Hello everyone,
we are developing a software that is supposed to prevent unwanted file modifications in user-specified directories to protect their private data (ransomware shield).
We would like to allow system apps like Finder to have access as it is of course not a ransomware. Unfortunately Finder and other Apple apps can be instrumented via Apple Script to modify contents of directories so we can't trust it without creating a security issue.
Several questions came out and I can't find the answers:
1. Is there a reliable way to detect that an application is doing something based on Apple Script instrumentation and not user action?
2. Would it be sufficient to test that an osascript instance exists in list of processes? I suppose osascript is just a front-end for some framework so it is not enough.
3. Can Apple Scripting be disabled?
I am concerned with OS versions 10.9+ and will really appreciate any help.
Best regards,
Jakub