If the user shouldn’t notice it directly, Apple recently made a big effort under the hood to improve the malware detection capabilities of macOS. The researcher Howard Oakley follows the updates of the tools of the system fighting against malicious software: in a post of blog, he affirms that the OS knew more change at this level in 6 months than on the last seven years.
Apple added XProtect Remediator in mid-March with macOS 12.3: this new tool replaces MRT (Malware Removal Tool) and a first version of XProtect. The researcher therefore analyzed how this program acted on a Mac whose standby had been deactivated.
According to him, Remediator is much more aggressive than its predecessors. Where MRT was scanning the computer ” shortly after start-up and infrequently », this new tool launches scans of different modules much more frequently. The one dedicated to DubRobber (also called XCSSET) is 15 to 35 seconds long. It activates at least once every hour during periods of inactivity. Howard Oakley believes macOS protection is now “ as active as many commercial anti-malware products “.
The whole process is silent: the only way to check if the system has done anything is to consult the logs from macOS. However, there will be a change when moving to Ventura, as this information will be available to third-party software using the EndpointSecurity API.
These more frequent scans should now be in place on all Macs running macOS Catalina and later. If you have an older computer running Mojave (10.14) or older, it seems that the old MRT tool is no longer updated, so it’s highly recommended to upgrade to a newer machine.