Jump to content

McAfee Endpoint Security detects Skitch downloaded from AppStore as Potentially Unwanted Program (pua)

yevhenii.yatsenko

Recommended Posts

yevhenii.yatsenko

yevhenii.yatsenko 0

Posted
Posted

Hi All,

I don't know if it's correct place for report this issue but I didn't find any better.

Today I have faced with issue that when I'm installing Skitch from AppStore, McAfee detects it as Potentially Unwanted Program (pua) and cleaning it.

But when I'm installing Skitch from Evernote web-site it's installing correctly.

The log from McAfee ePO server:
 

Threat Target File Path: /Library/InstallerSandboxes/.PKInstallSandboxManager/5B2B0BD3-16AE-43DA-8036-1982D5012F84.activeSandbox/Root/Applications//Skitch.app/Contents/Frameworks/EDAM.framework/Versions/A/EDAM
Event Category: Malware
Event ID: 1025
Threat Severity: Information
Threat Name: PUP - Events
Threat Type: Potentially Unwanted Program (pua)
Action Taken: Cleaned
Threat Handled: True
Analyzer Detection Method: On-Access Scan

 

Module Name: Threat Prevention
Analyzer Content Creation Date: 11/9/20 2:00:00 AM EET
Threat Detected On Creation: No
Target Hash: a54c9ec7dd0ced952b19fc212b0bfdb9
Target Name: EDAM
Target Path: /Library/InstallerSandboxes/.PKInstallSandboxManager/5B2B0BD3-16AE-43DA-8036-1982D5012F84.activeSandbox/Root/Applications//Skitch.app/Contents/Frameworks/EDAM.framework/Versions/A/
Target File Size (Bytes): 2379552
Target Modify Time: 6/30/20 9:24:37 PM EEST
Target Access Time: 6/30/20 9:24:37 PM EEST
Target Create Time: 6/30/20 9:24:37 PM EEST
Cleanable: Yes

 

From other machine:

Endpoint Security 
Module Name: Threat Prevention
Analyzer Content Creation Date: 11/9/20 2:00:00 AM EET
Threat Detected On Creation: No
Target Hash: a54c9ec7dd0ced952b19fc212b0bfdb9
Target Name: EDAM
Target Path: /Applications/Skitch.app/Contents/Frameworks/EDAM.framework/Versions/A/
Target File Size (Bytes): 2379552
Target Modify Time: 6/30/20 9:24:37 PM EEST
Target Access Time: 11/10/20 11:15:14 AM EET
Target Create Time: 6/30/20 9:24:37 PM EEST
Cleanable: Yes

 

If you now why its triggering as malware, please fix it.

I will try to whitelist it on my machines.

Link to comment
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...