<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Mar 22, 2023, at 05:54 , Maurino Bautista <<a href="mailto:maobautista@gmail.com" class="">maobautista@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="content-type" content="text/html; charset=us-ascii" class=""><div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">My school installs SentinelOne Endpoint Security software on all our school issued Macs. I have a 2023 MacBookPro running Ventura 13.2.1. Updating the Tex Live Utility application (from 1.53 to 1.54) triggers SentinelOne protection and reports the following:<div class=""><br class=""></div><div class="">persistence deception by Tex Live Utility application and mitigates the risk with the message: Detected malicious running process. It then quarantines the files: kpsewhich, python 3.9, lz4.universal-darwin, Tex Live Utility, xz.universal-darwin, and Python. </div></div></div></blockquote><div><br class=""></div><div>Merely updating TeX Live Utility itself should not cause this. You can download it from my website and install via drag-and-drop. </div><div><br class=""></div><div><a href="https://amaxwell.github.io/tlutility/" class="">https://amaxwell.github.io/tlutility/</a></div><div><br class=""></div><div>Did you try updating your TeX Live installation using TeX Live Utility? It sounds like SentinelOne is flagging MacTeX/TeX Live components that live in /usr/local, and simply updating TeX Live Utility would not trigger this. I'm not sure if merely listing TeX Live packages updates would require lz4 and xz.</div><div><br class=""></div><div>[...]</div><div><br class=""></div><blockquote type="cite" class=""><div class=""><div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">I was able to install the full 2023 package and TeX Live updates later AT HOME after deleting the previous install. Don't know if this is pure luck or an actual issue.</div></div></div></blockquote><div><br class=""></div><div>It sounds like a workaround. Bear in mind that TeX Live Utility exists to run 3rd party PERL scripts as root and download a bunch of stuff from the internet: frankly, it's a giant security hole and SentinelOne is correct to flag it. You can report it to them and see if they'll whitelist it or something.</div><div><br class=""></div><div>thanks for the report,</div><div>Adam</div><div><br class=""></div></div></body></html>