Resolved XProtectPayloads Version Check via Terminal

[camelia]

Hello,

How do I check XProtectPayloads Version WITHOUT using a 3rd app like SilentKnight in terminal (Monterey, Big Sur and Mojave)?

Gatekeeper
$ /usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" /private/var/db/gkopaque.bundle/Contents/Info.plist
181

XProtect           
$ defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString
2160

MRT (Malware Removal Tool) 
$ defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
1.93

XProtectPayloads?

Thanks @tywebb13 @bogdanw
Camelia

Ps: You can send me a private message if you feel more comfortable helping me with this question.

 

[bogdanw]

I presume you are referring to the new, dumb, XProtect “app” that Apple introduced in Monterey, and now in Big Sur too. https://forums.macrumors.com/threads/clamxav-says-found-trojan-in-xprotect-app.2338293/
Look into /Library/Apple/System/Library/CoreServices/XProtect.app, it contains some XprotectRemediator files mentioned by SilentKnight.

 

[camelia]

I presume you are referring to the new, dumb, XProtect “app” that Apple introduced in Monterey, and now in Big Sur too. https://forums.macrumors.com/threads/clamxav-says-found-trojan-in-xprotect-app.2338293/
Look into /Library/Apple/System/Library/CoreServices/XProtect.app, it contains some XprotectRemediator files mentioned by SilentKnight.

It works, thank you!! 😀

Last login: Sat Jun 25 19:39:43 on console
$ defaults read /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/Info.plist CFBundleShortVersionString
62

Camelia