[OS X TeX] SentinelOne and Tex Live Utility updates
Adam R. Maxwell
amaxwell at mac.com
Wed Mar 22 10:23:40 EDT 2023
> On Mar 22, 2023, at 05:54 , Maurino Bautista <maobautista at gmail.com> wrote:
>
> My school installs SentinelOne Endpoint Security software on all our school issued Macs. I have a 2023 MacBookPro running Ventura 13.2.1. Updating the Tex Live Utility application (from 1.53 to 1.54) triggers SentinelOne protection and reports the following:
>
> persistence deception by Tex Live Utility application and mitigates the risk with the message: Detected malicious running process. It then quarantines the files: kpsewhich, python 3.9, lz4.universal-darwin, Tex Live Utility, xz.universal-darwin, and Python.
Merely updating TeX Live Utility itself should not cause this. You can download it from my website and install via drag-and-drop.
https://amaxwell.github.io/tlutility/ <https://amaxwell.github.io/tlutility/>
Did you try updating your TeX Live installation using TeX Live Utility? It sounds like SentinelOne is flagging MacTeX/TeX Live components that live in /usr/local, and simply updating TeX Live Utility would not trigger this. I'm not sure if merely listing TeX Live packages updates would require lz4 and xz.
[...]
> I was able to install the full 2023 package and TeX Live updates later AT HOME after deleting the previous install. Don't know if this is pure luck or an actual issue.
It sounds like a workaround. Bear in mind that TeX Live Utility exists to run 3rd party PERL scripts as root and download a bunch of stuff from the internet: frankly, it's a giant security hole and SentinelOne is correct to flag it. You can report it to them and see if they'll whitelist it or something.
thanks for the report,
Adam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://email.esm.psu.edu/pipermail/macosx-tex/attachments/20230322/76380736/attachment.htm>
More information about the MacOSX-TeX
mailing list