XProtect and MRT Updates for macOS.

Discussion in 'all things Mac' started by 1PW, Feb 4, 2022.

  1. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed updates to XProtect and MRT
     
  2. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed an update to XProtect
    For those who may have trust issues with the above recommended/signed/notarized utilities, the current version of macOS XProtect may be determined by issuing the following Linux based query through the macOS Terminal app:
    Code:
    % defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString
    
    If the new version is not up-to-date and the macOS automatic update is to be circumvented, the following command, as Root, may be issued to immediately force the update:
    Code:
    % sudo softwareupdate --background-critical
    
    HTH
     
    Last edited: Mar 10, 2022
  3. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed an update to MRT
    For those who may have trust issues with the above recommended/signed/notarized utilities, the current version of macOS MRT may be determined by issuing the following Linux based query through the macOS Terminal app:
    Code:
    % defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
    
    If the new version is not up-to-date and the macOS automatic update is to be circumvented, the following command, as Root, may be issued to immediately force the update:
    Code:
    % sudo softwareupdate --background-critical
    
    HTH
     
    Last edited: Mar 10, 2022
  4. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed updates to XProtect and MRT:
    Attribution and reference: https://eclecticlight.co/2022/03/17/apple-has-pushed-updates-to-xprotect-and-mrt-29/
     
    Last edited: Mar 18, 2022
  5. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed a silent update to MRT:
    Attribution and reference: https://eclecticlight.co/2022/04/29/apple-has-pushed-an-update-to-mrt-12/
     
    Last edited: May 1, 2022
  6. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    On 12-May-2022, Apple pushed a silent update to XProtect 2159:
    Attribution: https://eclecticlight.co/2022/05/12/apple-has-pushed-an-update-to-xprotect-21/

    Thank you.
     
  7. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    On 09-June-2022, Apple pushed a silent update to XProtect 2160:
    Attribution: https://eclecticlight.co/2022/06/09/apple-has-released-an-update-to-xprotect-and-to-big-sur-11-6-7/

    Thank you.
     
  8. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    On 16-June-2022, Apple pushed a silent update to XProtect Remediator 62:

    Applies to Apple's macOS 10.15 Catalina and above.
    Attribution: Apple has just pushed the first solo XProtect Remediator update

    Note: As of this posting, XProtect itself is still version 2160 and MRT is still 1.93.

    For those who may have trust issues with Howard Oakley's recommended/signed/notarized utilities, your system's current version of macOS XProtect Remediation may alternatively be determined by issuing the following Linux-based query through the macOS Terminal app:
    Code:
    % defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString
    
    Bonus:
    Code:
    & defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString && defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString && defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
    
     
    Last edited: Jun 18, 2022
  9. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed updates to XProtect 2161 and XProtect Remediator 64.
    Apple has just pushed updates to XProtect and XProtect Remediator security software. While XProtect is generally supported by macOS at least as far back as El Capitan, Remediator is only thought to be available for Macs running Catalina or later. Following a successful update, XProtect should be brought up to version 2161, and XProtect Remediator to version 64.

    Apple doesn’t release information about what this update adds or changes and obfuscates the identities of malware detected by both apps using internal code names.

    Changes in the XProtect Yara detections add new detection signatures for MACOS.644e18d and MACOS.cbb1424, neither of which appears to have been identified previously.

    XProtect Remediator adds two more executable code modules apparently to address ‘ToyDrop’ and ‘WaterNet’, whatever they might be.

    You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

    A full listing of security data files versions is given by SilentKnight, LockRattler, and SystHist for El Capitan to Ventura available from their product page. If your Mac has not yet installed these updates, you can force them using SilentKnight, LockRattler, or at the command line.

    I have yet again experienced problems with my Content Caching Server delivering updates that won’t install properly, even after turning caching off, flushing the cache, and turning it back on again. If you’re running your own local server, you may find you have to turn it off before you can get these updates to install successfully.

    I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

    I maintain lists of the current versions of security data files for Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

    I am grateful to Phil Stokes at Sentinel Labs for decoding the obfuscated malware names here.

    MRT remains at version 1.93.

    If you are unwilling to wait for the next daily scheduled macOS process to check for system/security updates, nor do you wish to use the update capabilities of Dr. Howard Oakley's SilentKnight or LockRattler, the following command line may be issued to begin immediate background checks for system and security updates:
    Code:
    % sudo softwareupdate --background-critical
    
    Thank you.
     
    Last edited: Jul 3, 2022
  10. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed an update to XProtect Remediator. (07-July-2022)
    Apple has just pushed an update to XProtect Remediator security software for Macs running Catalina or later, bringing it to version 65.

    Apple doesn’t release information about what this update adds or changes. This update doesn’t add any more executable code modules, so presumably updates one or more of them.

    You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

    A full listing of security data file versions is given by SilentKnight, LockRattler, and SystHist for El Capitan to Ventura available from their product page. If your Mac has not yet installed these updates, you can force them using SilentKnight, LockRattler, or at the command line.

    I have yet again experienced problems with my Content Caching Server delivering an update that won’t install properly. If you’re running your own local server, you may find you have to turn it off before you can get this update to install successfully.

    I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

    I maintain lists of the current versions of security data files for Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.
    XProtect remains at version 2161.
    MRT remains at version 1.93.
     
  11. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed an update to XProtect Remediator. (21-July-2022)
    hoakley July 21, 2022 Macs, Technology, Updates
    Apple has pushed an update to XProtect Remediator

    Apple has just pushed an update to XProtect Remediator security software for Macs running Catalina or later, bringing it to version 67. The last version released publicly was 65, and version 66 doesn’t appear to have been released.

    Apple doesn’t release information about what this update adds or changes. This update doesn’t add any more executable code modules, so presumably updates one or more of them.

    You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

    A full listing of security data files versions is given by SilentKnight, LockRattler, and SystHist for El Capitan to Ventura available from their product page. If your Mac has not yet installed these updates, you can force them using SilentKnight, LockRattler, or at the command line.

    I have yet again experienced problems with my Content Caching Server delivering an update that won’t install properly. If you’re running your own local server, you may find you have to turn it off before you can get this update to install successfully. Despite reporting this problem to Apple nearly two months ago, it continues without being fixed and is now a deterrent to using the Content Caching service.

    I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

    I maintain lists of the current versions of security data files for Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

    Thanks to Mr. Macintosh for drawing my attention to this update.
    XProtect remains at version 2161.
    MRT remains at version 1.93.
     
  12. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed an update to XProtect Remediator 68. (04-August-2022)
    hoakley August 4, 2022 Macs, Technology, Updates
    Apple has pushed an update to XProtect Remediator

    Apple has just pushed an update to XProtect Remediator security software for Macs running Catalina or later, bringing it to version 68.

    Apple doesn’t release information about what this update adds or changes. This update adds a fourteenth executable module named enigmatically XProtectRemediatorSnowDrift.

    You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

    A full listing of security data files versions is given by SilentKnight, LockRattler, and SystHist for El Capitan to Ventura available from their product page. If your Mac has not yet installed these updates, you can force them using SilentKnight, LockRattler, or at the command line.

    It may just be luck, but this time I was able to install this update successfully using my 12.5 Content Caching server. I have my fingers crossed that this might mean previous problems have been fixed at last.

    I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

    I maintain lists of the current versions of security data files for Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.
    XProtect remains at version 2161.
    MRT remains at version 1.93.
     
  13. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed updates to XProtect and XProtect Remediator (18-August-2022)
    With explicit permission:
    hoakley August 18, 2022 Macs, Technology, Updates
    Apple has pushed updates to XProtect and XProtect Remediator

    Apple has just pushed updates to XProtect and XProtect Remediator security software. While XProtect is generally supported by macOS at least as far back as El Capitan, Remediator is only available for Macs running Catalina or later. Following a successful update, XProtect should be brought up to version 2162, and XProtect Remediator to version 71.

    Apple doesn’t release information about what this update adds or changes and obfuscates the identities of malware detected by both apps using internal code names.

    XProtect Remediator doesn’t add any new executable code modules on this occasion, but most interestingly, XProtect adds a new detection signature for malware code-named snowdrift, which is already the name of one of the modules in XProtect Remediator. This implies that, whatever malware this represents, is now detected by all updated versions of macOS, and remediated on those running Catalina and later. Stuart Ashenbrenner @stuartjash at Jamf has identified this as CloudMensis, detailed here by Jamf and here by ESET. This spyware was first discovered by ESET back in April 2022, and at that time was considered to have undergone very limited distribution.

    You can check whether these updates have been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

    A full listing of security data files versions is given by SilentKnight, LockRattler, and SystHist for El Capitan to Ventura available from their product page. If your Mac has not yet installed these updates, you can force them using SilentKnight, LockRattler, or at the command line.

    I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

    I maintain lists of the current versions of security data files for Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

    MRT remains at 1.93 since 29-April-2022.
     
    Last edited: Aug 20, 2022
  14. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Last edited: Sep 7, 2022
  15. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
  16. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
  17. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed updates to XProtect and XProtect Remediator (13-October-2022)

    XProtect Remediator updates to 78 today.
    XProtect updates to 2163 today.
    MRT remains at 1.93 since 29-April-2022.

    If not already updated, manually running the following macOS Software Update Tool command can hasten any system software update:

    % softwareupdate -ia --include-config-data
     
  18. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed an update to XProtect Remediator (27-October-2022)

    XProtect remains at 2163 since 13-October-2022.
    XProtect Remediator updates to 83 today.
    MRT remains at 1.93 since 29-April-2022.

    Although periodically checked in macOS, manually running the following macOS Software Update Tool command could hasten any above applicable software update(s):

    % softwareupdate -ia --include-config-data
     
    Last edited: Oct 28, 2022
  19. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed an update to XProtect Remediator. (10-November-2022)

    Under ordinary circumstances, the following may update every other Thursday morning, U.S. Pacific Time:
    1. XProtect updates to version 2165 today.
    2. XProtect Remediator updates to version 84 today.
    3. MRT remains at version 1.93 since 29-April-2022.
    Although periodically checked in macOS, manually running the following macOS Software Update Tool command could hasten any above applicable pending software update(s):

    % softwareupdate -ia --include-config-data
     
    Last edited: Nov 14, 2022
  20. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has pushed an update to XProtect Remediator. (08-December-2022)

    Under ordinary circumstances, the following may update every other Thursday morning, U.S. Pacific Time:
    1. XProtect remains at version 2165 since 10-November-2022.
    2. XProtect Remediator updates to version 86 today.
    3. MRT remains at version 1.93 since 29-April-2022.
    Although periodically checked on macOS, manually running the following undocumented macOS Software Update Tool command could hasten any above applicable pending software update(s):

    % softwareupdate -ia --include-config-data
     
    Last edited: Dec 14, 2022
  21. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has released an update to XProtect Remediator. (19-January-2023)

    Under ordinary circumstances, the following may update every other Thursday morning, U.S. Pacific Time:
    1. XProtect remains at version 2165 since 10-November-2022.
    2. XProtect Remediator updated to version 87 on 19-January-2023.
    3. MRT remains at version 1.93 since 29-April-2022.
    Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any above applicable pending software update(s):

    % softwareupdate -ia --include-config-data
     
  22. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Apple has released an update to XProtect Remediator. (02-February-2023)

    Under ordinary circumstances, the following may update every other Thursday morning, U.S. Pacific Time:
    1. XProtect remains at version 2165 since 10-November-2022.
    2. XProtect Remediator updated to version 89 on 02-February-2023.
    3. MRT remains at version 1.93 since 29-April-2022.
    Although periodically checked by macOS, manually running the following undocumented macOS Software Update Tool command could hasten any above applicable pending software update(s):

    % softwareupdate -ia --include-config-data
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.