Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Etrecheck says SIP is off while status says on with MacBook m1, anyone know if this is normal?
- Thread starter GabrielRaphael
- Start date
- Sort by reaction score
have you actually disabled it in the past? you could try disabling, reboot, see what the OS & etrecheck show...
You can ignore Etrecheck.
If
Apple Developer Documentation - Disabling and Enabling System Integrity Protection
https://developer.apple.com/documen...ling_and_enabling_system_integrity_protection
If
csrutil status returns that is enabled, then it is.Apple Developer Documentation - Disabling and Enabling System Integrity Protection
https://developer.apple.com/documen...ling_and_enabling_system_integrity_protection
thanks for the super quick answer, im asking because people swear by Etrecheck so I need to be sure it was not something I was doing wrong or maybe my OS set up.
Thanks!
yeah its the same results, nothing changed in Etrecheck, its like it can not really ell if SIP is on or off, at east in osx Samona
Status on Sonoma on a Intel MacbookPro 9,2 installed with the OCLP procedure
In my case, after a try to enable it on Terminal
@macbook-pro ~ % csrutil status
System Integrity Protection status: unknown (Custom Configuration).
Configuration:
Apple Internal: disabled
Kext Signing: disabled
Filesystem Protections: disabled
Debugging Restrictions: enabled
DTrace Restrictions: enabled
NVRAM Protections: enabled
BaseSystem Verification: enabled
This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.
In my case, after a try to enable it on Terminal
csrutil enable while on recovery mode, this is the return of the console :@macbook-pro ~ % csrutil status
System Integrity Protection status: unknown (Custom Configuration).
Configuration:
Apple Internal: disabled
Kext Signing: disabled
Filesystem Protections: disabled
Debugging Restrictions: enabled
DTrace Restrictions: enabled
NVRAM Protections: enabled
BaseSystem Verification: enabled
This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.
Yes, you are right. After a couple of tests with my 2 MacbookPro on OCLP, perhaps I will downgrade to their native Oses (Catalina for the 13" 2012 MBP and Monterey for the 15" 2015 MBP).And that is why you shouldn't use OCLP.
That's the command that EtreCheck itself uses to see if SIP is enabled.
It is more likely that EtreCheck is saying something like "Apple security is disabled". Disabling SIP is one thing that can cause this message. It can also be displayed if Gatekeeper is turned off or if security updates are disabled. It is common for people to disable all updates, including security updates, in an attempt to avoid Apple's never-ending stream of bugs.
System updates is a tricky thing. It should always be set to allow security updates. There's no downside to that. Security updates aren't going to break anything. However, I don't recommend that people run the bleeding edge of any Apple software. Obviously this includes betas. But these days, I think it includes whatever the latest OS is too. So if you do choose to run Sonoma, I recommend keeping all updates enabled so at least you'll get some fixes for recent bugs along with any new bug installations.
My way is different.
I DISABLE SIP and startup security "from the get-go".
I also bypass Gatekeeper with
sudo spctl --master-disable
Macs ran great for years without that stuff.
I don't need or want those things "getting in the way".
Works for me.
Your mileage may vary.
I DISABLE SIP and startup security "from the get-go".
I also bypass Gatekeeper with
sudo spctl --master-disable
Macs ran great for years without that stuff.
I don't need or want those things "getting in the way".
Works for me.
Your mileage may vary.
You should consider rephrasing that answer.
Updates and security updates are not influenced by SIP or the other way around.
You can have SIP disabled and install all updates.
You can have SIP enabled and not install any updates.
because allowing an app to open for it's first time 'gets in the way'? and security sucks... hmm
I was referring to EtreCheck's own message regarding "Apple security disabled". If the computer isn't getting security updates, or if Gatekeeper is disabled, or if SIP is disabled, then EtreCheck will consider Apple's built-in security to be disabled.
I'm aware of the practical, day-to-day security concerns on the Mac. Most of what is posted on the internet with respect to Apple security is total nonsense. Anyone with a reasonable awareness of the risks of installing cracked commercial software, apps to facilitate illegal access to copyrighted media, or any other kind of back-market, install-this-malware-to-continue has nothing to worry about. But with that qualification, I've eliminated well-nigh 100 million people. It is that larger group that is the intended market for EtreCheck.
But even so, the day-to-day hassles imposed by security updates, Gatekeeper, and SIP are virtually zero - as in - exactly zero. Aside from a certain number of hardware failures, most of the problems that cause people to run EtreCheck are self-imposed. The internet is a wondrous, inexhaustible source of bad ideas. Those people who aren't disabling security updates, disabling Gatekeeper, or disabling SIP are likely installing 3rd party antivirus apps that are even worse. Either way, these are the things that keep EtreCheck in business.
I asked around and it seems that you need to disable Gatekeeper to avoid annoying issues when installing software from developers not caught up in the Apple Store monopoly matrix., its what people are claiming., seems correct but im sure there are two sides to every story., but are you suggesting that Etrecheck is reporting the correct computer status and Apples own terminal is false?
I also read allot of complaints about Etrecheck been malware itself, but again, two sides to every story., so please explain, you seem to be very familiar with Etrecheck.
You do not need to disable Gatekeeper. If you’re trying to install an app that isn’t signed, you can work around that lack of signing by choosing the “Open” option from the menu you get by right clicking on the installer.
Fishrrman’s advice to disable three of the primary security features (Startup Security, SIP and Gatekeeper) that were added to macOS is not good advice for the vast majority of users. There’s very little gain for the huge increase in risk.
See "If you want to open an app that hasn’t been notarized or is from an unidentified developer"
https://support.apple.com/HT202491
Gatekeeper and runtime protection in macOS
https://support.apple.com/HT202491
As @etresoft is the developer/represents the developer of EtreCheckPro, I’ll try to provide an impartial answer.
I’m not aware of any instance of EtreCheckPro being infected with malware. The EtreCheckPro app is notarized
“Notarization gives users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components.”
https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution
The easiest way for a regular user to check an app is to upload it to virustotal.
If the app has been uploaded before, you will see the result directly https://www.virustotal.com/gui/file/d8729302353f94736383552c092275fed5f1707346a3d8403e06616cd13ca390
In the Details section you can see that the EtreCheckPro.zip file has been signed by Etresoft, Inc. and Apple.
maybe this website gave me the creeps, I hope its true that they are a trusted honest developer with no intensions of selling people's private information or scamming them..we need real products., I do see allot of great things about them.
That is not a website, it’s just a nonsense rant.
Here are some websites
Macworld (AUG 5, 2014) “How to create a Mac status report using EtreCheck”
https://www.macworld.com/article/22...-full-status-report-on-your-troubled-mac.html
Softpedia - EtreCheck (Mac) https://mac.softpedia.com/get/System-Utilities/EtreCheck.shtml
Creating a System Report With EtreCheck https://macmost.com/creating-a-system-report-with-etrecheck.html
As I don’t use the app, because I don’t find it useful, I can’t comment about the data collection policy.
Last edited:
Are you suggesting that I need to explain this for a third time?
Do you? hmmm..
If that website gives you the creeps, you should see a few years of postings from my other cyberstalker.
That is, assuming you aren't said cyberstalker back here again with another alias. He has used "Raphael" in an alias before.
No one has ever claimed that EtreCheck was infected with malware. They say that EtreCheck is malware.
Please don't. If you pay close attention to the nonsense rant website posted above, you'll see that virus total is one of the key pieces of information that chase_daniel (just one link out of many) is using. Apparently, in 2014, for about two days, I had released a version of EtreCheck where I had used the text "geneio" as a dictionary key or something in EtreCheck's own adware detection logic. Someone told me that like 3 out of 64 AV engines were flagging it, so I fixed it. But now I'll never live it down. Mea culpa, mea culpa, mea máxima culpa. Yea, verily, I hath used the string "geneio" ten years ago. Don't ya think it's funny how that's the extent of malware detection logic in some AV engines?
I even asked the people at virus total to remove that entry, but they refused. They even accused EtreCheck of making suspicious network connections to some shady entity known as "Digicert". In addition to not knowing what that is, they also didn't seem to understand the difference between an app doing something shady and an operating system validating certificates on behalf of said app.
I guess now that it's 2024, I can officially say that I've had cyberstalkers for decades. Well, one decade at least. More to come, I'm sure.
I don't want your data. I want your money. See https://www.etrecheck.com/en/privacy.html
Please do not advise users against using VirusTotal.
Please consider uploading your notarized releases to VirusTotal.
For a developer, VirusTotal is useful to identify any component, especially third-party libraries, that may be falsely flagged as malware.
For users, VirusTotal provides an accessible way to check if a file is potentially malicious, verify the hash values and signatures of zip, dmg and pkg files.
If you find that one scanner falsely identify your software as malicious/malware, you could contact them to clarify the problem. I’m not a developer and I did that for a false positive on an app I was testing. The security vendor corrected the report.
Unlike the link I posted above, the virustotal link on that “howtotellifyourmacishacked” site is not publicly accessible and seems to be for etresoft.com, not for an EtreCheckPro.zip file.
Publicly accessible VirusTotal links for etresoft.com and etrecheck.com
https://www.virustotal.com/gui/url/f043fe33576db6b76f6aa898da5ec5b8d7c21cc3eaba4f9d95db372fe21a2008
https://www.virustotal.com/gui/url/0740b0e431c369c60de70e049ba2dda3723079337c181d434853735b7ef90b2b
That’s exactly what I’ve said!
#37
I strongly advise users against using VirusTotal.
Never
For developers, VirusTotal is simply an extortion scene. They have a paid service where developers can upload binaries in private. Then, if they get flagged, developers have to opportunity to modify them until they are no longer detected by any AV engines. Hopefully malware developers would never use this service.
VirusTotal's data is junk and shouldn't be relied upon. The people who run VirusTotal don't understand basic concepts of internet security. It is only useful to malicious cyberstalkers.
The "problem" was that the scanner used the presence of the text string "geneio" to flag my app as adware. They were obviously incompetent. The fix was to remove the text string, which I did within minutes. But ten years later, it still follows me around. How do you think me spending weeks trying to contact some random AV company in the Czech Republic is a better strategy?
As I said, their data is junk.
And what does that say? Did you bother to check the "community score" and see 34 downvotes from chase daniel 5 years ago. At least this cyberstalker seems to have finally given up. But VirusTotal will continue his malicious crusade until the grid goes down.
This is what you said in that post - "In my opinion, you can ignore whatever EtreCheck is saying. Its messages are usually just a way to get people to buy the Pro version."That’s exactly what I’ve said!
And that is false. Your statement is saying that EtreCheck is just a scam and its messages are only designed to trick people into buying it. EtreCheck is a free app, designed to be used for free. Yeah, it does have an in-app purchase. Sue me for wanting to eat and stay dry. I don't know what it is about this app that inspires these kinds of false and malicious attacks.
I was simply responding to the malicious claim that EtreCheck was "selling people's private information or scamming them".
Getting less knowledgeable users to buy an app is not a scam. Good for you
Despite my personal opinion, I explained that your app is notarized by Apple and posted links were it’s featured by reputable websites. The VirusTotal links I posted above show that your app and websites do not trigger any warning.
But you seem to be stuck in a past feud with someone and VirusTotal.
I don’t have time to waste in this kind of discussion. Good luck!
Despite my personal opinion, I explained that your app is notarized by Apple and posted links were it’s featured by reputable websites. The VirusTotal links I posted above show that your app and websites do not trigger any warning.
But you seem to be stuck in a past feud with someone and VirusTotal.
I don’t have time to waste in this kind of discussion. Good luck!