Vivaldi triggering RansomWhere alerts
-
Every time I launch Vivaldi, I get an alert from RansomWhere that Vivaldi is encrypting files. What files is it encrypting, and why?
-
@santuccie , as far as I know, Vivaldi encrypts sync data, which of course it is very desirable that it do so.
-
@santuccie You mean the Osx App?
Chromium/Vivaldi encrypt user data to avoid being used outside your PC but I'm pretty sure the software don't recognize Vivaldi as a trusted app (which is sad). You should report as false positive, in such case. -
Vivaldi (and other Chromium-based browsers) also encrypts sensitive data (autofill, passwords, etc.) on disk. If you are concerned, you can verify the authenticity and integrity of your Vivaldi app bundle using the following command:
$ spctl -a -vv /Applications/Vivaldi.app
For more information on how to do additional checks, go to: https://help.vivaldi.com/article/obtaining-official-builds/
The "spctl" command only checks the app bundle itself. It's possible that your Vivaldi profile (configuration settings and other related app data) could be infected but I can't advise on how to check this.
-
Just about any Chromium based app on macOS triggers the prompt from RansomWhere? https://objective-see.com/products/ransomwhere.html
I noticed the message and already mentioned it to the developer a few months ago.
"As RansomWhere? attempts to generically prevent ransomware encryptions purely thru heuristics, its important to understand such alerts. Why? Well it's possible (though unlikely) that RansomWhere? has simply detected a legitimate application or binary that is not ransomware (for example, a legitimate encryption tool you are running to secure various sensitive files).Alerts shown by RansomWhere? contain two important pieces of information; the process that RansomWhere? has suspended (until one allows or terminates it), and the list of encrypted files that the process has created. If you trust the process, or the files created by the process are legitimate, click 'allow' to allow the program to continue executing in an unabated manner."
-