Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals

macOS’s New XProtect Remediator Now Regularly Scans for Malware

On his Eclectic Light Company blog, Howard Oakley has published an analysis of XProtect Remediator, a modular malware scanner that Apple built into XProtect in macOS 12.3 Monterey and backfilled into macOS 10.15 Catalina and macOS 11 Big Sur (see “Apple Releases iOS 15.4, iPadOS 15.4, macOS 12.3 Monterey, watchOS 8.5, tvOS 15.4, and HomePod Software 15.4,” 14 March 2022). XProtect Remediator consists of 12 modules that briefly but regularly scan your Mac for specific nasties during periods of low user activity. (XProtect has seemingly subsumed Apple’s original MRT—Malware Removal Tool—since one of those modules is MRTv3.) It’s unclear as yet what the user will see, if anything, when XProtect “remediates” (removes) malicious software, but it will likely happen silently in the background. Read Howard’s posts for the technical details and instructions on how to check if XProtect Remediator is running on your Mac manually—you could also use the latest version of his Mints tool or his new XProCheck utility.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About macOS’s New XProtect Remediator Now Regularly Scans for Malware

Notable Replies

  1. Does this mean that MalWare Bytes isn’t needed?

  2. Perhaps, but way too soon to know and since I don’t know your safe-computing habits, I wouldn’t be so bold as to tell you that.

    Apple’s past history with keeping up with malware is relatively bad. They have been slow to push out updates and for years did not consider adware to be an issue. Since the introduction of XProtect Remediator, updates appear to be occurring faster, but we will need to hear from some Malwarebytes users as to how effective this Apple solution is.

    If Malwarebytes continues to find infections for macOS Catalina+ users, then it’s probably worth keeping it.

  3. I can’t speak for Malwarebytes but I have never used a third-party malware scanner on a Mac and it’s never been an issue.

  4. I would say that it means a scanner running in the background all the time isn’t necessary. But I don’t think it’s ever been necessary on the Mac platform.

    Having Malwarebytes or some other similar scanner installed so you can perform manual scans on from time to time might give you some added peace of mind, but even that shouldn’t matter as long as you take reasonable precautions. For example:

    • Only download software directly from the publisher (e.g. Microsoft, FileMaker, Bombich Software, etc.) or from a trusted third-party app store (e.g. Apple’s app store). Don’t download/purchase from third-party app stores that don’t have a solid good reputation, including random “marketplace” sellers on sites like eBay and Amazon.

    • Only download via a secure connection (e.g. HTTPS) and check the security credentials to make sure the content is really coming from where you think it is coming from.

    • Don’t accept documents from untrusted sources if possible. If not possible, configure your apps (e.g. your office suite) to be as secure as possible (e.g. don’t run any macros/scripts, don’t use untrusted plugins, etc.)

  5. Thanks for the responses. I’ll continue with good practices


  6. This! I run a few different types of malware-detection tools on demand. None run continuously in the background.

    In all the years of using a Mac (1989-present) the only malware I have ever received was the WDEF virus back in the days of System 7 (or was it 6?). Ironically, WDEF had already infected the floppy disk that was used to install anti-virus software on all the office Macs.

  7. Looks like my Malwarebytes subscription is not going to be renewed in 4 weeks time.

  8. Followup on this: usually when Mac and Linux users run virus scanners, it’s less to protect their machines and more to prevent passing viruses to Windows users.

  9. Exactly the same for me.

  10. I would keep the app on my computer if I were you (actually, I’ve done just that) since you will still be able to run manual scans for free either periodically or to rule out malware when your Mac is acting strangely. That way you can help judge how well Apple is doing with it’s new effort.

  11. I wonder if the recent (Sep 7) update to XProtect referenced at Eclectic Light’s website is the reason for my MacBook 2015’s hesitation (for what feels like at least 45 seconds) at the 50% mark on boot? Maybe it’s doing a full scan of my computer? And I already know that the poor laptop has a terribly underpowered CPU.

    It was listed as a patch of Safari, but ever since, I’ve had really slow restarts and reboots.

  12. The XProtect Remediator was introduced way before the Safari security patch, so I doubt that a simple update to it would be the cause. In fact it fixes a bug that was responsible for several error messages being written to the System log, so it should have slightly improved boot time, though I doubt it would even be perceptible.

    Howard gave us a new XProCheck app last week that makes it easy to see what XProtect Remediator is doing, so you can see for yourself how much time is being consumed by it during boot up.

Join the discussion in the TidBITS Discourse forum


Avatar for jcenters Avatar for alvarnell Avatar for jwking Avatar for tidbits43 Avatar for fischej Avatar for Shamino Avatar for dsh1705 Avatar for drmoss_ca Avatar for david_blanchard