Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

App Packager is being flagged as Eleanor malware

@mm2270 Today our McAfee ePO software began flagging App Packager as the OSX/Backdoor.Eleanor malware. I tried to download it again from your github page but McAfee is insistent that it is malware.

I'm not sure that there's much you can do on your end, but I wanted to let you know.

Like Comment
Order by:
SOLVED Posted: by mm2270

@AVmcclint Thanks. It might because its seeing it was created by Platypus, which I think was the app creation tool that was used to make the Eleanor malware. I'm not sure if there's going to be a good workaround for that if McAfee is simply flagging anything made with Platypus as being malware. I hope that's not the case, since that would be pretty stupid.

We're using McAfee here so I can do some testing to see if I get the same problem.

Thanks for the heads up though. I was concerned something like this could happen when I heard the malware writer used Platypus to create it. :(

Like
SOLVED Posted: by AVmcclint

I agree with your assessment. It would be a huge tragedy if McAfee and other antivirus makers were using a blanket description of everything built with Platypus to flag as malware.

I think it may only be certain types of Platypus projects that are affected. The first Platypus project I ever made was just a menubar widget to display the uptime of the computer. After discovering App Packager was flagged and suspecting platypus, I launched, quit and relaunched my menubar widget to see if it ever triggered any alerts and it did not.

I wonder if the Platypus guys are aware of this.

Like
SOLVED Posted: by mm2270

I'm sure the dev heard the news, but whether anything specific can be done, I don't know.

Oddly, I have several Platypus made apps on my Mac, not just App Packager. There's also Self Service Icon Maker. My copy of App Packager was also flagged by McAfee. Self Service Icon Maker was not.

I just pulled up the original project in Platypus and rebuilt it and its running fine with no warnings. Weird! The one I had on my Mac that was flagged was the one I originally made in Platypus, not one I downloaded, so something pretty strange is going on. I need to do more investigation.

Like
SOLVED Posted: by donmontalvo

I think Adobe uses (or used?) Platypus for some of their AAMEE/CCP tools?

Like
SOLVED Posted: by gachowski

Any chance we can get a confirmation on Adobe using Platypus? I am using this an example of why we shouldn't be using AV on the Mac

C

Like
SOLVED Posted: by AVmcclint

I submitted App Packager to McAFee as a false positive via instructions in this link https://kc.mcafee.com/corporate/index?page=content&id=KB85567 but I haven't heard anything from them yet. Maybe more people submitting it will let them know that they need to do something to fix their definitions.

Like
SOLVED Posted: by gachowski

@donmontalvo Thank you very much : ): )

C

Like
SOLVED Posted: by Kaltsas

Submitted as a False Positive, thanks for the heads up @AVmcclint

Like

Jamf would like feedback on User Enrollment and General Settings within your Pro instance!