Apple dramatically overhauls the Mac’s built-in anti-malware defenses

Howard Oakley at the Eclectic Light Company tracks updates to Apple’s anti-malware tools for Mac and finds they have undergone dramatic, but mostly silent changes over the last few months.

Apple dramatically overhauls the Mac's built-in anti-malware defenses

Andrew Cunningham for Ars Technica:

Apple began to include rudimentary anti-malware protections with macOS versions with Snow Leopard in 2009. Called “XProtect,” this system service downloaded and installed new malware definitions in the background in between major macOS security updates, mostly to protect against the installation of known, in-the-wild malware.

Since then, Apple has added multiple anti-malware features to macOS, though they’re not always branded that way. Gatekeeper, app notarization, System Integrity Protection, the Signed System Volume, and access controls for hardware and software are all, one way or another, about proactively protecting system files from being tampered with and making sure that installed apps do what they say they’re doing. Another under-the-hood tool, the Malware Removal Tool (MRT), acts more like a traditional anti-malware scanner, periodically receiving definitions updates from Apple so that it could scan for and remove malware already present on your system.

Since around the release of the 12.3 update for macOS Monterey, [Oakley]’s been tracking a new “” feature that has been added to Monterey, Big Sur (11), and Catalina (10.15). As mentioned in Apple’s most recent Platform Security documentation, this is a familiar name for a new app that replaces the old MRT. appears to scan for known malware much more aggressively than the MRT did.

“In the last six months macOS malware protection has changed more than it did over the previous seven years,” Oakley writes. “It has now gone fully preemptive, as active as many commercial anti-malware products, provided that your Mac is running Catalina or later.”

MacDailyNews Take: Basically, macOS now scans for malware whenever it gets a chance which makes the Mac even safer!

Oakley also reports that XProtect and the MRT are also being updated in macOS versions as old as El Capitan (10.11), originally released in 2015. Read more here.

Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!

Shop The Apple Store at Amazon.


    1. Sadly the majority of comments here now are from extreme right wingers complaning about libtards. But I really appreciate the Mac security 🙂

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.