what is aesbx.dylib

söde
söde Posts: 1 New Member
edited June 2 in F-Secure SAFE

Anything to worry about?

Accepted Answer

  • Firmy
    Firmy Posts: 299 Moderator
    Answer ✓

    Hi @söde @Roronoa_Zoro

    After our R&D checking on this matter, it seems it is a macOS bug and it was fixed in 12.4.

    Hence, we recommend all the users upgrade to the latest macOS version (also due to the security vulnerabilities).

    Thank you.

Answers

  • Firmy
    Firmy Posts: 299 Moderator

    Hi @söde

    Welcome to our Community page. Thank you for your post. 

    I am sorry for late reply. 

    Could you provide us more details on aesbx. dylib? Perhaps a screenshot or a submission for F-Secure lab to analyze of the detection.

    Looking forward for your reply.

    Thank you and stay safe.

    Jaims
  • Roronoa_Zoro
    Roronoa_Zoro Posts: 2 New Member

    I get a similar experience on my MacBook seems like its a core file from f-secure's capricorn signature engine.

    You can find it using:

    sudo find / -name aesbx.dylib 2>&1 | grep -v "Operation not permitted"

    ---- results on my machine

    /System/Volumes/Data/Library/F-Secure/guts2-datadir/capricorn-macos-2/1653629011/aesbx.dylib

    /System/Volumes/Data/Library/F-Secure/fssp/var/databases/capricorn-macos.1653629011/aesbx.dylib

    However there seems to be a bug as the FileVault never manages to complete verification of the file


    @Firmy can you confirm that this file should not be harmful?

  • Firmy
    Firmy Posts: 299 Moderator

    Hi @Roronoa_Zoro

    We have checked with our team. From a quick look, the file is part of the Engine Module and it should be clean.

    On the other hand, in regards to your question that there seems to be a bug, we would recommend you submit a part of aesbx.dylib to our lab for investigation. Our team will look more into this matter.

    1. You can submit the file to our labs for further investigation. To submit a sample file, go to the following page: https://www.withsecure.com/en/support/contact-support/submit-a-sample
    2. Select the File Sample tab.
    3. Click Choose File, and attach your sample file.
      • Tick the box I want to give more details about this sample and to be notified of the analysis results if you want to receive feedback from F-Secure Labs on the submitted file.
      • Note: Subject and description should be written in English.
    4. Verify that you are not a robot with reCAPTCHA.
    5. Click Submit sample file.

    The sample submission is analyzed by our analysts and the databases will be updated if necessary.

    Thank you and stay safe.

    JaimsAmirul
  • Firmy
    Firmy Posts: 299 Moderator

    Hi @Roronoa_Zoro

    We have an ongoing investigation in regards to this issue.

    We really appreciate if you could provide us the FSDIAG for this investigation.

    I will send you a private message. You may attach and send the FSDIAG to me.

    Follow the steps below to generate a FSDIAG report.

    1. Click the Finder icon.
    2. Click Applications.
    3. Double-click F-Secure.
    4. Double-click Support Tool.
    5. Click OK. The tool starts gathering information. It creates the output file on your desktop. The name of the diagnostic file is fsdiag.tar.gz. Note that the size of the file is usually less than 10 MB but, with corporate users, the file size may be as large as 100 MB.
    6. Once you have been contacted by our customer support via email, attach the FSDIAG file to your email response.


    If the built-in fsdiag fails kindly try the stand alone Support Tool (FSDIAG) for Mac .

    1. Download and save the following file to your Mac: https://www.f-secure.com/en/web/business_global/support/support-tools
    2. Double click and run the Support Tool.zip file.
    3. The tool starts to gather information. It will create the output file on your desktop.
    4. Attach the file to your e-mail reply.

    Thank you and stay safe.

    Roronoa_ZoroJaimsAmirul
  • Roronoa_Zoro
    Roronoa_Zoro Posts: 2 New Member

    Thanks for reaching out @Firmy I have send you the file now ☺️

  • Firmy
    Firmy Posts: 299 Moderator

    Hi @Roronoa_Zoro

    Thank you for your cooperation.

    We will look into the FSDIAG and keep you updated.

    Thank you and stay safe.

    Jaims
Pricing & Product Info