Used by two of XProtect’s malware detection features, Yara rules are valuable way to check whether files satisfy a logical condition, and more.
yara
Over the last 6 years, XProtect’s Yara rules for detection of malware have increased by a factor of 4, and they now take over 22 times as much space. Here are the numbers and charts.
Scans used to take just a few minutes, but even on a fast M4 Pro now usually take more than half an hour. What is XProtect Remediator up to?
In Sequoia, XProtect’s data is now updated in a different way. Does this change its capabilities, though? A quick dip into YARA files has the answer.
Until two years ago, Apple’s Malware Removal Tool, MRT, was all that macOS had to deal with any […]
In the first 6 weeks of this year, Apple has released 5 updates to XProtect containing 11 completely new detection rules for malware. Why?
Two readers reported odd warnings when checking macOS malware scans. Are they significant, or errors? And what are the differences between XProtect and XProtect.app?
Where to find its data files, what each contains and does, when XProtect is called to scan software, and a list of known malware it should detect.
Apple’s pushed update to XProtect’s data a couple of days ago is one of the most substantial since […]
The Eclectic Light Company 