Remove Riskware:Osx/Installcore

Brian_D
Brian_D Posts: 2 Observer

I'm running MacOS Sierra with F-Secure Safe 2017_08_12_02 database.  My F-Secure detected today at 8/11 at 5:53am when I logged into my computer, and showed a file modification time of 8/10/17 at 12:53pm (which I wasn't even home on my computer at that time).

 

I completed a scan of the system which reported no infections.  I do not know what this is and where is it installed?  the file name is:  /volumes/com.dropbox-Y3C....etc.  I do have Dropbox installed on my system, but don't think it has anything to do with that program, unless I'm missing something.

 

Any help is appreciated.  I work in a securty environment and have had any issues reported from F-Secure on my Mac systems.

Comments

  • jcres
    jcres Posts: 3 Observer

    Same here. The issue is that I cannot even see what the exact file is due to long filename. Is there a log file available what I can open to see what the file is? 

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    I'm also only F-Secure user (their Home Solutions);

    Based on their detection-count - today quite a lot of detections for:

     

    - Riskware: Osx/Installcore.16803f37cd!Online  (on current time ?! -- more than thousands hits);

     

     And more sounds as false-positive (?!) and maybe already fixed;

     

    But if not and this is valid detection -> strange that so small information about such event.

    Also if your experience about "!Online" (as with this example) -> detection most likely comes from Security Cloud (as cloud-detection and also can be valid for both of meanings: false positive or indeed riskware-detected as "Installcore"-trouble-variation);

     

    Maybe you able to contact F-Secure Support Channels directly and ask them about situation:

    https://www.f-secure.com/en/web/home_global/contact-support

     


    @jcres wrote:

    Same here. The issue is that I cannot even see what the exact file is due to long filename. Is there a log file available what I can open to see what the file is? 


     Sorry for my ask -> I'm not friendly with Mac-platform, but does it possible that when you "target" string it comes with tooltip about full-view (?!); But most likely you tried it.

     

    Thanks!

  • jcres
    jcres Posts: 3 Observer

    Well this is funny, now the infection report is empty and I cannot see if the tooltip works. I do not remember if hovered mouse on top of the file name for a while. I tried right click etc.

     

     

  • Hi jcres and Brian_D,

     

    Thank you for writing to us. I checked with the labs and there was a false positive detection for the following detection names:
    Riskware: Osx/Installcore.16803f37cd!Online
    Riskware: Osx/Installcore.9300b08755!Online

    However, the labs has already fixed this and it is marked as clean. Please check if this is the detection name you saw, and if yes, this has been fixed now.

This discussion has been closed.
Feedback on New Design