What is Reddit's opinion of KnockKnock?

From 3.5 billion Reddit comments

Run KnockKnock by Objective-See, to see what's persistently installed on your Mac, like login items, scripts, etc.. It has an integrated VirusTotal check for all found items. It doesn't run in the background or insert itself in the system like a usual anti-malware app would. It's more like a system analyzer (think EtreCheck) with a priority for security.

You might download and run EtreCheck or KnockKnock to see if anything looks odd or unwanted. Both are freeware and very handy.

Otherwise, like Atello noted, it may be that these are temp folders.

Scanned with what? Antivirus scanners will only catch what they’re told to catch. You may want to look more closely at your startup apps and daemons: https://objective-see.com/products/knockknock.html

KnockKnock will give you VirusTotal scores as well. But be on the lookout for suspicious items regardless of detection or score.

If in doubt, reset back to a clean slate for peace of mind.

Also you likely already know this, but avoid re-using passwords between sites and services. That’s the main way things like this get lateral movement

KnockKnock (and honestly any app by Objective-See) is great for removing cruft, although it is geared more towards IT people than end-users.

1. What exactly do you mean by factory reset? If you erased and reinstalled MacOS (as described here) then yes, this will be sufficient.
2. If he installed a RAT he could potentially have had access to everything. And yes, if he has the skills he could also have used the laptop as a gateway to your home network.
3. If you have erased and reinstalled the OS it's too late for forensics.

To prevent this kind of thing from happening again: create a separate administrator account and demote your regular account to standard user (you can still perform administrative tasks, but the OS will ask for the admin credentials when necessary). Don't share the admin password with anyone. This makes it much harder to install persistent malware. If anyone else has accessed your account, use the utility KnockKnock to check for any unauthorized autorun software. Also, activate Filevault encryption if you haven't yet.

Yes, you need to keep the Terminal window open.

You could also try using KnockKnock to investigate the applications and processes that are automatically executed by macOS.

Try a different browser, you could have screwed up safari or whatever browser you're currently using. Other case is that you've got a virus (oh spooks oh no). I'd recommend using knockknock to check for safari extensions (if it finds anything highlighted in red you've got yourself a problem) and then using malwarebytes (free edition obviously) to run a scan and get rid of it.

KnockKnock [https://objective-see.com/products/knockknock.html] can detect shady software. And it’s free.

But PLEASE sir. Don’t be stupid. DONT install executable code from a torrent site. That’s the WORST thing you can do, since you have no idea what the code contains.

KnockKnock is a good tool for seeing exactly what is persistently installed and using resources on your Mac. Let it scan and see if you've missed anything that needs to be uninstalled.

Test whether the key combination works on macOS Recovery. (It's possible to open Safari on macOS Recovery.) If it does, then the cause of the problem is probably some third-party software running in the background and intercepting certain key presses. You can use KnockKnock to ascertain what third-party software is automatically run when macOS boots or you log in to macOS.

Looks like a launchdaemon is starting up a process but it doesn't have a valid certificate. Boot into safe mode and find an update to "cereng" or whatever is throwing up that dialog. If you don't know what it is, install Knock Knock and scan it.

Reinstalling can work too but you would have to wipe everything first. If you have a time machine backup you'll be restoring from, don't restore anything outside of your home folder.

It's an adware downloader ("Shlayer" Trojan) . Here are the VirusTotal results. Here's a semi-comprehensive guide to removing it. The one you got is a newer version than the one in the article (this one was assembled May 29th) so the file names that need removing have probably changed.KnockKnock will really simplify this for you, just run a scan and delete anything you find suspicious, it won't break anything. And check the browser settings, especially Chrome, you may see that it installed adware extensions there as well.

I used KnockKnock and i think all versions of ZII contain this positive.
u/selosse should explain what it does just to clarify the situation with users.

Install "knockknock" from objective-see:

https://objective-see.com/products/knockknock.html

Objective see site is made by a former NSA hacker

Or he understands "Mac security".

Also try etrecheck (recommended by Apple support)

https://apps.apple.com/nl/app/etrecheck/id1423715984?l=en&mt=12

And the free version of Bitdefender can scan for this shit too. It can do the same as Malwarebytes.

https://apps.apple.com/nl/app/bitdefender-virus-scanner/id500154009?l=en&mt=12

You can open Console whenever you notice a bad slowdown or kerneltask going crazy. If you can consistently reproduce the issues you’re having, open Console before so you can capture all the events happening from the beginning.

You shouldn’t be affected by a lingering Chrome plugin. However, you can use Knock Knock or MalwareBytes to scan for malware if you think you installed any suspicious plugins in the past.

Do you notice a slowdown happening consistently with any app(s)? Any specific AU/VSTs that always cause kerneltask to freak out? If you restart, does your dedicated GPU show again under About Mac?

You can relax; it's unlikely that you have been infected by malware. I've gone down this rabbit hole as well after finding a bunch of worrying messages in my logs. My conclusion was that sometimes software is just buggy. Regardless, I would create a backup and perform a clean install: it never hurts to be safe, additionally, software rots and accumulates cruft over time so it's nice to start fresh.

I'd suggest trying Console.app to explore and view the logs. You can display <private> fields by running the following command from the terminal:

$ sudo log config --mode "private_data:on"

You may also try running KnockKnock, and check if there's any weird items on there.

You can also try an application called KnockKnock https://objective-see.com/products/knockknock.html it will tell you all of your startup services and applications and may show you if they have installed any monitoring tools on your mac (useful for finding malicious software and such you may not be aware of) awesome utility of course you won't be able to see what is being sent out of your machine and being monitored by an external service such as a proxy server etc.