What to expect of XProtects?
The last year has brought unexpected changes in the three XProtects that macOS uses to defend itself from malicious software. As we reach the end of Sequoia’s term in office and prepare for macOS 16, this article takes stock of how they have changed since WWDC last June, and what might be coming in the next year.
Prior to 2022, there was only one XProtect, and that’s the scanner used on demand by Gatekeeper to check code a Mac is about to run, to determine whether it contains known malware. That dates back to El Capitan at least. There was also Apple’s Malware Removal Tool (MRT) that checked our Macs after each startup, but in 2022 that was retired in favour of the new XProtect Remediator for macOS from Catalina onwards. This should run in the background every 24 hours, scanning for known malware and removing any it discovers. Apple added a third form of XProtect in the summer of 2023, which uses a set of Bastion rules to look for suspicious behaviour. Unlike the other types of XProtect, this is currently used primarily to gather intelligence for Apple’s security team, rather than for taking action locally.
XProtect (classic)
macOS Sequoia has brought the most substantial changes to XProtect, in particular the location of its malware detection rules and how they’re updated. Previous versions of macOS continue to use the rules embedded in a Yara file in /Library/Apple/System/Library/CoreServices/XProtect.bundle, but in Sequoia that file is now in /var/protected/xprotect/XProtect.bundle, where it’s updated over a connection to iCloud, rather than from Apple’s software update servers.
macOS Sequoia features a command tool, xprotect, to help manage iCloud updates. At first this could use an update installed from the software update server to update its new location, but that ceased working some time ago, and currently the only way to update XProtect in macOS 15 depends on what can be downloaded from iCloud.
This new update mechanism opens up several opportunities for XProtect in the future:
separate data for Sequoia, to support a more capable classic XProtect;
more timely and frequent data updates;
resilience during other major software updates, when servers may be extremely busy.
None of those seems to have been realised yet, and with the exception of two test iCloud-only updates last September, updates have remained identical with those for macOS 14 and earlier. Indeed, far from being more timely or resilient, the requirement to make updates available on two services has led to delays in them being provided for Sequoia, surely the opposite of what was intended.
Users who take any interest in whether their Mac is kept up to date have become thoroughly confused when Sequoia downloads and installs an update from the software update service, but their local XProtect continues to use data from the previous release. That’s because updates installed by Apple’s regular servers go into the old location, where they remain unused by XProtect, which in Sequoia uses only data in the new location, updated from iCloud.
Meanwhile, the Yara rules on which XProtect depends to detect malware have continued to grow. A year ago, in XProtect 2195 of 28 May 2024, the Yara file was 288 KB and contained just over 300 rules. In the latest version 5298 released earlier this week, the Yara file is 953 KB and has over 380 rules.
XProtect Remediator
Following many updates to the scanning modules in XProtect Remediator (XPR), development appears to have settled down, with only ten updates released over the last year. This doesn’t mean that it has become any less effective, though, as some of its scans use the Yara file provided for classic XProtect.
What many have noticed is that XPR scans are often terminated before they complete, with a warning that the Adload (or another) plugin was cancelled. This is the result of scans now being allocated a time period to complete, when they would earlier have taken over 30 minutes, presumably as a result of the growing number of Yara rules. Apple is aware of this, and has presumably accepted this as the best compromise in the circumstances. Thus XPR appears to have attained maturity last year.
XProtect Behaviour (Bastion)
Bastion rules used for behavioural detection of potentially malicious activity are included inside XPR updates. A year ago there were 11 such rules, covering activities such as creating or writing to hidden files with names starting with a . (dot/period) in the /Users/Shared/ folder (rule 10). Over the last year a further two rules have been added, the 13th and last on 4 March 2025. We can only presume that this continues to provide Apple with useful intelligence.
Summary
Classic XProtect is likely to continue to be updated most frequently, to keep pace with changing threats, and hopefully should make better use of its new iCloud update service in macOS 15 and 16.
XProtect Remediator is likely to continue to be updated monthly.
XProtect Behaviour’s Bastion rules may see further infrequent updates inside XProtect Remediator updates.
