I believe I have too much security on my mac. Whenever I try changing a file name or install a program I have to enter my laptop's password. Moreover, I cannot quickly access downloaded programs because they are from unidentified developers, and I must right-click > open in order for me to run them. That is really frustrating. Do I need to my laptop to be THAT secure (due to recent malware attacks on Macbooks ? ) Can I chance the settings to have it a bit more flexible ? Platform : Mountaion Lion Retina Macbook Pro

I use ClamAV on Monterey. Previously installed it using Homebrew, and so far it works OK, like sudo freshclam to update the signature database, or clamscan to scan an USB disk. Now I switched to MacPorts, and after installing ClamAV and editing it's config (/usr/local/etc/clamav/freshclam.conf): # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) DatabaseDirectory /var/lib/clamav # Path to the log file (make sure it has proper permissions) # Default: disabled UpdateLogFile /var/log/freshclam.log Let's try to update the signature database: $ sudo freshclam ERROR: Failed to open log file /var/log/freshclam.log: Permission denied ERROR: Problem with internal logger (UpdateLogFile = /var/log/freshclam.log). ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! Running ls -la at /var/log gives this: -rwxr-xr-x 1 root wheel 0 Sep 20 21:12 freshclam.log What's wrong here? I thought sudo freshclam is enough for gaining the required permission?

In my Screen Time on my Apple account, I'm seeing 24 hours a day over the last few weeks of accessing "https://ybb-network.com/ ". Screen Time confirms this is coming from my Mac Laptop. I assume this is some kind of malware. Any suggestions on how to find the source of the malware and remove it? Obviously I'd love to find the true source of the problem. UPDATE: I downloaded the free trial of Malwarebytes, based on the recommendations here and after reading in several places that it's a trustworthy app. It found a few "threats" in its scan: I pressed the "quarantine" button on these, and I checked my browser extensions in Safari and Chrome, but I'm not seeing anything suspicious. Any other advice on how to remove them?

First, I feel kind of dumb -- I know *never* to click on questionable links. But a friend* sent me an email message to my iPhone 11 (iOS 17.4.1) with a link to a website with a picture of them. They're reasonably well known, so I thought, well, it could be, so I clicked. Safari brought up a screen saying the site was questionable. For some reason (fatigue?) I clicked on the link that said "show IP address" (I think that is what it said). I clicked on that and Safari showed a blank grey screen and said (as best I remember it) "can't open the site". I don't know, of course, with 100% certainty that this was Safari saying this, or whether it was the spoof site. Safari also offered me (at the top of the screen) the chance to "reduce protection" (I have whatever enhanced protection the latest iOS offers enabled). This is a legitimate thing Safari does sometimes when a site won't load. I don't *believe* I clicked "reduce protection". At that point the blindingly obvious made it's way through to me: that this site was bad. I quickly closed the tab. (The speed with which I did all of this, including backing out of the whole thing, is the reason I'm so vague when I describe my actions above: the whole thing lasted 10 seconds). Clearly this was an attempt to do something questionable to me. I know that on my computer I can run an anti-virus check program. But I have no idea how much risk I am at on my iPhone. And how to check to make sure nothing made its way down to me. Given my memory of what happened, it seems unlikely that anything happened, since it *seems* I never made a full connection to the site. But I can't be sure. Since my entire world is on my phone, I'd like to be sure that all is well. What, if anything, can I do, to make sure all is well. Is there any anti-virus software I should run, or does iOS provide its own protection? I have Apple Pay on the phone. Is there any way to "hack" into that? (Forgive my ignorance -- I am a programmer, so not un-tech-savvy, but cybersecurity and payment schemes are beyond my paygrade). *Narrator: "It wasn't his friend" :-)

I'm using a MacBook for C/C++ development and I'm creating a lot of native executables with clang. While running some of those (mostly those that are on the bigger side - around 500 MB), I can see a bit of a delay when I run them for the first time, and I see XProtectService process use CPU in Activity Monitor. As far as I understand, this is supposed to be some kind of security check; but since I created those executables myself, I'd like to skip it. Is it possible to disable XProtectService for a given folder with binaries?

This morning I received a notification that after visiting some adult websites, 27 viruses have infected my phone (iPhone XR with iOS 17.3), that they would destroy my SIM card and delete my contacts. (I assume to most people that would be laughable). To handle this threat I should install an app named “Spyshield” from the App Store, a link was provided and actually works. So there is an app on the store that tries to get customers through scamming people. I’ve sent one message to apple support. I can’t report them on the App Store because I didn’t download the app. I can’t leave a review for the same reason. What is the best way to make their behavior uneconomical or get their app removed?

I uninstalled AVIRA Free Antivirus program (under current Catalina macOS), but one file "com.avira.scanservice.systemextension" couldn't be deleted because I don’t have the necessary rights. After uninstalling and reinstalling AVIRA several times and trying many other tips from the support site, the "com.avira.scanservice.systemextension" process is still running. I've already wasted many hours. Please help me, dear experts, to delete this stubborn "com.avira.scanservice.systemextension"! Many thanks in advance.

I have a MacBook Air (macOS 12.6.7) that I travel with and use in public places. Is there a way to prevent a USB drive (or any other external physical network connection via cable) from becoming operational (able to execute something via a connection to my Mac)? At least without requiring my password? I've tried Google searched on this but the best I can find is anti-virus software. Maybe that's enough, but I thought it would be nice to prevent a potential infection in the first place by blocking the connection.

From what I know, Catalina does not appear to be getting many updates? Is XProtect updated in the background on Catalina, or is it now out of date? If it is out of date now, would a virus/malware scanner, even a free one, mitigate associated risks?

This 10.5 gb folder titled "payloadv2" located in "mac os Install Data" has me concerned. It contains many archive split files. A quick google search only brought up a single result where it was believed to be a virus. Can anyone verify this? Here's the pathname: /System/Volumes/Data/macOS Install Data/UpdateBundle/AssetData/payloadv2

The aim is to prevent even root users from uninstalling our app on their mac. Apparently, many security applications have this sort of functionality wherein a user(even with root privilege) can not uninstall or tamper with the agent on their machine. I tried tampering/deleting an antivirus app on **Catalina** but I failed and noticed a few interesting things: 1. It has a kernel extension. But I can not remove the kernel extension(as root).

#kextunload /Library/Extensions/xxx.kext
    (kernel) Kext com.xxx.kext did not stop (return code 0x5).
    (kernel) Kext com.xxx.kext can't unload - module stop returned 0xdc008017.
    Failed to unload com.xxx.kext - (libkern/kext) kext (kmod) start/stop routine failed.

2. The application is installed in /Library directory rather than the usual /Applications directory.

drwxr-xr-x 7 root wheel 224 Oct 28 14:40 xxxx The folder does not have any extended attributes. **I can not delete this folder or any of its subfolders and getting permission denied error even as root.** 3. The app has a bunch of launchdaemons but I can not remove them (again tried as root) #launchctl remove com.xxx.xxx. Not privileged to remove service. 4. Tried killing the processes, again operation not permitted. 5. The app comes with an uninstaller which can somehow uninstall the app, but it needs a special password (separate from system password) to be entered to work Many of Apple's own apps and services have this sort of behavior but they come with the system and are backed up by System Integrity Protection. > How can a third-party app achieve this sort of behavior? This is not unique to this particular application but antivirus have similar sort of features. Any insight on how to achieve this.. Note: Ours is an enterprise app that will be installed on machines owned by the companies and managed by IT but end users will have root access on their machine.

I need your help: it happens quite often to me that I have to mount drives coming from the most diverse sources and, sometimes, with quite a high risk of being infected with god knows what. As a consequence I deactivated auto mount and I usually format them before mounting them if I do not need to access their content, it is nonetheless quite common for me to need their content: I was wondering if there was any software able to scan them before mounting them; I remember that when I was on windows some antivirus were able to do so (probably mounting them to some sandbox I suppose) and I was wondering if there was any alternative software able to do so on MacOS. Thanks

I read this [Apple Support page](https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/web) that they use XProtect to scan for known viruses. I cannot find any evidence that XProtect is getting new definitions or scanning anything. Where can I find the logs and if it's in unify then how do I persist them? How do I know Apple really scans for known malware and isn't just making that claim?

Are Mac systems immune to viruses and malware? Do I need to install software to protect macOS just like we do for Windows?

I'm running Little Snitch to catch real-time transmissions, but I do want to scan at off-hours for latent problems. Which of the best anti-virus products support scan-only with all real-time checking disabled? I was running Sophos but their real-time checking cannot be 100% disabled despite turning it off (they confirmed, and you can see it running non-stop in Activity Monitor, and it was slowing down development). Thanks.

**ref:** Consent needed to enable ENSM Firewall 10.7.5 and later This system extension was left over from a McAfee LiveSafe install that I had removed using the provided uninstaller. I had to disable it from Network Settings to prevent the hard crashing that began to occur after installing another antivirus product. I eventually removed it completely with the **-** button. **system.log** is flooded with these entries Sep 29 19:54:25 macbroke com.apple.xpc.launchd (GT8P3H7SPW.com.mcafee.CMF.networkextension): Service only ran for 0 seconds. Pushing respawn out by 10 seconds. There were some *mcafee* entries left over in **disabled.plist**, so made sure to disable them $ grep -rnw '/var/db/com.apple.xpc.launchd/' -e "mcafee" /var/db/com.apple.xpc.launchd//disabled.plist:7: com.mcafee.genutility /var/db/com.apple.xpc.launchd//disabled.plist:17: com.mcafee.datupdate /var/db/com.apple.xpc.launchd//disabled.plist:19: com.mcafee.virusscan.fmpd /var/db/com.apple.xpc.launchd//disabled.plist:21: com.mcafee.productupdate I was also able to *successfully run* **disable** on the network extension, though **launchd** continued to run it, according to system.log sudo launchctl disable system/GT8P3H7SPW.com.mcafee.CMF.networkextension $ launchctl print-disabled system disabled services = { "com.mcafee.genutility" => true "com.mcafee.datupdate" => true "com.mcafee.virusscan.fmpd" => true "com.mcafee.CMF.networkextensionn" => true "com.mcafee.productupdate" => true "GT8P3H7SPW.com.mcafee.CMF.networkextension" => true } I then attempted to **remove** the network extension, but was given a *"not privileged"* error sudo launchctl remove GT8P3H7SPW.com.mcafee.CMF.networkextension Sep 29 12:22:19 macbroke com.apple.xpc.launchd (com.apple.xpc.launchd.domain.system): Caller not allowed to perform action: launchctl.642, action = service remove, code = 1: Operation not permitted, uid = 0, euid = 0, gid = 0, egid = 0, asid = 100007 **unload** gave an *"Input/output error"* sudo launchctl unload system/GT8P3H7SPW.com.mcafee.CMF.networkextension **print** revealed the location of the service module launchctl print system/GT8P3H7SPW.com.mcafee.CMF.networkextension program = /Library/SystemExtensions/D61ECA19-7AC8-43FF-98C0-A3FE84132C34/com.mcafee.CMF.networkexte nsion.systemextension/Contents/MacOS/com.mcafee.CMF.networkextension **Would removing this file/directory cause launchd to stop trying to schedule it?** I realize that the scheduling of a service is probably independent of its binaries existing or not, but figured it may be worth a try. Even with **sudo** I do not have privileges to rename the parent directory under */Library/SystemExtensions*, but could possibly from **Recovery**. However this would require mounting the primary partition which I think I had trouble with a while back when creating a manual image with **hdiutil**. --- Opening *embedded.provisionprofile* with command ⌘-O Previewing *embedded.provisionprofile* with space

I'm wondering if anyone knows why this

/System/Library/StagedFrameworks/Safari/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc

is connecting to

.ru

? This is according to Little Snitch on my macOS 10.14.6 Mojave machine, that I just updated from 10.11.6 OS X Lion. Hybrid-Analysis makes it appear "at first glance" that it is a potentially malicious website : https://www.hybrid-analysis.com/sample/aeb562d94494fd967c0ef064f528956192bcff8b00033c0f9892d7cafeda174e?environmentId=120 However, I'm not familiar with Hybrid-Analysis very well... Is this Little Snitch paranoia?

I want to use my Mac to scan drives that have Windows partitions on them for malware. I know that there are a lot of security software packages out there for Macs but I'm not sure if they detect Windows based malware to the same extent that a Windows security software package would. Does anyone out there have experience using their Macs to detect viruses on Windows partitions and/or external drives that may have been infected with Windows based malware? What software is the best for this?

I recently downloaded Avast and I ran a full deep scan on the MacOS. It detected the Beryllium virus on my bootcamp partition. Resolving the problem through Avast is not successful. I then booted up Windows 10 and run a full scan (full and offline modes) using both Avast and Microsoft Defender, however Beryllium was not detected. I then went back to MacOS and did a full scan with Avast and still detected Beryllium. What should I do moving forward?

Recently on MacOS 10.13.6 I have noticed high CPU usage and identified the process *YaraScanService* as consuming close to 90% CPU. The Activity Monitor lists it under: /System/Library/CoreServices/MRT.app/Contents/XPCServices/YaraScanService.xpc/Contents/MacOS/YaraScanService as part of the MRT.app. According to this thread and another one it appears to be some kind of Apple's built-in antivirus that is doing its scanning yet there doesn't seem to be a way to disable or remove it apart from killing it from the Activity Monitor or with pkill. Any pointers on how to control it or stop/disable it? I would assume that if you have dozens of gigabytes of zip, tar, bzip, rar, jar archives then yarascan will unpack them all to memory or disc in order to scan them, and there is absolutely no way to whitelist or exclude them. The **MRT.app** is timestamped on 10-Aug-2018 along with a bunch of other folders (apparently the date when I accepted an Apple update). Most files inside the folder are timestamped 4-Jul-2018 and 8-Jul-2018, supposedly when the app was released by Apple.