LockRattler 2.0: a quick check of more macOS security protection systems (update)


A few weeks ago, it was discovered that some brand new MacBook Pro computers had been shipped to users with SIP, one of the key mechanisms used to protect macOS from malware, turned off. Yet do you know, rather than just assume, that SIP is enabled on your Mac? What about XProtect? Are their data files up to date and giving your Mac the latest defences against malware?

Unless you’re prepared to rummage around in System and hidden folders, and type incantations into Terminal, you cannot answer those questions.

LockRattler is a simple and free app which checks some of the more important protection systems out. Decompress it, drop it into your Applications folder, run it, and click on its single button. It will then tell you the result of nine checks on those security systems:

  • whether SIP is enabled
  • whether XProtect assessments are enabled
  • the version numbers of your current data files for XProtect, Gatekeeper, Gatekeeper Disk checks, Kernel extension blocking, and Apple’s Malware Removal Tool (MRT)
  • whether you have FileVault disk encryption active
  • and finally (new for version 2), whether automatic software update is turned on.

It is available, complete with a simple PDF guide to its use, here: lockrattler32

To determine whether automatic software update is turned on, LockRattler has to call a command with root privileges. In order to do that, it will prompt you to enter your admin password.

Once you have run the checks, the Save results button at the foot of the window will be enabled, and you can write the results out to a text file (new for version 2).

The article which lists the current versions of those protection files (and more) is here.

LockRattler does not control or influence any of those security systems. It just checks them and lets you know how they are. That’s all.

I hope that it helps you.

9 January 2017:

By popular request, I have made a new version, 3.0, which was intended to run on El Capitan too. Unfortunately it does not, due to limitations in Apple’s Xcode SDK. After further investigation it appears unlikely that LockRattler in its present form will ever run on El Capitan, although if there is sufficient demand I could make a version in AppleScript: please let me know if you would really like that.

I have also worked through the code signing thoroughly and hope that it now runs properly first time after download. If it does not, you only need to use the Finder’s Open command to run it for the first time, and it should be fine from there. I apologise for these issues if you do encounter them, and will be chasing up why Gatekeeper seems to reject it on some occasions.

6 February 2017:

Updated to version 3.2.