Remove Riskware:Osx/Installcore

Scholar

Remove Riskware:Osx/Installcore

I'm running MacOS Sierra with F-Secure Safe 2017_08_12_02 database.  My F-Secure detected today at 8/11 at 5:53am when I logged into my computer, and showed a file modification time of 8/10/17 at 12:53pm (which I wasn't even home on my computer at that time).

 

I completed a scan of the system which reported no infections.  I do not know what this is and where is it installed?  the file name is:  /volumes/com.dropbox-Y3C....etc.  I do have Dropbox installed on my system, but don't think it has anything to do with that program, unless I'm missing something.

 

Any help is appreciated.  I work in a securty environment and have had any issues reported from F-Secure on my Mac systems.

1 ACCEPTED SOLUTION

Accepted Solutions
Scholar

Re: Remove Riskware:Osx/Installcore

Thank you for the reply.  I looked at the screen shot I had saved of what portion I could view, and it appears it was the same thing you reported.

 

View solution in original post

5 REPLIES 5
Scholar

Re: Remove Riskware:Osx/Installcore

Same here. The issue is that I cannot even see what the exact file is due to long filename. Is there a log file available what I can open to see what the file is? 

Superuser

Re: Remove Riskware:Osx/Installcore

Hello,

 

I'm also only F-Secure user (their Home Solutions);

Based on their detection-count - today quite a lot of detections for:

 

- Riskware: Osx/Installcore.16803f37cd!Online  (on current time ?! -- more than thousands hits);

 

 And more sounds as false-positive (?!) and maybe already fixed;

 

But if not and this is valid detection -> strange that so small information about such event.

Also if your experience about "!Online" (as with this example) -> detection most likely comes from Security Cloud (as cloud-detection and also can be valid for both of meanings: false positive or indeed riskware-detected as "Installcore"-trouble-variation);

 

Maybe you able to contact F-Secure Support Channels directly and ask them about situation:

https://www.f-secure.com/en/web/home_global/contact-support

 


@jcres wrote:

Same here. The issue is that I cannot even see what the exact file is due to long filename. Is there a log file available what I can open to see what the file is? 


 Sorry for my ask -> I'm not friendly with Mac-platform, but does it possible that when you "target" string it comes with tooltip about full-view (?!); But most likely you tried it.

 

Thanks!

Scholar

Re: Remove Riskware:Osx/Installcore

Well this is funny, now the infection report is empty and I cannot see if the tooltip works. I do not remember if hovered mouse on top of the file name for a while. I tried right click etc.

 

 

Community Manager

Re: Remove Riskware:Osx/Installcore

Hi jcres and Brian_D,

 

Thank you for writing to us. I checked with the labs and there was a false positive detection for the following detection names:
Riskware: Osx/Installcore.16803f37cd!Online
Riskware: Osx/Installcore.9300b08755!Online

However, the labs has already fixed this and it is marked as clean. Please check if this is the detection name you saw, and if yes, this has been fixed now.

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Scholar

Re: Remove Riskware:Osx/Installcore

Thank you for the reply.  I looked at the screen shot I had saved of what portion I could view, and it appears it was the same thing you reported.

 

View solution in original post