Virus Total detection

[pazu]

I’ve just used Task Explorer (from Objective-see.com) to scan my Mac and found Bkav Pro in the Alfred Framework:

 

/Applications/Alfred 4.app/Contents/Frameworks/Alfred Framework.framework/Versions/A/Alfred Framework

 

The report can be seen here:
https://www.virustotal.com/gui/file/f57476d0bea44e4fb3e8c96165c8f83c3eceb40f2d87967fb23843655a900135/detection
One engine detected this file
Bkav Pro: VEX.Webshell

Is it something that we should be concerned about?

 

(Anyway, this is a new Mac, installed very few softwares so far.)

[vitor]

Yet if you scan the whole app, there’s no detections. VirusTotal found a single hit from one antivirus vendor which I never heard about. I trust Alfred’s team and maliciousness doesn’t even enter the equation, but in the spirit of thoroughness (e.g. maybe the development machine was compromised) I decided to search online for VEX.Webshell.

 

All I found were matches by Bkav Pro, and all of them were false positives. This specific case with Alfred had already been discussed in Reddit.

 

There’s nothing to worry about.

[Vero]

@pazu This is a false positive; a web shell isn't even a relevant type of issue with the type of app that Alfred. We've reported this false positive to Bkav in the past, and they're completely unresponsive.

 

Alfred is built and signed on a completely isolated machine, then both developer signed and notarised by Apple.  As a further assurance, always download Alfred from our website https://www.alfredapp.com and never from third-party websites.
 

Cheers,
Vero

[pazu]

@Vero and @vitor Thanks for your clarification and it clears my doubt. 

 

Warm,

Alfred's Mega Supporter.