LockRattler: a quick check of macOS security protection systems

A few weeks ago, it was discovered that some brand new MacBook Pro computers had been shipped to users with SIP, one of the key mechanisms used to protect macOS from malware, turned off. Yet do you know, rather than just assume, that SIP is enabled on your Mac? What about XProtect? Are their data files up to date and giving your Mac the latest defences against malware?

Unless you’re prepared to rummage around in System and hidden folders, and type incantations into Terminal, you cannot answer those questions.

LockRattler is a simple and free app which checks some of the more important protection systems out. Decompress it, drop it into your Applications folder, run it, and click on its single button. It will then tell you the result of eight checks on those security systems:

  • whether SIP is enabled
  • whether XProtect assessments are enabled
  • the version numbers of your current data files for XProtect, Gatekeeper, Gatekeeper Disk checks, Kernel extension blocking, and Apple’s Malware Removal Tool (MRT)
  • and finally whether you have FileVault disk encryption active.

It is available, complete with a simple PDF guide to its use, here: lockrattler32

The article which lists the current versions of those protection files (and more) is here.

LockRattler does not control or influence any of those security systems. It just checks them and lets you know how they are. That’s all.

I hope that it helps you.

9 January 2017:

I have updated the download to provide the latest version 3.0, which should pass through Gatekeeper’s check properly, and has other improvements. However, I am afraid that it still only runs on Sierra, and my attempts to get it to run on El Capitan have been defeated because of limitations in Apple’s Xcode SDK. Sorry.

6 February 2017:

Updated to version 3.2.