UXProtect



Use UXProtect or (in Terminal) the -f option to force-update XProtect if the version numbers don’t match, but macOS usually does that automatically. Related Video Tutorials: How To Choose Where Downloaded Files Are Saved ― The Best Mac Anti-Virus Software ― Create a Magic Fireball Video Using the Software On Your Mac &horbar. Thank you for using our software library. Use the link below and download Windows 8 UX Pack legally from the developer's site. We wish to warn you that since Windows 8 UX Pack files are downloaded from an external source, FDM. The missing UI to Apple's built-in XProtect YARA signatures. Enumerate signatures, scan files, and more. VTCodeSimilarity-YaraGen 💎. Yara rule generator using VirusTotal code similarity feature code-similar-to: written by @arieljt. Automatically generate AV byte signatures from sets of similar binaries.

UXProtect allows a user to explore the features and rules utilized by macOS's XProtect. Notable features of UXProtect include:* XProtect Yara Signature, Blacklisted Plugin, and Blacklisted Extension 'Explorer'* On-demand Yara scanning leveraging XProtect and/or custom Yara rule definitions* Load time version check and (on-demand, immediately) forced updates of XProtect configuration files
UXProtect

To begin using UXProtect first download the zip archive containing the application. Depending on your browser, you may need to manually unzip the application by double-clicking on the zipped archive. Optionally, drag and drop the extracted application to the location of your choosing (typically the Applications folder).

As of version 1.1 you can also check for updates and install from directly within the app using the UXProtect->Check For Updates… menu item.

Presumably, your browser will have set the quarantine flag when you downloaded and extracted the zip (as it does with all downloaded applications), so upon first launch of UXProtect, Gatekeeper will ask if you are sure you want to launch the application downloaded from the internet. Click “Open”.

As an interesting aside, these are the same mechanics utilized to launch an XProtect scan of a downloaded file. For more information on Gatekeeper, check out this great presentation from Objective-See on the internals of Gatekeeper.

Upon launching the UXProtect application, you will be presented with the Yara signature explorer view. XProtect signatures have been parsed and pre-loaded from /System/Library/CoreServices/XProtect.bundle/Contents/Resources/XProtect.yara. From here you can:

  • Study/Search the XProtect pre-loaded signatures to get a sense for the threat and protections.
    • View the summary information for each threat and rule
    • Explore any linked references for more specific information on each threat
    • Explore specific samples of the threat by visiting VirusTotal (by clicking linked Hash Samples)
    • Toggle between the ASCII converted rule strings, and the HEX representation (note: not all rule strings cleanly convert to ASCII, depending on the rule).
  • Add and remove additional Yara Signatures into the explorer and scanner (see below) using the slider on the far right.

For an introduction, or refresher on Yara rules, visit Writing Yara Rules.

UXProtect also highlights information about the plugins and extensions that are blacklisted by XProtect. Both lists are parsedfrom /System/Library/CoreServices/XProtect.bundle/Contents/Resources/XProtect.meta.plist and displayed in a more user friendly way.

Additionally, UXProtect presents information about other loaded plugins and Safari extensions on your computer.

  • Installed plugins are parsed from /Library/Internet Plug-Ins/ and ~/Library/Internet Plug-Ins/
  • Installed extensions are parsed from ~/Library/Safari/Extensions/Extensions.plist

As we noted in the “Launch” portion of this guide (and will cover more extensively in an associated future blog post), XProtect will scan a file downloaded from the internet, once launched or opened, if the downloading application sets the Quarantine flag on the download. UXProtect will leverage the same Yara rules (under)utilized by XProtect to extend the scanning capabilities to include on-demand scans of any file or directory on the file system. Additionally, you can load additional custom or community defined Yara rules using the expandable section on the far right of the tool.

Action rpg for mac. One of the smaller, but neater features of UXProtect is the ability to selectively and immediately force an update of available XProtect configuration data (i.e. updated Yara signatures) as new threats are addressed by Apple. Other update methods documented on the web fell short for a variety of reasons. They require elevated privileges, automated updates to be enabled, and/or installation of all similarly available packages. While developing UXProtect, we discovered an undocumented option to the softwareupdate application that overcame these issues, and gives complete control to the administrator/user as shared in this tweet.

UXProtect

The commands used to perform the update are:

UXProtect is able to leverage this same technique to force immediate XProtect signature updates.

As of v1.1, UXProtect supports running select features from the command line without launching the UI.

Usage:

GetVersions example:

ForceUpdate example:

UXProtect

UXProtect only establishes requests to Digita enrichment and update resources hosted on it’s website, to Apple to perform XProtect update checking, and to send diagnostics to our Sentry.io resources in the case of fatal application errors. UXProtect uses the enrichment data to enrich Yara signatures, blacklisted plugins, and blacklisted extensions with additional information. If UXProtect is unable to connect to these enrichment resources at application launch it will use a local (perhaps outdated) copy packaged within the application bundle.

Q. Why is UXProtect failing to update XProtect from v2094 to v2095 configuration after a High Sierra update?

A. This appears to be a bug in the High Sierra Updater/Installer that is simply being highlighted by UXProtect. For more details, including a possible mitigation, see our blog post on the topic.

Please email us at UXProtect@digitasecurity.com or submit a new issue

Xprotect Smart Client

Updated January 2018 for v1.1