XProtect
E906659
XProtect is Apple’s built-in macOS malware detection and removal system that helps protect users by identifying and blocking known malicious software.
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
antimalware system
ⓘ
macOS security feature ⓘ malware detection system ⓘ |
| availability | built into macOS ⓘ |
| benefit |
provides baseline malware protection without third-party tools
ⓘ
reduces risk of malware infection on macOS ⓘ |
| category |
computer security software
ⓘ
endpoint protection ⓘ |
| configuration | not user-removable under normal conditions ⓘ |
| cost | free ⓘ |
| detectionMethod |
rule-based detection
ⓘ
signature-based detection ⓘ |
| developer | Apple Inc. ⓘ |
| feature |
blocks execution of known malicious software
ⓘ
integrates with Gatekeeper NERFINISHED ⓘ integrates with macOS quarantine system ⓘ receives malware definition updates from Apple ⓘ removes certain known malware ⓘ runs automatically in the background ⓘ scans downloaded files for known malware ⓘ |
| includedWith | macOS NERFINISHED ⓘ |
| introducedBy | Apple Inc. NERFINISHED ⓘ |
| operatingSystem | macOS ⓘ |
| partOf |
Apple security technologies
ⓘ
macOS security architecture NERFINISHED ⓘ |
| persistence | enabled by default on macOS ⓘ |
| platform | macOS ⓘ |
| primaryFunction |
malware blocking
ⓘ
malware detection ⓘ malware removal ⓘ |
| purpose |
identify and block known malware
ⓘ
improve macOS security ⓘ protect macOS users from known malicious software ⓘ |
| relatedTo |
Gatekeeper
NERFINISHED
ⓘ
System Integrity Protection NERFINISHED ⓘ XProtect Remediator NERFINISHED ⓘ |
| runsAs | system component ⓘ |
| scope |
known macOS malware
ⓘ
potentially unwanted software ⓘ |
| securityModel | built-in OS-level protection ⓘ |
| targetEnvironment |
consumer macOS devices
ⓘ
enterprise macOS deployments ⓘ |
| updateMechanism | automatic background updates ⓘ |
| updateSource | Apple malware definition servers ⓘ |
| userInterface | no dedicated graphical user interface ⓘ |
| vendor | Apple Inc. NERFINISHED ⓘ |
| visibilityToUser | mostly invisible during normal operation ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.