3

I need to launch an app but OSX recognise it as a malware.

While launching this app, OSX says "app will damage this computer. You should eject this disk image. It contain OSX.GenieoDropper.A".

Normally, to bypass this alert, the method was to right-click the icon and select open when pushing alt, but neither this seems working, so how can I bypass this alert?

Matte.Car
  • 1,466
  • 5
  • 17
  • 36
  • 1
    How certain are you that it's a false positive? – Tetsujin Feb 08 '16 at 10:59
  • I have old "similar app" which I've already used correctly and now are locked too, so seems Apple decided to lock all the category. – Matte.Car Feb 08 '16 at 11:03
  • And app is locked because of OSX.GenieoDropper.A , which is a common component of a "particular kind of apps" which, compressively, Apple should hate... – Matte.Car Feb 08 '16 at 11:07
  • 1
    Which applications are being blocked by this? – Alistair McMillan Feb 08 '16 at 15:04
  • @AlistairMcMillan mainly hacks and keygens. – AlessioX Feb 10 '16 at 14:12
  • 1
    Given that keygens are notorious for being infected with malware are you certain this is a false positive by Apple? Have you tried scanning it with another tool that checks for malware? Or submitting to http://virustotal.com to get a consensus opinion? – Alistair McMillan Feb 10 '16 at 14:37
  • I didn't knew about virustotal.com; I tried it and it gave me a 0/53, so my file should be clean and this issue is all only about Apple, right? – Matte.Car Feb 10 '16 at 15:31

4 Answers4

1

Sorted: type in the terminal

xattr -d com.apple.quarantine

leave a space after "quarantine" and then drag & drop the .app file.

Then press Return...et voila'!

The -cr flag is for operating systems before (and including) Mavericks. For newer operating systems (Yosemite & El Capitan) you must specify the flag -d along with the attribute (com.apple.quarantine) you wish to remove.

AlessioX
  • 1,304
0

You will probably have to contend with Gatekeeper, XProtect and SIP to get around the protection with which OS X is confronting you.

  1. Right click and open in finder just white lists an app in Gatekeeper - in this case, you tried that and we can rule that out.

  2. Xprotect is the name of the file Apple updates to black list known bad software and insecure versions of plug-in like flash, java and so forth.

  3. If you find you cannot edit the XProtect files (even as root or using sudo) - you'll need to disable SIP.

I would discourage you from disabling all three of these protections and instead rip out the offending libraries from the app in question or get it updated from the vendor/source.

That being said - have at learning and removing the protections one by one and maybe check your backups if you aren't doing this on a throw-away OS or virtual machine that you know won't cause you to lose actual work or personal data to the likely malware.

Community
  • 1
bmike
  • 235,889
  • In XProtect I've found a "com.genie.safari", but it's an Extension. Do you think that removing this item from extensions array will solve my issue? – Matte.Car Feb 08 '16 at 20:00
-1

running

xattr -cr

will do the job

this will remove the extended file attributes (for each file from .app) and allow it to run

apple doc set for xattr: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/xattr.1.html

Radu Ursache
  • 101
-3

run xattr -cr <your.app>

read this somewhere
  • 1
  • We're looking for long answers that provide some explanation and context. Don't just give a one-line answer; explain why your answer is right, ideally with citations. Answers that don't include explanations may be removed. – Tetsujin Feb 08 '16 at 17:04
  • "option -c not recognized" – AlessioX Feb 10 '16 at 13:36