Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.



November 29, 2017
Mac Keeper
Mac Keeper
Risk Impact:
Systems Affected:


OSX.MacKeeper is a misleading application for macOS that may give exaggerated reports about security issues on your computer.

Antivirus Protection Dates

  • Initial Rapid Release version pending
  • Latest Rapid Release version March 26, 2019 revision 003
  • Initial Daily Certified version November 29, 2017 revision 016
  • Latest Daily Certified version March 26, 2019 revision 006
  • Initial Weekly Certified release date November 29, 2017
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
This misleading application may be silently installed by another program. It may also be manually installed from the Web site.

When the program is executed, it performs a scan and then displays misleading or exaggerated reports of security issues on the computer.

The program then prompts the user to purchase a registered version of the software in order to remove the reported problems.

When the program is installed, it may create the following files:
  • /Applications/
  • /private/tmp/6CA52563-C3F0-4C1C-A573-AB76AC1D0BD3
  • /private/var/folders/3p/3lqkypgx6ns6h8cfpn7x4g_c0000gn/C
  • /Users/admin/Library/Caches/
  • /6ns6h8cfpn7x4g_c0000gn/T/
  • /private/var/folders/3p/3lqkypgx6ns6h8cfpn7x4g_c0000gn/T/

The following instructions pertain to all current and recent Symantec antivirus products for Macintosh.
  1. Update the virus definitions.
  2. Run a full system scan and repair or delete all the files detected.
For specific details on each of these steps, read the following instructions.

1. To update the virus definitions
To obtain the most recent virus definitions run LiveUpdate: These virus definitions are posted to the LiveUpdate servers regularly. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate) .

2. To scan for and delete the infected files
  • Start your Norton AntiVirus or Symantec Endpoint Protection for Macintosh program and make sure that it is configured to scan all files.
  • Run a full system scan.
  • If any files are detected, click Repair (if available) or Delete.