generic PUA JH' at '/private/var/root/.Trash/MacKeeper 07-46-06-248.app/Contents/PlugIns/DefaultApps.plugin/Contents/MacOS/DefaultApps'",detailsofendpointreplaced
Medium,"2020-10-30T13:27:15+01:00","PUA detected: 'Generic PUA BB' at '/private/var/root/.Trash/MacKeeper 09-34-46-933.app/Contents/Services/MacKeeper Helper.app/Contents/PlugIns/UninstallerAgent.plugin/Contents/Resources/MacKeeperUninstaller.app/Contents/MacOS/MacKeeperUninstaller'",detailsofendpointreplaced

This thread was automatically locked due to age.

0 Sophos User930 over 4 years ago

They are only alert, as they are typically genuine applications, hence Potentially Unwanted Applications - PUA. They raise the question to the admin, do you want this software installed on a computer? You can then authorise it, if you do, otherwise you need to remove it. They typically have installers/uninstallers.

I must say I'm not sure about the Mac for detections but for Windows the file has to be executed rather than "touched". You can also discover them on a scheduled scan.

A file exclusion for the path to the detected item will also prevent detection in the same way as authorising it by name. By name doesn't care as to the location on disk.
Cancel
Vote Up 0 Vote Down

Cancel