Anti-Ransomware???

I receive these messages in my Notifications box (Mac macos Catalina 10.15.6):

"Time Machine Protection

Feature: Anti-Ransomware

An unauthorized app attempted to access your backups.

App: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdsync

We blocked the app to prevent it from altering the content of your backups."


What does this mean and how can this be resolved?

Thanks!

AdS

Comments

  • Got the same on my machine.

    As I understand: this is a prob with Bitdefender, mdsync seems OK.

  • Same problem on one Mac.Not observed prior to MacOS 10.15.6 (first release, still there after recent additional update). Moreover, I find the same message, but with an empty field for the name of the App or the path.

    No such problems at all on a second Mac. So far I never found mdsync active on this Mac.

    To be honest, I have no firm idea what mdsync is good for. From an Apple forum I conclude that it seems to be related to Spotlight. If so it should not touch the TimeMachine volume.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Hi Member's

    Sorry for the inconvenience caused to you.

    Kindly drop an email to bitdefender support at bitsy@bitdefender.com .Response may be delayed due to less staff and covid19. Rest be assured, they will reply back asap.


    If this helps, kindly mark answer as agree/ accepted

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • 1) Sent an email to bitsy@bitdefender.com.

    2) Today I found the message on the second Mac, too. Again with MacOS 10.15.6. But for the first time on this Mac. And twice today. However, mdsync was not active when I checked. OK, maybe it was still blocked. On the other Mac I found mdsync active once in a while. Still not sure what it is good for.

  • Just for the sake of completeness: In the meantime I observed four different, yet similar error messages (in German, sorry - but the structure is obvious):

    1) Complete Path. as given above by AdS on August 6:

    Eine nicht autorisierte App hat versucht, auf Ihre Backups zuzugreifen.

    App: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdsync

    Wir haben die App blockiert, um zu verhindern, dass sie die Inhalte Ihrer Backups verändert.


    2) Empty field for App:

    Eine nicht autorisierte App hat versucht, auf Ihre Backups zuzugreifen.

    App: 

    Wir haben die App blockiert, um zu verhindern, dass sie die Inhalte Ihrer Backups verändert.


    3) App named „0“:

    Eine nicht autorisierte App hat versucht, auf Ihre Backups zuzugreifen.

    App: 0

    Wir haben die App blockiert, um zu verhindern, dass sie die Inhalte Ihrer Backups verändert.


    4) No App mentioned:

    Eine nicht autorisierte App hat versucht, auf Ihre Backups zuzugreifen.

    Wir haben die App blockiert, um zu verhindern, dass sie die Inhalte Ihrer Backups verändert.


    This seems to indicate that the error handling of Bitdefender, Antivirus for Mac (8.2.0.9 in my case), has some problems.

  • There was almost immediate (very good!) feedback from Bitdefender. I quote:

    "Kindly note that the Anti-Ransomware (Safe Files) feature in Bitdefender, blocks the access to a selection of Protected folders and files (which you can modify at any time) and it will only allow access to the applications which are added in Application Access. The message that you have received simply shows that a certain application tried to make changes in one of the protected folders and it was blocked with success.


    This does not necessarily mean that it is a virus, it simply states that the access was blocked. At times, you must manually add applications that you trust to the Application Access, so that they can properly function."

    I think this is not satisfactory both as 1) Time Machine Protection is a special selection not among the "Safe Files" (actually I could not select the Back-up volume as Safe File and then allow access for mdsync - nevertheless as a test I allowed mdsync to have access and now wait what happens) and 2) why should I care about genuine parts of the operating system like mdsync?

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    If you are not satisfied with the response kindly contact back on the same ticket and ask them to get some information from the development team. Officially there is no person on the forum from the development team and hence no further solution can be provided. The forum is subjected to limited information & mostly capable of handling windows issue at a larger extent rather than any other OS. This does not means that the query regarding macOS or android cannot be handled, they can be handled but with a limited extent.

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Thank you, Flexx, for your motivating comment.

    Yes, it is always difficult to discuss Mac topics with Bitdefender. There was feedback again, but I think I better stop here.

    To clarify some of the open questions I started a discussion within the Apple community as we still do not know whether mdsync should have access or not: https://discussions.apple.com/thread/251702573

  • anyone know how to solve ransomware type STOP Djvu with extension .derp

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Kindly upload the ransom note or encrypted file on https://id-ransomware.malwarehunterteam.com/ and you will get the result whether the encrypted files can be decrypted or not.

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Same error message running macos 10.15.6.


    "An unauthorized app attempted to access your backups.

    App: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdsync

    We blocked the app to prevent it from altering the content of your backups."


    Seems that if everything is functioning normally on the Mac, you shouldn't have to alter BD preferences or files as a work-around.

  • Just to continue: Similar error message still there with MacOS 10.15.7 except that the name or reference of the App is not given in my case. Two occurrences on one Mac, nothing on the second one, a rare event so far. I have no idea what a warning is good for if it does not tell you who or what tried to access the Time Machine volume.

    So we will see what happens with Big Sur.

  • An unauthorized app attempted to access your backups.

    App: /System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd

    We blocked the app to prevent it from altering the content of your backups.


    just got this with big sur!!!!

  • Robbybobs
    Robbybobs
    edited November 2020


  • Ok I have this problem as well running OS 11.2

    Time Machine

    An unauthorized app attempted to access your backups.

    App: /System/Applications/Preview.app/Contents/MacOS/Preview

    We blocked the app to prevent it from altering the content of your backups.

  • Here's a really strange one! Bitdefender seems to be telling me that it stopped itself from accessing my backups:

    "An unauthorized app attempted to access your backups.

    App: /Library/Bitdefender/AVP/AntivirusforMac.app/Contents/MacOS/BDLDaemon

    We blocked the app to prevent it from altering the content of your backups."

    I've received this multiple times and get a big loud tone every time. What is going on???

    I'm on MACOS 11.1, by the way. Will update to 11.2 and see if it happens again then.

  • Updating to MacOS 11.2 does not make a difference, I can tell you. Maybe it is just a weird way to show you that the app actually does protects you from something :-)

  • Receiving the same message as well:

    Time Machine Protection

    Feature: Anti-Ransomware

     App: /Library/Bitdefender/AVP/AntivirusforMac.app/Contents/MacOS/BDLDaemon

    We blocked the app to prevent it from altering the content of your backups.

    This appears to be chronic. Bitdefender needs to address this ASAP with an update and an explanation.

  • Yes it protects us from Apple and BD. My OS is 11.2.2 and I get this. Pages V10.2.9 (7029.9.8)


    An unauthorized app attempted to access your backups.

    App: /Applications/Pages.app/Contents/MacOS/Pages

    We blocked the app to prevent it from altering the content of your backups.


    An unauthorized app attempted to access your backups.

    App: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdwrite


    I get about ten of these when I open Pages and it started 3/2/2021.

    I don't ignore Critical alerts so I look at it every time it happens. Not a big deal, just getting old.

  • Hi everyone,


    I've got the same problem (in french) while trying to launch Time Machine on a Mac running Monterey beta 12.0.

    " Une application non autorisée a tenté d'accéder à vos sauvegardes.

    Application : /System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd

    Nous avons bloqué cette application pour l'empêcher de modifier le contenu de vos sauvegardes."

    Is there any solution so far ?

    Thanks a lot !

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Kindly drop an email to bitdefender support at bitsy@bitdefender.com regarding your query .They will reply back asap.

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Just received this very message in MacOS 12.0.1. Out of the blue. Been running 12.0.1 for weeks, no problem. Likewise, never a problem with earlier versions.

    Anybody been able to resolve this? Or is it easier to switch over to a different anti-virus?