search

objective-see / BlockBlock

BlockBlock provides continual protection by monitoring persistence locations.
GNU General Public License v3.0
619 stars 38 forks source link

false alerts for /Library/Apple/System/Library/InstallerSandboxes/* #51

Closed theevilbit closed 1 year ago

theevilbit commented 1 year ago

Hi Patrick,

I'm getting false alerts for KEXTs for files inside: /Library/Apple/System/Library/InstallerSandboxes/*

e.g.: install a KDK, and it will throw a lot of alerts.

Thanks, Csaba

objective-see commented 1 year ago

Thanks for the bug report and appreciate the patience. Just released v2.1.5 that improves the kext-matching regex to avoid this.

(More details on fix, here: https://github.com/objective-see/BlockBlock/issues/52#issuecomment-1310879671).

objective-see commented 1 year ago

Closing as fixed in v2.1.5 (See: https://github.com/objective-see/BlockBlock/commit/ed7d7b653f609b783a3ac6b482a3845a20da03a6)