You may have been led to believe that you don’t need to worry about computer viruses on your Mac. And, on the one hand, there is truth in that. While your Mac will certainly be infected with malware, Apple’s built-in malware detection and file quarantine capabilities should make it less likely that you’ll download and run malicious software.
Apple introduced malware detection in macOS in 2009 with Snow Leopard (Mac OS 10.6). This system includes the quarantine of any app downloaded from the Internet, the use of Code Signing certificates to verify that an app is from a legit source, and regular security updates that includes databases of known malware targeting macOS.
If you want some tips to help you protect your Mac from any potential malware read: How to protect your Mac from malware. We also discuss how secure a Mac is and what to do if you think your Mac has a virus separately. Here we will discuss how you can check your Mac for viruses and how to run a virus scan on Mac. Read on to find out more.
How Apple scans your Mac for viruses and malware
Apple includes antivirus software in macOS that monitors your Mac for malware, blocks malware and removes it when necessary. There are three elements to it: XProtect, Gatekeeper and Notarization.
Apps are checked before they are installed
Apple has made it difficult to install an app that might not be secure on a Mac. Mac users can choose to only install apps from the Mac App Store, which is the safest option because it means the app has been thoroughly reviewed by Apple before distribution.
Alternatively, there is an option to install apps from the Mac App Store and from recognized developers. A recognized developer is one whose software has been scanned by Apple to ensure it is safe. As long as the app has passed Apple’s tests it has a Notarization ticket, which Gatekeeper looks for before telling macOS that it’s safe to open.
If you only install apps from the Mac App Store, or notary apps from recognized developers, you should be safe, but sticking to the Mac App Store is the safest option because the apps in the Mac App Store cannot be modified.
If you want to make sure your Mac can only install apps from the Mac App Store these are the steps to follow:
- Open System Settings.
- Click on Privacy & Security.
- Scroll down to Security and select App Store under Allow applications downloaded from.
In Monterey or earlier:
- Open System Preferences.
- Click on Security & Privacy.
- Click on General.
- Under Allow applications to be downloaded from the selected App Store.
If you want to allow installations from outside the Mac App Store follow the same steps but select App Store and identified developers from the options.
If you choose to allow installations from recognized developers then Apple will look for evidence that the app has been notarized and it will also verify that the app has not been tampered with and that no malware is present. Unfortunately in the past there were apps that got through this process because there was a certificate, as in the case of the Shlayer malware, but Apple has increased security since and changes to notarized apps are pushed when necessary.
If the Gatekeeper detects that the app does not have a notorization to prove that the developer is certified by Apple, a message saying that the app cannot be opened because of your settings will be displayed. If you know the software is from a legitimate developer you can override it and open the app. See: How to unlock a Mac app from an unknown developer. However, you should be aware that even legitimate software is known to harbor malware.
XProtect blocks malware from running
Even if the developer is recognized by Apple, the software will still be checked against a list of known XProtect malware. XProtect will scan an app the first time it launches and it will scan the app every time an update is issued for it.
XProtect updates are pushed regularly and macOS automatically checks for updates every day—a Mac user doesn’t need to do anything because these updates are separate from macOS updates. This means that even the latest malware should be recognized by XProtect, although Apple is not always as fast in getting this information updated as other antivirus solutions. Check out our round up of the Best Antivirus for Mac, featuring Intego as our number one pick.
If malware is detected the app will be blocked and a message will appear giving the option to remove the software.
To take full advantage of XProtect you need to be running macOS Catalina (10.15) or later, but we advise that, since Apple only supports the last three versions of macOS, it’s safer if you’re running Big Sur, Monterey and Ventura.
You should make sure your Mac is set to receive these updates automatically by following these steps:
- Open System Settings.
- Go to General > Software Update.
- Click the i next to Automatic updates and check that Install Security Responses and System Files is selected.
In Monterey or older:
- Open System Preferences.
- Click on Software Update.
- Click on Advanced.
- Make sure the box next to Install system data files and security updates is selected.
Malware is removed by XProtect Remediator
When malware is detected on a Mac the user will see an alert suggesting moving the affected app to the trash. The user is also asked to alert others to the malware, which they can do automatically. This does not mean that it is up to the user to uninstall the app and remove the malware though.
The removal is used to include a separate Malware Removal Tool (MRT) found in /Library/System, but it is not an app available to users. However, since macOS Monterey MRT has been replaced by an XProtect Remediator that scans and removes malware.
XProtect Remediator scans your Mac at least once a day or so, and is updated more frequently than MRT used to be—since MRT is no longer updated it’s a good reason to make sure it’s running. you’re on macOS Catalina or later.
XProtect Remediator will attempt to repair or remove the malware.
The developer has lost a certificate and the app has lost notarization
If an app is notified by Apple but the malware is known the developer will lose the certificate that allows them to distribute apps and the app will lose its notarization.
This notarization change is then pushed to other Mac users so Gatekeeper knows not to allow the app to open.
macOS checks for XProtect updates daily, but Notarization updates are issued more frequently, so if malware is found, or a Notarization app is missing, Mac users should be protected immediately.
Is Apple’s protection enough?
If Mac users only rely on XProtect and other Apple protections there are limitations compared to other anti-malware solutions, which are constantly updated and have teams of specialists working on detection of malware.
The protection offered by XProtect is also more basic than third-party anti-malware apps that can also protect you from phishing, social networking scams, and it can protect your Windows using friends. We’ve made various recommendations in our testing of the top Mac antivirus apps.
XProtect is updated more frequently than before—which is one of the main criticisms—but other malware apps check for malware regularly. XProtect only checks for malware when an app is downloaded for the first time, when the app is updated and when the developer signature or app notarization status changes.
Apple’s protections are supposed to keep your Mac free from most harmful software, but they can’t impossible for malicious software to be installed on your Mac. If new malware is released today and you download and run it now you may do so before Apple’s databases are updated. That’s why it’s always best to be smart about downloading software from unknown sources.
As we argue in a separate article: Macs need antivirus software despite Apple’s macOS protections.
How to scan for viruses on a Mac
macOS will automatically scan your Mac for any malware definitions that feature XProtect, you can’t force it to do this. If you want to improve protection to include other types of malware, and scan Windows for viruses so there is no risk of them being transmitted, then you would be wise to install a third-party anti- malware app.
There are many third party apps that can scan your Mac for viruses, including some free options and many that offer a free trial period.
Before you scan your Mac for viruses you can visit Privacy & Security in System Settings or Security & Privacy in System Preferences to allow access. For example, in the case of Avira we have to click Allow to scan it on our system. You also need to allow Full Disk Access, which can also be done in Privacy & Security.
Starting a virus scan is an easy process that usually starts with the user clicking the Scan or Smart Scan button.
Expect the scan to take some time. We had about an hour wait while our Mac was scanned by Sophos while scanning with the free Avira took half an hour.
Best apps to check your Mac for viruses
We have many options in our roundup of the best antivirus solutions for Mac, here are some options:
3. McAfee Total Protection
Price When Checked:
US$39.99 per year (2 years, 5 uses), $119.99 year
Read our full McAfee Total Protection review