Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

OS X: File Integrity Rules Prevent Finder from writing to .DS_Store

OS X: File Integrity Rules Prevent Finder from writing to .DS_Store

Version

7.x

Issue
Bit9 Agent will prevent the Finder from writing to the .DS_Store if a File Integrity rule is enabled for that directory.

Symptoms
The Bit9 Agent will show a block notifier on screen with the process as 'Finder'


Cause
This is intended behavior for a File Integrity rule (preventing writes).


Solution
You can create a custom rule to silence the notifier.

 

Important Note(s)

**Important** - Please test out the rule in a OS X testing policy before placing into production.

Name:  OS X File Integrity .DS_Store Silence

Description: Ignore Finder to modify the .DS_Store for Directory XYZ

Status: Enabled

Platform: Mac

Rule Type: Advanced

Operation: Write

Write Action: Silence

Path or File: Specific Path...

                     *.DS_Store

Process:   Specific Process...

                  /System/Library/CoreServices/Finder.app

User or Group: Any User

Rule Applies to: All Policies

Tags (3)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-22-2015
Views:
569