Ventura Bug Disables Real-Time Security Software
Thomas Reed reports on the Malwarebytes Labs blog that a bug in macOS 13.0 Ventura blocks the real-time protection feature of Malwarebytes. The bug also affects other security software that requires Full Disk Access permissions. Apple is aware of the problem and says it will be fixed in macOS 13.1. In the meantime, Reed provides a simple set of steps for rescinding and resetting the Full Disk Access permissions for any affected software. Alternatively, just run scans in Malwarebytes or similar apps manually. We generally do not recommend the real-time protection features of anti-malware software because of performance and other user experience hits, but corporate security policies may not give you any leeway.
A question for those of you who run ‘real-time security software’. How often does this stuff find something?
(Now I understand the argument that “if it’s the first time, then that’s already too late.” But that gets into the decidability problem of “can’t find it” versus “wasn’t there”.)
These days my Acronis backup calls itself “Acronis Cyber Protect” and has some security features. I have a lot of test emails for testing my app Mail Archiver. Acronis took offence to some of them but that’s the extent of some years of using Acronis.
Rarely, but I’m probably not an average user. About the only time is when I’ve been aware of malware or PUPs that exist and purposely download them to test various security software that I maintain. It’s really not “too late” when it detects such items. The point of real-time protection is to prevent a downloaded file from infecting the computer.
I’ve used Sophos for many years. While I can’t recall it ever finding a virus, the web address filtering function has saved me from potentially dangerous URL typos and search engine clicks many times.
Reportedly, macOS 13.0.1 fixes this bug.