Mac Client 5.2.5 - Sept 2nd - Geneio and VSearch warnings are to be expected

watchmanmonitor · September 1, 2014, 11:50pm

Features

Malware Reporting has been expanded to include Genieo and VSearch

Changes

Battery and health information improvements,
Lowered time after reboot before the next report was sent.
Previously the agent would wait up to 10 minutes before reporting after a reboot. v5.2.5 will test every few moments to see if the network stack is up and then report.
Time Machine reporting is skipped in the first hour after a reboot, as a means to cut down on false positives.

Malware has come to the mac. Currently, if you search for Adobe Flash Player, the first result is often as sponsored ad which offers a Very Convincing adobe-looking website where your end-user can download “Installer.” Once installed, this bad boy will throw up ads after a while, and generally be the kind of thing you might want to help remove.

The question becomes - is Watchman Monitoring anti-malware? Well, yes and no. We only run hourly, so we’re not going to warn immediately, but that’s Ok. Watchman Monitoring may not catch everything, so you may want to look in to a more formal product such as ClamAV, AVG, Sophos, etc. (But which of those is problem free… sigh)

Take a look in our Github Repo to read about what we do catch:

If you have any additions please Open an Issue, or create a pull request directly.

Published at: https://www.watchmanmonitoring.com/monitoring-client-5-2-5-expanded-malware-detection-faster-reporting/

watchmanmonitor · September 2, 2014, 1:03am

For the tl;dr crowd - Once client 5.2.5 drops, please expect many warnings, as we suspect ~5% of users have installed this Ad-ware.

jasonatmacaid · September 2, 2014, 8:23am

Are you going to add MacKeeper to the list of Malware

watchmanmonitor · September 2, 2014, 3:16pm

It’s not a bad idea, but it’s not cut and dry for that particular piece of software.

The acid test is: Will reaching out to your end user and removing the software absolutely be a benefit? In the case of Geneio, yes, they’ll be glad to get rid of the popups.

In the case of MacKeeper, if your end user has paid for it, but your only means of stopping our reports is to remove it, I can see where this may be a conflict.

The best solution is to report, but not send an alert, for some pieces of software which fall in the grey zone. We’ll be considering this in a coming version of the client, and feedback is welcome.

justinesgar · September 3, 2014, 1:53pm

But we all know MacKeeper is bad…even if the client paid for it, doesn’t mean we shouldn’t be aware. It’s a runaway that needs to be caught, hung and destroyed.

Ryan_Grimes · September 3, 2014, 5:27pm

This will remove Geneio: