Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple XProtect is now proactive with periodic malware scans

Malware illustration

Rather than scanning for malware when a Mac is started or an app is launched, Apple has quietly added a feature whereby it scans whenever a Mac is idling.

Macs have famously been less prone to viruses than PCs, but all computers — and all computer users — are vulnerable to malware. Without explicitly announcing it, Apple has taken a further step to block and remove malware from the Mac.

According to Howard Oakley on his The Eclectic Light Company blog, Apple introduced what's called XProtect Remediator in March 2021, as part of its then latest macOS Monterey update.

It's an update to the long-standing XProtect system tool, which Oakley says "was mainly used to check apps... against a list of signatures of known malware."

Now XProtect Remediator "consists of executable code modules which both scan for and remediate detected malware."

Oakley says it is seemingly a replacement for Apple's previous Malware Removal Tool (MRT). And while searching Apple's support site for "malware" does surface references to the MRT, those references have been removed from the actual support documentation.

This XProtect Remediator is also not referenced in the support documentation, and XProtect is described as being for the removal of malware once detected. However, Apple does now say that XProtect also helps with the identification of malware.

"These scans should now be taking place on all Macs running macOS Catalina and later, with the current XProtect Remediator installed," says Oakley. "They're most likely to take place when your Mac is awake but doing little other than background tasks, such as routine backups, and receiving incoming email as it arrives."

Oakley describes this repeated system scanning as a "big step forward."