What I tried and did not remove the threat (confirmed by repeat Bitdefender scans)
despite having administrator privileges and using “show hidden files” in Finder, I am unable to open the /Library/InstallerSandboxes/.PKInstallSandboxManager/ folder, and all efforts to unlock the folder via File → info which did not work despite the face I have read and write privileges.
reboot in safe mode
clear all caches (using Clean My Mac)
I never access shady or suspicious web sites, and I always have Bitdefender running.
thank you very much. Is this to be able to access folder contents in safe mode ? Is this dangerous if I have a potential virus and disable protection (probably a very naive question) ?
thank you very much for thinking about my problem.
I am following your instructions, and can’t understand why in recovery → terminal mode, neither of the two “authorized user” names are accepted, although I tried many times, checked the spelling and tried with and without quotes. Would you have an idea ? thanks again very much
Care to elaborate on what this means? My interpretation of that statement is that they have acknowledged that is a false positive, and that they tweaked their definitions to eliminate it. If this is a false positive the correct action on their part is to adjust their definitions and scanning so that it doesn’t happen, not to force you to delete a file that isn’t a problem.
That response from Bitdefender “support” doesn’t answer the question of whether this is a false positive or not.