Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

XProtect asks for full disk access?

U

unrigestered

Suspended
Jun 17, 2022
879
840
yup, also using system_profiler (though not with grep yet, but cmd+F)
the About this Mac way is more convenient for me for some things though (if they are listed there, as system_profiler is holding a whole bunch more info)
 
Analog Kid

Analog Kid

macrumors G3
Mar 4, 2003
9,351
12,590
I've had in my Full Disk Access list for some time now, not sure when it showed up. It's a bit of a conundrum-- wasn't sure if I should give it access or not. It didn't request access that I remember. Shouldn't need access, given that it's a system service, but I also don't want to deny it access...
 
bogdanw

bogdanw

macrumors 603
Mar 10, 2009
6,100
3,013
Analog Kid said:
I've had in my Full Disk Access list for some time now, not sure when it showed up. It's a bit of a conundrum-- wasn't sure if I should give it access or not. It didn't request access that I remember. Shouldn't need access, given that it's a system service, but I also don't want to deny it access...
Click to expand...
Remove it from the Full Disk Access list and see if it shows up again.
 
philippe2014

philippe2014

macrumors member
Original poster
Aug 21, 2022
41
21
Paris
I removed it from the Full Disk Access list a few hours ago and restarted the system, for the moment it no longer appears.
 
K

KaliYoni

macrumors 68000
Feb 19, 2016
1,787
3,931
philippe2014 said:
Hello, XProtect appears in privacy? and asks for disk access, Monterey version 12.5.1
Click to expand...
Apple seems to be in the process of replacing MRT with XProtect Remediator. So it is possible the "XProtect" that has begun appearing in System Preferences/Security & Privacy/Privacy/Full Disk Access is really XProtect Remediator.

----------
For anybody interested, here is some detailed info (this website, The Eclectic Light Company, is well worth following if you're into how macOS works and into troubleshooting):

eclecticlight.co

MRT and XProtect Remediator: an update

During this transition period, with both MRT and XProtect Remediator active on Macs running Catalina and later, what runs when?
eclecticlight.co eclecticlight.co

eclecticlight.co

Last Week on My Mac: Introducing XProtect Remediator, successor to MRT

MRT’s days appear numbered. On 14 March this year, Apple released its successor – a new version of XProtect, which now does the lot.
eclecticlight.co eclecticlight.co
 
  • Like
Reactions: gilby101 and philippe2014
philippe2014

philippe2014

macrumors member
Original poster
Aug 21, 2022
41
21
Paris
Thanks for the link that sheds light on the story.But still strange that the behavior of having to request authorization for a service that affects security.:oops:
 
philippe2014

philippe2014

macrumors member
Original poster
Aug 21, 2022
41
21
Paris
eclecticlight.co

macOS now scans for malware whenever it gets a chance

How macOS now has anti-malware scanners checking your Mac automatically many times each day for the most frequent malware.
eclecticlight.co eclecticlight.co
I think Xprotect needs full disk permission is quite legit. Yet when I uncheck disk access permission for Xprotect in activity monitor the services don't move and are still present check or uncheck nothing changes. But maybe the authorization request is legitimate in its precise qua for mail, safari, etc. so an authorization imposed by the native system and another granted by the user???
 
bogdanw

bogdanw

macrumors 603
Mar 10, 2009
6,100
3,013
philippe2014 said:
eclecticlight.co

macOS now scans for malware whenever it gets a chance

How macOS now has anti-malware scanners checking your Mac automatically many times each day for the most frequent malware.
eclecticlight.co eclecticlight.co
I think Xprotect needs full disk permission is quite legit. Yet when I uncheck disk access permission for Xprotect in activity monitor the services don't move and are still present check or uncheck nothing changes. But maybe the authorization request is legitimate in its precise qua for mail, safari, etc. so an authorization imposed by the native system and another granted by the user???
Click to expand...
It makes absolutely no sense for Apple’s own anti-malware protection to request permission from the user. That would mean malware could easily bypass it.
 
  • Like
Reactions: philippe2014
bogdanw

bogdanw

macrumors 603
Mar 10, 2009
6,100
3,013
Easy like this: tccutil reset SystemPolicyAllFiles com.apple.XProtectFramework.XProtect
Notice that reading the database requires sudo, but deleting the Full Disk Access for XProtect does not.

Full Disk Access for XProtect.jpg
 
  • Like
Reactions: philippe2014
philippe2014

philippe2014

macrumors member
Original poster
Aug 21, 2022
41
21
Paris
Good this morning the xprotech request came back I think the best immediately and let uncheck.
See the info in the future to find out why this strange disk access request.
Apple does not disclose any information on a security-sensitive subject.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom