applch/macOS Security Overview

## macOS Security Overview
XProtect
macOS includes built-in state-of-the-art antivirus technology called XProtect for the signature-based detection of malware, the use of which supports best-practice protection from viruses and malware. The system uses YARA signatures, which Apple updates regularly. Apple monitors for new malware infections and strains, and updates signatures automatically—independent from system updates—to help defend Mac computers from malware infections. XProtect automatically detects and blocks the execution of known malware. In macOS 10.15 or later, XProtect checks for known malicious content whenever an app:
Is first launched
Has been changed
When XProtect detects known malware, the software is blocked and the user is notified and given the option to move the software to the Trash.

Malware Removal Tool
Should malware make its way onto a Mac, macOS also includes technology to remediate infections. The Malware Removal Tool (MRT) is an engine in macOS that remediates infections based on updates automatically delivered from Apple (as part of automatic updates of system data files and security updates). In addition to monitoring for malware activity in the ecosystem to be able to revoke Developer IDs (if applicable) and issue XProtect updates, Apple also issues updates to MRT to remove malware from any impacted systems that are configured to receive automatic security updates. MRT removes malware upon receiving updated information, and it continues to check for infections on restart and login. MRT doesn’t automatically reboot the Mac.

Automatic security updates
Apple issues the updates for XProtect and the malware removal tool automatically based on the latest threat intelligence available. By default, macOS checks for these updates daily. For more information on automatic security updates, see the Apple Support article Automatic security updates.
	XProtect
	macOS includes built-in state-of-the-art antivirus technology called XProtect for the signature-based detection of malware, the use of which supports best-practice protection from viruses and malware. The system uses YARA signatures, which Apple updates regularly. Apple monitors for new malware infections and strains, and updates signatures automatically—independent from system updates—to help defend Mac computers from malware infections. XProtect automatically detects and blocks the execution of known malware. In macOS 10.15 or later, XProtect checks for known malicious content whenever an app:
	Is first launched
	Has been changed
	When XProtect detects known malware, the software is blocked and the user is notified and given the option to move the software to the Trash.

	Malware Removal Tool
	Should malware make its way onto a Mac, macOS also includes technology to remediate infections. The Malware Removal Tool (MRT) is an engine in macOS that remediates infections based on updates automatically delivered from Apple (as part of automatic updates of system data files and security updates). In addition to monitoring for malware activity in the ecosystem to be able to revoke Developer IDs (if applicable) and issue XProtect updates, Apple also issues updates to MRT to remove malware from any impacted systems that are configured to receive automatic security updates. MRT removes malware upon receiving updated information, and it continues to check for infections on restart and login. MRT doesn’t automatically reboot the Mac.

	Automatic security updates
	Apple issues the updates for XProtect and the malware removal tool automatically based on the latest threat intelligence available. By default, macOS checks for these updates daily. For more information on automatic security updates, see the Apple Support article Automatic security updates.