Hi everyone, I just recently recognized that just about all of the “threat prevented” type messages I get from Norton 360 Mac…indicate: Process: /Applications/CleanMyMac_5.app/
Does this indicate that the CleanMyMac application is the actual source of all of these Trojans / threats? The whole point of CleanMyMac was to add a layer of protection…not to be the source of attacks. Is this what’s happening here?
Maybe, you can add mutual exclusions or better practice…run one.
============================================
AI Overview
Both CleanMyMac and Norton 360 are security applications that can detect and remove threats on your Mac, but they have different approaches. CleanMyMac is a Mac cleaner that also includes malware detection and removal. Norton 360 is a broader security suite that provides real-time protection, malware scanning, and other security features.
CleanMyMac:
Malware Detection and Removal: CleanMyMac scans for various Mac-specific threats, including Trojans, adware, and cryptocurrency miners.
Real-time Monitoring: It monitors for threats even when the app isn’t actively running.
Removes threats: CleanMyMac automatically selects all threats for removal after a scan, or users can review and choose what to remove.
Norton 360:
Comprehensive Security Suite: Norton 360 offers a range of security features, including malware scanning, real-time threat protection, a VPN, and more.
Real-time Protection: Norton 360 actively monitors your system for suspicious activity.
Full Scan: Norton can perform both quick and full scans to identify threats.
If you’re seeing “threats” reported by either application, here’s what you should do: 1.Identify the source:
Determine if the threat is coming from a specific app, website, or download.
2.Review and remove:
If a threat is identified, review its details and take appropriate action, such as removing the suspicious file or app.
3.Consider a full scan:
If you’re concerned about hidden threats, run a full scan with Norton 360 or CleanMyMac.
4.Check for false positives:
Some security software may flag harmless files as threats. If you’re unsure, you can research the file or consult with a security professional.
5.Consider removing the application if it’s not trusted:
If you’re not sure about an application or extension, it’s best to remove it.
AI Overview
It is generally not recommended to run CleanMyMac and Norton 360 simultaneously on a Mac, as they can potentially conflict and cause performance issues or even system instability. While both offer features like system cleaning and malware protection, macOS already includes built-in security features.
Why it’s not recommended:
Resource conflicts:
Both CleanMyMac and Norton 360 can consume significant system resources, potentially leading to slowdowns and decreased performance.
Potential for conflicts:
Cleaning and optimization tools can sometimes interfere with macOS’s built-in system processes, leading to errors or unexpected behavior.
Redundancy:
macOS has its own built-in malware protection XProtect, making dedicated antivirus software like Norton 360 potentially unnecessary.
False positives:
Cleaning and optimization tools might mistakenly identify necessary system files as junk, leading to potential data loss or instability.
Alternatives to consider:
Rely on macOS’s built-in features:
macOS has built-in tools for managing storage and security, which are often sufficient for most users.
Use Malwarebytes for Mac
If you’re concerned about malware, Malwarebytes for Mac is a recommended tool for removing it.
Be cautious with downloads:
Stick to reputable sources for downloads and avoid clicking on suspicious links or attachments.
In conclusion: While neither CleanMyMac nor Norton 360 are inherently dangerous, running them simultaneously is generally not advised due to potential conflicts and the availability of macOS’s built-in security features. It’s often better to rely on macOS’s built-in tools and be mindful of your online activity to maintain a secure and performant system.
My initial post was not on point. I’m actually not using CleanMyMac and Norton at the same time for protection. I use CMM for the other features.
I guess my question is what the “Process”: /Applications/CleanMyMac_5.app/Contents/Library/LoginItems/CleanMyMac_5_HealthMonitor.app/Contents/MacOS/ means exactly? As in, is the CleanMyMac app itself, the actual source of the Trojan threats?
Hello @WilliamC_Miller
Oh okay…so, you’re able to disable CleanMyMac real-time monitoring functions?
Feels like Health Monitor is still running real-time.
Norton Auto-Protect does not like block_document.exe? Whatever ‘block_document.exe’ is?
Maybe, you can add an exclusion.
Maybe, you can second opinion block_document.exe over on VirusTotal?
Caveat: I’m not Mac
Please review: Is CleanMyMac a recommended program? here
================================================
AI Overview
“Win32:Evo-gen [Trj]” is a detection name used by Avast (and other antivirus software) to identify files exhibiting suspicious, Trojan-like behavior. It’s a generic detection, meaning it flags files that display characteristics similar to known trojans but may not be definitively identified as a specific type of malware.
Key points about Win32:Evo-gen [Trj]:
Generic Detection:
It’s a broad detection, indicating a file that resembles a trojan but isn’t necessarily a confirmed infection.
Possible False Positive:
Antivirus software, including Avast, can sometimes flag legitimate files as Win32:Evo-gen. This is often referred to as a “false positive”.
Trojans and Malware:
Trojans are malicious programs designed to infiltrate systems and perform various harmful actions, such as stealing data, installing other malware, or providing remote access to attackers.
Need for Further Investigation:
If Avast detects Win32:Evo-gen, it’s crucial to investigate further. Using a different antivirus program or online scanning tools (like VirusTotal) can help determine if the file is malicious or a false positive.
Symptoms of Trojan Infection:
If a real infection is present, you might experience symptoms like:
Slow computer performance
Unexpected pop-up ads
Unexplained changes to system settings
Files being encrypted or deleted
Suspicious network activity
False Positive Scenarios:
False positives can occur when:
A legitimate program uses similar code patterns to known trojans.
The program is a newly developed executable and hasn’t yet been analyzed by antivirus databases.
The program interacts with system resources in a way that the antivirus interprets as suspicious.
Remediation:
If a real infection is confirmed, removing the trojan may involve using specialized tools like Rkill, Malwarebytes Anti-Malware, or other reputable anti-malware software.
In essence, Win32:Evo-gen [Trj] is a warning sign, but not always a confirmation of a trojan infection. Further investigation and analysis are needed to determine the nature of the detected file.
AI Overview
The filename “block_document.exe” appears in discussions related to security software and threat detection. Specifically, it has been mentioned in the context of:
Security software detections: Norton 360, a security application, has detected block_document.exe and flagged it as a Trojan threat, specifically Win32:Evo-gen [Trj].
CleanMyMac: The CleanMyMac Health Monitor, a background process within the CleanMyMac application, is the source of the block_document.exe file, which is detected and blocked by Norton 360.
Potential False Positive: Some users have reported this detection as a false positive, meaning Norton may be mistakenly identifying a legitimate CleanMyMac process as a threat.
Malwarebytes aggressive blocking: Malwarebytes Browser Guard has a feature to aggressively block downloads of .exe files from suspicious websites to prevent malware infections.
Important Considerations:
CleanMyMac & Norton 360: If you have both CleanMyMac and Norton 360 installed, this detection might be a conflict or a false positive between the two security applications.
Threat Detected: Norton 360 has identified block_document.exe as a Trojan, which is a type of malware.
Location: The reported location of block_document.exe is /private/var/folders/5DB4C8F5E634/block_document.exe, indicating it’s associated with the CleanMyMac application’s background processes.
What you should do:
Investigate the source: Confirm whether the detection is coming from a legitimate process (like CleanMyMac) or if it’s potentially malicious activity.
Review and remove: If it is identified as a threat, take appropriate actions like quarantining or removing the file.
Run a full scan: Consider running a full system scan with your security software to check for any other potential threats.
Report False Positives: If you believe block_document.exe is a false positive, report it to both CleanMyMac and Norton support for further investigation
AI Overview
To report a false positive to CleanMyMac X, you can follow these steps:
Identify the false positive: Determine which app or file CleanMyMac X is flagging as potentially unwanted or malicious that you know is legitimate.
Add the item to the ignore list: If CleanMyMac X offers to remove an app or file that you trust, you can add it to the ignore list by Control-clicking the application or file and choosing “Add to Ignore List”.
Contact CleanMyMac Support: MacPaw, the developers of CleanMyMac, encourages users to report any instances where CleanMyMac X marks trusted applications or files as unwanted or malicious, especially if you have solid facts to support your claim. They want to be more precise in their analysis and detection of potential threats, and they recognize that there’s always a chance for false conclusions.
Note: While CleanMyMac X includes malware detection, some users have reported conflicting experiences and have recommended using alternative solutions, such as Malwarebytes, for malware removal. Always exercise caution when using third-party cleaning tools, as they may have unintended consequences.