Skip to main content

macOS is getting even better at scanning for malware – here’s how

MacBook Pro 16-inch 2021 sitting on a patio table
(Image credit: Future)

Apple has made a significant change when it comes to how newer versions of macOS protect Macs from becoming infected with malware.

As reported by Ars Technica (opens in new tab), anti-malware software on Mac runs in the background and isn’t visible to end users the way that Microsoft Defender is on Windows. 

Apple first began including anti-malware protection back in 2009 through a system service called XProtect. The service itself downloaded and installed new malware definitions in the background in order to help protect Mac users from known and prevalent malware.

In the years since, Apple has bolstered macOS with multiple anti-malware features including Gatekeeper, app notarization, System Integrity Protection, Signed System Volume and access controls for hardware and software. All of these features help prevent system files from being changed and ensure that the apps installed on your Mac aren’t doing anything sneaky behind the scenes.

Apple also includes its Malware Removal Tool (MRT) in macOS which functions like a traditional malware scanner. It’s periodically updated by the company so that it can scan for and remove any malware that may already be on your Mac.

A silent revamp and more frequent scans

According to a new blog post (opens in new tab) from Howard Oakley at the Eclectic Light Company though, Apple’s anti-malware tools have seen a significant change over the last few months.

Following the release of macOS Monterey 12.3, Oakley has been tracking a new “XProtect.app” that has been added to the operating system. However, it’s also been added to macOS Monterey, Big Sur (11) and even Catalina (10.15).

Based on a support document (opens in new tab) from Apple, this is a brand-new app that replaces the old one and scans much more frequently for known malware. Oakley even says that the new XProtect app is “as active as many commercial anti-malware products”.

After testing the new XProtect app on a Mac with sleep disabled, Oakley found that it scans for malware at least once per day in the background “during periods of low user activity”. However, it can scan more than once a day and individuals who are the most at risk will have their systems scanned more frequently.

Mac antivirus software is worth considering for additional protection

Mac antivirus

(Image credit: Avast)

Although Apple’s built-in security software can help protect your Mac, you may want to install one of the best Mac antivirus software solutions as well. 

While XProtect and Gatekeeper do a great job of scanning for and removing known malware, Mac antivirus programs can quickly spot new malware strains and even double check suspicious files that were signed with an Apple developer ID. At the same time, many Mac antivirus software makers throw in a number of extras like a password manager, VPN, firewall, browser extensions and more. 

If you want to rest easy knowing your Mac won’t become infected with malware or other viruses, this is the best way to go.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.