Remove Riskware:Osx/Installcore

I'm running MacOS Sierra with F-Secure Safe 2017_08_12_02 database.  My F-Secure detected today at 8/11 at 5:53am when I logged into my computer, and showed a file modification time of 8/10/17 at 12:53pm (which I wasn't even home on my computer at that time).

 

I completed a scan of the system which reported no infections.  I do not know what this is and where is it installed?  the file name is:  /volumes/com.dropbox-Y3C....etc.  I do have Dropbox installed on my system, but don't think it has anything to do with that program, unless I'm missing something.

 

Any help is appreciated.  I work in a securty environment and have had any issues reported from F-Secure on my Mac systems.

Best Answer

  • Brian_DBrian_D Posts: 2
    Accepted Answer

    Thank you for the reply.  I looked at the screen shot I had saved of what portion I could view, and it appears it was the same thing you reported.

     

    Ukko

Comments

  • jcresjcres Posts: 2

    Same here. The issue is that I cannot even see what the exact file is due to long filename. Is there a log file available what I can open to see what the file is? 

  • UkkoUkko Posts: 2,968 Superuser

    Hello,

     

    I'm also only F-Secure user (their Home Solutions);

    Based on their detection-count - today quite a lot of detections for:

     

    - Riskware: Osx/Installcore.16803f37cd!Online  (on current time ?! -- more than thousands hits);

     

     And more sounds as false-positive (?!) and maybe already fixed;

     

    But if not and this is valid detection -> strange that so small information about such event.

    Also if your experience about "!Online" (as with this example) -> detection most likely comes from Security Cloud (as cloud-detection and also can be valid for both of meanings: false positive or indeed riskware-detected as "Installcore"-trouble-variation);

     

    Maybe you able to contact F-Secure Support Channels directly and ask them about situation:

    https://www.f-secure.com/en/web/home_global/contact-support

     


    @jcres wrote:

    Same here. The issue is that I cannot even see what the exact file is due to long filename. Is there a log file available what I can open to see what the file is? 


     Sorry for my ask -> I'm not friendly with Mac-platform, but does it possible that when you "target" string it comes with tooltip about full-view (?!); But most likely you tried it.

     

    Thanks!

  • jcresjcres Posts: 2

    Well this is funny, now the infection report is empty and I cannot see if the tooltip works. I do not remember if hovered mouse on top of the file name for a while. I tried right click etc.

     

     

    Ukko
  • LakshLaksh Posts: 4,430 Community Manager

    Hi jcres and Brian_D,

     

    Thank you for writing to us. I checked with the labs and there was a false positive detection for the following detection names:
    Riskware: Osx/Installcore.16803f37cd!Online
    Riskware: Osx/Installcore.9300b08755!Online

    However, the labs has already fixed this and it is marked as clean. Please check if this is the detection name you saw, and if yes, this has been fixed now.

    Ukko
This discussion has been closed.