Built-in Protection for macOS

This article describes the built-in malware and suspicious application protection for macOS, Gatekeeper, xProtect. For additional, more detailed information on macOS security, refer to this Apple support article.

XProtect
XProtect is a built-in security feature of macOS, it is enabled by default on all macOS versions after 10.6. XProtect warns the user when they are opening a downloaded a file or application from the internet, and also keeps a list of malicious files (file signatures) to quarantine if they are ever introduced to the machine. Apple issues the updates for XProtect separately from regular OS updates, and on a more routine basis. By default, macOS checks for these updates daily. 

An example of an XProtect alert:

ScreenShot2020-05-28at8.17.16AM.png

Additionally, macOS has built-in malware removal capabilities (MRT) that can automatically remove malware even after it has been installed.

Gatekeeper
Gatekeeper is a built-in security feature of macOS, it is enabled by default on all macOS versions after 10.7. Gatekeeper prevents malicious applications from installing by verifying that downloaded applications come from a trusted source before allowing them to be installed on the device. You may be familiar with Gatekeeper alerts, as shown below.


gatekeeper-sierra-unidentified-developer.jpg

If Gatekeeper categorizes the application to be malicious, it will warn the user that installing the application could cause damage to the system, and will refuse to open the application. Users can manually override Gatekeeper if they choose, or choose more lenient settings that allow them to install unsigned applications. 

Learn more about Gatekeeper on Apple's support site, here, and here.

Web Browsing Protection
Safari for macOS has built-in security features to provide a secure browsing experience. The primary security feature is that Safari can alert the user when they've browsed to a "fraudulent website."

To learn more about this feature and for steps on ensuring that it's enabled, see this Apple support article.




Keywords:Malware protection macOS mac apple protection antivirus application installation   Doc ID:102041
Owner:Oakes D.Group:Office of Cybersecurity
Created:2020-05-13 08:57 CDTUpdated:2020-07-06 08:17 CDT
Sites:DoIT Help Desk, Office of Cybersecurity
Feedback:  0   0