El Capitan’s XProtect extends its coverage beyond simple malware, to block a long list of incompatible kernel extensions (which I will discuss in another article), and a rather shorter list of undesirable Safari extensions.

The current release of XProtectPlistConfigData, which is updated silently, is that of 9 July 2016. For some unaccountable reason, Apple has left its version number fixed at 1.0 since its original release.

Safari extensions are normally installed in /Library/Safari/Extensions, and controlled in the Extensions pane of Safari’s Preferences. XProtect specifies them using their bundle and developer identifiers, and there is currently no simple way to convert between those and the names which might appear on the extension itself. Many of these are normally distributed as installCore distributions, which are documented on Wikipedia.

The current list includes:

com.adobe.flash – poses as Adobe Flash Player, which should be installed in a different folder (/Library/Internet Plug-ins) in any case

com.app65867 – no details found

com.codec.extension – no details found

com.defaultsearch.safariext – a browser hijacker, further details not found

com.diigo.safari.awesomeScreenshot – screenshot tool which is likely to be unwanted, home page here

com.eliaho.safari – unwanted search replacement, details here

com.genieo.safari – Genieo adware, detailed here

com.gold.safari – no details found

com.jbsearch.safariext – a browser hijacker, further details not found

com.leperdvil.safari – Leperdvil is adware used to charge software installations, and can sometimes bring malware with it, as detailed here

com.mtsearch.safariext – a browser hijacker, further details not found

com.nariabox.safari – adware and browser hijacker, details here

com.optimalcycling.safari.popupblocker – an old version of Optimal Cycling’s Better Pop Up Blocker

com.portsayd.safari – adware and replacement search, details here

com.rohit.MacMInSale – no details found

com.searchconnect.safariext – adware

com.searchnt.safari – a browser hijacker, information here

com.searchtrust.safariext – SearchTrust Safari Extension, an InstallCore extension sometimes delivered with updates, detailed here

com.smokycap.safari – Smokycap adware, which can sometimes bring malware with it, as detailed here

com.spigot.safari.searchme, com.spigot.safari.ebayshopassist and their relatives – Spigot adware, details here

com.tabgreg.safariext – no details found

com.zako.chatzum – ChatZum adware which is also a browser hijacker, detailed here and here

info.searchquick – adware for ‘Search Quick Now’, information here

info.trovi – a browser hijacker which can change default homepage and search engine, detailed here