Anti-Ransomware???

I receive these messages in my Notifications box (Mac macos Catalina 10.15.6):

"Time Machine Protection

Feature: Anti-Ransomware

An unauthorized app attempted to access your backups.

App: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdsync

We blocked the app to prevent it from altering the content of your backups."


What does this mean and how can this be resolved?

Thanks!

AdS

Comments

  • Got the same on my machine.

    As I understand: this is a prob with Bitdefender, mdsync seems OK.

  • Same problem on one Mac.Not observed prior to MacOS 10.15.6 (first release, still there after recent additional update). Moreover, I find the same message, but with an empty field for the name of the App or the path.

    No such problems at all on a second Mac. So far I never found mdsync active on this Mac.

    To be honest, I have no firm idea what mdsync is good for. From an Apple forum I conclude that it seems to be related to Spotlight. If so it should not touch the TimeMachine volume.

  • FlexxFlexx ✭✭✭✭

    Hi Member's

    Sorry for the inconvenience caused to you.

    Kindly drop an email to bitdefender support at [email protected] .Response may be delayed due to less staff and covid19. Rest be assured, they will reply back asap.


    If this helps, kindly mark answer as agree/ accepted

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

  • 1) Sent an email to [email protected]

    2) Today I found the message on the second Mac, too. Again with MacOS 10.15.6. But for the first time on this Mac. And twice today. However, mdsync was not active when I checked. OK, maybe it was still blocked. On the other Mac I found mdsync active once in a while. Still not sure what it is good for.

  • Just for the sake of completeness: In the meantime I observed four different, yet similar error messages (in German, sorry - but the structure is obvious):

    1) Complete Path. as given above by AdS on August 6:

    Eine nicht autorisierte App hat versucht, auf Ihre Backups zuzugreifen.

    App: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdsync

    Wir haben die App blockiert, um zu verhindern, dass sie die Inhalte Ihrer Backups verändert.


    2) Empty field for App:

    Eine nicht autorisierte App hat versucht, auf Ihre Backups zuzugreifen.

    App: 

    Wir haben die App blockiert, um zu verhindern, dass sie die Inhalte Ihrer Backups verändert.


    3) App named „0“:

    Eine nicht autorisierte App hat versucht, auf Ihre Backups zuzugreifen.

    App: 0

    Wir haben die App blockiert, um zu verhindern, dass sie die Inhalte Ihrer Backups verändert.


    4) No App mentioned:

    Eine nicht autorisierte App hat versucht, auf Ihre Backups zuzugreifen.

    Wir haben die App blockiert, um zu verhindern, dass sie die Inhalte Ihrer Backups verändert.


    This seems to indicate that the error handling of Bitdefender, Antivirus for Mac (8.2.0.9 in my case), has some problems.

  • There was almost immediate (very good!) feedback from Bitdefender. I quote:

    "Kindly note that the Anti-Ransomware (Safe Files) feature in Bitdefender, blocks the access to a selection of Protected folders and files (which you can modify at any time) and it will only allow access to the applications which are added in Application Access. The message that you have received simply shows that a certain application tried to make changes in one of the protected folders and it was blocked with success.


    This does not necessarily mean that it is a virus, it simply states that the access was blocked. At times, you must manually add applications that you trust to the Application Access, so that they can properly function."

    I think this is not satisfactory both as 1) Time Machine Protection is a special selection not among the "Safe Files" (actually I could not select the Back-up volume as Safe File and then allow access for mdsync - nevertheless as a test I allowed mdsync to have access and now wait what happens) and 2) why should I care about genuine parts of the operating system like mdsync?

  • FlexxFlexx ✭✭✭✭

    If you are not satisfied with the response kindly contact back on the same ticket and ask them to get some information from the development team. Officially there is no person on the forum from the development team and hence no further solution can be provided. The forum is subjected to limited information & mostly capable of handling windows issue at a larger extent rather than any other OS. This does not means that the query regarding macOS or android cannot be handled, they can be handled but with a limited extent.

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

  • Thank you, Flexx, for your motivating comment.

    Yes, it is always difficult to discuss Mac topics with Bitdefender. There was feedback again, but I think I better stop here.

    To clarify some of the open questions I started a discussion within the Apple community as we still do not know whether mdsync should have access or not: https://discussions.apple.com/thread/251702573

  • anyone know how to solve ransomware type STOP Djvu with extension .derp

  • FlexxFlexx ✭✭✭✭

    Kindly upload the ransom note or encrypted file on https://id-ransomware.malwarehunterteam.com/ and you will get the result whether the encrypted files can be decrypted or not.

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

  • Same error message running macos 10.15.6.


    "An unauthorized app attempted to access your backups.

    App: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdsync

    We blocked the app to prevent it from altering the content of your backups."


    Seems that if everything is functioning normally on the Mac, you shouldn't have to alter BD preferences or files as a work-around.

  • Just to continue: Similar error message still there with MacOS 10.15.7 except that the name or reference of the App is not given in my case. Two occurrences on one Mac, nothing on the second one, a rare event so far. I have no idea what a warning is good for if it does not tell you who or what tried to access the Time Machine volume.

    So we will see what happens with Big Sur.

  • An unauthorized app attempted to access your backups.

    App: /System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd

    We blocked the app to prevent it from altering the content of your backups.


    just got this with big sur!!!!

  • RobbybobsRobbybobs
    edited November 2020


Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.