Monday, August 15, 2022

XProtect Remediator

Howard Oakley:

Recent versions of macOS have come with two tools designed to detect malware and deal with it, by ‘remediation’: XProtect and MRT. This year they have been joined by a third, or XProtect Remediator, and Apple has dropped all references to MRT in its Platform Security Guide.


Indications are that XProtect Remediator includes the functionality of MRT, together with rapidly improving and extending support for the detection and remediation of other malware. As with XProtect and MRT, Apple conceals the identity of the malware handled by XProtect Remediator using code names, including GreenAcre, SheepSwap, SnowBeagle, SnowDrift, ToyDrop and WaterNet, although its initial executables remain named after known malware families such as Adload and Geneio.


Although Mojave and older versions aren’t unsupported, new and changed malware which isn’t reliably detected by XProtect’s updated signatures is likely to pass unnoticed on those older macOS, putting those Macs at increasing risk.


Comments RSS · Twitter

Leave a Comment