Skip to content
Thoughtful, detailed coverage of everything Apple for 32 years
and the TidBITS Content Network for Apple professionals
11 comments

macOS’s New XProtect Remediator Now Regularly Scans for Malware

On his Eclectic Light Company blog, Howard Oakley has published an analysis of XProtect Remediator, a modular malware scanner that Apple built into XProtect in macOS 12.3 Monterey and backfilled into macOS 10.15 Catalina and macOS 11 Big Sur (see “Apple Releases iOS 15.4, iPadOS 15.4, macOS 12.3 Monterey, watchOS 8.5, tvOS 15.4, and HomePod Software 15.4,” 14 March 2022). XProtect Remediator consists of 12 modules that briefly but regularly scan your Mac for specific nasties during periods of low user activity. (XProtect has seemingly subsumed Apple’s original MRT—Malware Removal Tool—since one of those modules is MRTv3.) It’s unclear as yet what the user will see, if anything, when XProtect “remediates” (removes) malicious software, but it will likely happen silently in the background. Read Howard’s posts for the technical details and instructions on how to check if XProtect Remediator is running on your Mac manually—you could also use the latest version of his Mints tool or his new XProCheck utility.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 31 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About macOS’s New XProtect Remediator Now Regularly Scans for Malware

Notable Replies

  1. Does this mean that MalWare Bytes isn’t needed?

  2. Perhaps, but way too soon to know and since I don’t know your safe-computing habits, I wouldn’t be so bold as to tell you that.

    Apple’s past history with keeping up with malware is relatively bad. They have been slow to push out updates and for years did not consider adware to be an issue. Since the introduction of XProtect Remediator, updates appear to be occurring faster, but we will need to hear from some Malwarebytes users as to how effective this Apple solution is.

    If Malwarebytes continues to find infections for macOS Catalina+ users, then it’s probably worth keeping it.

  3. I can’t speak for Malwarebytes but I have never used a third-party malware scanner on a Mac and it’s never been an issue.

  4. I would say that it means a scanner running in the background all the time isn’t necessary. But I don’t think it’s ever been necessary on the Mac platform.

    Having Malwarebytes or some other similar scanner installed so you can perform manual scans on from time to time might give you some added peace of mind, but even that shouldn’t matter as long as you take reasonable precautions. For example:

    • Only download software directly from the publisher (e.g. Microsoft, FileMaker, Bombich Software, etc.) or from a trusted third-party app store (e.g. Apple’s app store). Don’t download/purchase from third-party app stores that don’t have a solid good reputation, including random “marketplace” sellers on sites like eBay and Amazon.

    • Only download via a secure connection (e.g. HTTPS) and check the security credentials to make sure the content is really coming from where you think it is coming from.

    • Don’t accept documents from untrusted sources if possible. If not possible, configure your apps (e.g. your office suite) to be as secure as possible (e.g. don’t run any macros/scripts, don’t use untrusted plugins, etc.)

  5. Thanks for the responses. I’ll continue with good practices

    Jerry

  6. This! I run a few different types of malware-detection tools on demand. None run continuously in the background.

    In all the years of using a Mac (1989-present) the only malware I have ever received was the WDEF virus back in the days of System 7 (or was it 6?). Ironically, WDEF had already infected the floppy disk that was used to install anti-virus software on all the office Macs.

  7. Looks like my Malwarebytes subscription is not going to be renewed in 4 weeks time.

  8. Followup on this: usually when Mac and Linux users run virus scanners, it’s less to protect their machines and more to prevent passing viruses to Windows users.

  9. Exactly the same for me.

  10. I would keep the app on my computer if I were you (actually, I’ve done just that) since you will still be able to run manual scans for free either periodically or to rule out malware when your Mac is acting strangely. That way you can help judge how well Apple is doing with it’s new effort.

Join the discussion in the TidBITS Discourse forum

Participants