XProCheck: a new utility to inspect anti-malware scans

We all have our daily routines. Among mine are checking for macOS and security updates using SilentKnight, and forcing the App Store to reveal whether it has anything new. Unless you run third-party anti-malware products, you’ve probably left it to macOS to tell you if anything’s amiss. That all changes with XProtect Remediator.

As I explained yesterday, this new scanning system provided in macOS Catalina and later gets on silently with its job. If it does find malware, whether or not it’s successful in removing it, it doesn’t even post an alert or notification. Although that might seem odd when you get notifications and more for the most trivial if not annoying of reasons, that’s the way it’s designed. In Ventura you’ll be able to use third-party software to keep tabs on what XProtect Remediator does, but it isn’t as simple with older versions of macOS.

Now that I’ve added support for checking XProtect Remediator scans to Mints, it’s time for a new utility dedicated to the purpose: XProCheck. I was intending to add this as a feature to SilentKnight, but I don’t think they fit well together. Many of us will want to check malware scans every day or two, but may not wish to check for updates so often. So XProCheck is its own app.

Another important design choice is whether to try analysing or parsing scan results, perhaps to produce a neat scrolling table. The danger in doing that so early in a software product’s cycle is that the format and content of scan results are still likely to change, and, as they are undocumented, could change without warning. I’d hate for us to update to a new version of XProtect Remediator one day, only to find that XProCheck was broken as a result. For the time being, I’ve therefore settled with:

  • providing the full list of reported scan results, without altering them in any way, and
  • flagging with a warning sign any which might warrant your attention, as they don’t contain clear indications that no malware was detected.

I hope you agree that works well in practice.

XProCheck has only one real setting: how many days of log records you want to scan. If you run it once a day, leave that set at 1. Although it will ask for log records for as long as 30 days ago, macOS automatically ages out old log entries, and you’ll probably not find any older than a few days, depending on the rate that new entries are added. On quieter systems, you might get away with a weekly check, but my Macs tend to fill their logs too quickly for that to work.


Simply click the Check XProtect button, and a few seconds later XProCheck will list all reported scans over that period.


You can save that report to a text file, search it, change the text size, and copy it. It comes with a comprehensive Help document, which is also provided as a separate RTF document.

XProCheck version 1.0 for Catalina and later is now available from here: xprocheck10
from Downloads above, and from its Product Page. Note: version 1.1 is now available from its Product Page, and will be formally announced shortly.

I hope you find it useful, and welcome your comments and suggestions.