How to Fix the Persistent “Malware Blocked” Alert on Mac

BySerhat Kurt Posted on Reading Time: 4 minutes

Recently, I started seeing a persistent “Malware Blocked” alert on my Mac running macOS Sequoia. Every time I clicked “Done,” the message would disappear momentarily, only to come back again with the exact same file name. I tried searching for the file to delete it manually but couldn’t find it anywhere on my system.

The error message says: Malware Blocked “app-name” was not opened because it contains malware. This action did not harm your Mac.

Malware Blocked error

It appears that a lot of Mac users have run into this exact issue. In many cases, the alert is triggered by older or unsigned apps (like outdated versions of Citrix Receiver or Docker) that macOS now flags as potentially harmful. Sometimes the issue is caused by files carried over from old Time Machine backups, or from third-party antivirus software that’s not playing nicely with macOS’s built-in security features.

If you’re stuck in this frustrating loop like I was, here’s how to track down the problem, remove it, and stop the alert from popping up again.

This alert typically means macOS’s built-in security (XProtect, Gatekeeper, or MRT) has detected something suspicious — usually a background launch file linked to an outdated or unsigned app.

Common causes include:

  • Old or unsigned apps, like legacy versions of Citrix Receiver, Docker, or Adobe tools.
  • Files left behind after migrating from an older Mac or restoring from a Time Machine backup.
  • Apps you thought you deleted but left behind helper files.
  • Third-party antivirus software (like Norton) that doesn’t fully remove the threat — or adds its own noise.

How to fix:

You’ll need to manually inspect three folders where launch agents and daemons are stored. These background helper files are often responsible for triggering the alert.

  1. Open Finder
  2. In the menu bar, click Go > Go to Folder…
  3. Paste each of the following paths one at a time, and open them in separate Finder windows:
~/Library/LaunchAgents
/Library/LaunchAgents
/Library/LaunchDaemons

Now you should have three Finder windows open — keep them on your Desktop for easy access.

See also: How to Find and Unhide the Library Folder on Mac

When your Mac is new, these folders are typically empty or contain just a few Apple-created files. Everything else was added later — usually by third-party apps you installed.

Common Legitimate Names to Look For:

Most well-known and trustworthy apps will use clear, recognizable names in their background helper files. If the file name includes the name of the app or its developer, it’s usually safe. Here are some examples:

  • Adobe (Acrobat, Creative Cloud, Photoshop)
  • Amazon (Kindle, Amazon Music)
  • Citrix (Receiver, Workspace)
  • Dropbox
  • Google (Chrome, Drive, GoogleSoftwareUpdate)
  • Microsoft (Office, OneDrive, Teams)
  • TeamViewer
  • Zoom
  • Spotify
  • VMware
  • Logitech (Logi Options, G HUB)
  • CanonEpsonHP (Printer/scanner utilities)
  • Mozilla (Firefox, Thunderbird)
  • Oracle (Java tools)
  • Parallels (Virtual machines)
  • Steam (Valve/Steam-related files)
  • BackblazeCarbonite (Backup software)
  • 1PasswordLastPassDashlane (Password managers)
  • Malwarebytes (if installed by you)
  • Rogue Amoeba (Audio tools like Loopback, Audio Hijack)
  • ElgatoCorsair (Streaming or gaming hardware support)

These are typically safe to leave alone.

What Suspicious Files Look Like:

In contrast, suspicious or potentially malicious files often use:

  • Random or jumbled characters (e.g., com.sys.jkApLeX64.plist)
  • Misspellings or slight name tweaks (e.g., Micros0ftUpdater or Go0gleUpdate)
  • Generic-sounding names that give no clue what they belong to

If the file name matches what you saw in the “Malware Blocked” alert, or it just looks off, that’s a good candidate for removal.

For example:

Let us say that LaunchDaemons folder looks like this:

Folder screenshot

You should remove the red ones in the rectangle:

Folder

Remove Suspicious Files (Safely)

If you’re comfortable troubleshooting on your own, here’s how to proceed:

1. Restart in Safe Mode

Safe Mode prevents unnecessary and potentially harmful processes from launching.

2. Move Suspicious Files to the Trash

While in Safe Mode:

  • Go back to the three Finder windows you opened earlier.
  • Drag any suspicious or unrecognized files to the Trash.

3. Restart Normally

After restarting, check whether the malware alert still appears.

  • If the alert stops, you’re done.
  • If it returns, you may have missed a file or misidentified something as safe — go back and repeat the process.

Tip: If you accidentally removed a legitimate file, you can open the Trash, right-click it, and select Put Backto restore it.

See also:

Dr. Serhat Kurt worked as a Senior Technology Director specializing in Apple solutions for small and medium-sized educational institutions. He holds a doctoral degree (or doctorate) from the University of Illinois at Urbana / Champaign and a master’s degree from Purdue University. He is a former faculty member. Here is his LinkedIn profile and Google Scholar profile. Email Serhat Kurt.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *