Use “Folder Actions” In OS X For Malware Detection

Folder Actions for Malware Detection

Blogger Jacob Salmela came up with a really simple way to help you detect an installation of malware in OS X by using some built-in resources ( Folder Actions) of the operating system itself.  To drive their malware, bad guys attempt to get a LaunchDaemon or LaunchAgent installed in one or more of the following locations in your computer:






Folder-Actions Use "Folder Actions" In OS X For Malware Detection How To OS X OS X Security Tips

Salmela’s solution is to use a feature (Folder Actions) on each of these locations to alert you when an item is added to any of the above folders.  This allows you to see what is being added, and make a decision to keep the newly added item (if you recognize it), or simply delete it.

Here’s how to set it up:

Enable Folder Actions

  1. Right-click one the the folders listed above
  2. Choose Services > Folder Actions Setup…
  3. Check Enable

Assign A Folder Action

  1. Click the plus sign on the right side of the window
  2. Highlight add – new item alert.scpt
  3. Click Attach

Repeat these steps for each folder you want to check.  When a new item it added to any of these folders, you will see a pop-up window asking if you want to view the new addition.

There you have it.  A simple and elegant malware solution for malware detection, that is also FREE!


OSX: Roll-Your-Own Malware Detection  |  Jacob Salmela

By prometheus

Husband. Father. Grandfather. World class Geek.


  1. the fifth line is missing the actual user shortname
    notice the


    $ open /Users/Library/LaunchAgents
    The file /Users/Library/LaunchAgents does not exist.

    Can be changed to


    or better yet


Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.