Advice Request macOS needs an AV?

Please provide comments and solutions that are helpful to the author of this topic.

Trident

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,736
Anthony Qian said:
I’m using F-Secure on my Mac, so far so good. F-Secure, as far as I’m aware, is the only AV product that has behavioral protection function (DeepGuard) on macOS.
Click to expand...
symantec-enterprise-blogs.security.com

Symantec Endpoint Security on MacOS

Meet the new Symantec Agent for macOS Endpoint Protection
symantec-enterprise-blogs.security.com symantec-enterprise-blogs.security.com
The new version can be installed and managed from either the on-premises Symantec Endpoint Protection Manager or the Integrated Cyber Defense Manager (ICDm) cloud console. This agent release includes key innovations such as:

  • Behavioral analysis, which analyzes good and bad behaviors to prevent new and unknown threats on the macOS.
Click to expand...
According to Symantec documentation above, Symantec client for Mac includes behavioural analysis as well. Since Norton for Mac in the package names still carries “Symantec” references, one can assume that behavioural protection is included. However documentation is inconclusive to say for sure. Nevertheless, F-Secure is not the only one.
 
  • Like
Reactions: vtqhtr413, Nevi, roger_m and 1 other person
Anthony Qian

Anthony Qian

Level 9
Verified
Well-known
Apr 17, 2021
448
Trident said:
symantec-enterprise-blogs.security.com

Symantec Endpoint Security on MacOS

Meet the new Symantec Agent for macOS Endpoint Protection
symantec-enterprise-blogs.security.com symantec-enterprise-blogs.security.com

According to Symantec documentation above, Symantec client for Mac includes behavioural analysis as well. Since Norton for Mac in the package names still carries “Symantec” references, one can assume that behavioural protection is included. However documentation is inconclusive to say for sure. Nevertheless, F-Secure is not the only one.
Click to expand...
I’ve edited my comment. However F-Secure lets you create your own HIPS-like rule on macOS, which is quite customizable.
 
  • Like
Reactions: simmerskool, Trident and roger_m
Anthony Qian

Anthony Qian

Level 9
Verified
Well-known
Apr 17, 2021
448
Ink said:
Do you need those functions when running trusted apps? Are you able to share screenshots as an example.
Click to expand...
According to F-Secure's help manual, there are three levels of protection of DeepGuard:
• Default: This level allows most built-in macOS apps and processes to work normally. It does not monitor read operations on the computer, but checks attempts to write or run files.
• Classic: This level allows most built-in macOS apps and processes to work normally. It monitors attempts to read, write, or run files.
• Strict: This level only allows access to necessary processes. This allows you to more closely monitor system processes and built-in applications.

So I believe Apple's native apps are not monitored and are allowed to run smoothly. For other third-party apps, I have not noticed DeepGuard blocking their behavior, except for the app called pap.er. Screenshot is attached.

截屏2023-05-21 23.03.45.png
 
  • Like
  • Thanks
Reactions: ItsReallyMe, roger_m, Ink and 1 other person
Trident

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,736
HIPS like in a way that it will block certain behaviours of your choice (let’s say screenshot creation for the sake of example or writing files in certain directories) or it just includes aggressiveness level for the behaviour monitor?

I might give it a spin in the coming days. Do you know if it still uses Avira engine or just proprietary ones?
 
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Anthony Qian said:
I’ve edited my comment. However F-Secure lets you create your own HIPS-like rule on macOS, which is quite customizable.
Click to expand...
I think I have an unused F-Secure license, tempted to try F-Secure on mac, but still reluctant to drift away from pure Apple protection :cautious:
 
  • Like
Reactions: Trident
Anthony Qian

Anthony Qian

Level 9
Verified
Well-known
Apr 17, 2021
448
Trident said:
HIPS like in a way that it will block certain behaviours of your choice (let’s say screenshot creation for the sake of example or writing files in certain directories) or it just includes aggressiveness level for the behaviour monitor?

I might give it a spin in the coming days. Do you know if it still uses Avira engine or just proprietary ones?
Click to expand...
Only when you turn on the advanced mode of DeepGuard does it allow you to create your own rules and modify protection levels.

Yeah, like F-Secure for PC, Mac version also uses Avira engine as well as their own engine, Hydra (F-Secure Latest Database Updates). Additionally, detection from Protection Cloud can also be triggered and suspicious files will also be sent.
 
  • Like
Reactions: simmerskool and Trident
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Anthony Qian said:
According to F-Secure's help manual, there are three levels of protection of DeepGuard:
• Default: This level allows most built-in macOS apps and processes to work normally. It does not monitor read operations on the computer, but checks attempts to write or run files.
• Classic: This level allows most built-in macOS apps and processes to work normally. It monitors attempts to read, write, or run files.
• Strict: This level only allows access to necessary processes. This allows you to more closely monitor system processes and built-in applications.

So I believe Apple's native apps are not monitored and are allowed to run smoothly. For other third-party apps, I have not noticed DeepGuard blocking their behavior, except for the app called pap.er. Screenshot is attached.

View attachment 275550
Click to expand...
Interesting to know that F-Secure goes beyond the generic Antivirus route and offers DeepGuard for pro-active protection against potentially harmful changes.

simmerskool said:
How to Geek mentioned a KnockKnock for scanning if you do not want a real-time av on macOS. I have never used it.
Click to expand...
LuLu Firewall is another great free and open-source tool for Mac users.
malwaretips.com

New Update - Free and open-source Real-time Mac Security: Malware scanner, Behaviour Blocker, Anti-Spy, Firewall and Anti-Ransomware

https://objective-see.org/ GitHub: objective-see - Overview Blog: Objective-See: Blog Mac Firewall - Objective-See: LuLu On-Demand Scanner - Objective-See: KnockKnock Anti-Ransomware - Objective-See: RansomWhere? Behaviour Blocker - BlockBlock Anti-Webcam/Mic - Objective-See: KextViewr Task...
malwaretips.com malwaretips.com
 
  • Like
Reactions: simmerskool, Gandalf_The_Grey and Trident
B

bob974

Level 4
Verified
Feb 5, 2013
182
Hi,
I have tried F-secure, norton, kaspersky, bitdefender and since a year I have switched to INTEGO.
Frankly, for me it is the best protection on MAC.
Fast scans
firewall
What more can you ask for?
 
  • Like
Reactions: simmerskool and Trident
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,596
The last test done in June by 2022 AV-Comparatives Intego was the only one not certified:
Unfortunately, Intego app did not quite reach our threshold for Mac malware detection, and so was not certified this year.
Click to expand...
www.av-comparatives.org

Mac Security Test & Review 2022

Read the Mac Security Test & Review 2022 to learn how well Mac security software products can protect against Malware
www.av-comparatives.org www.av-comparatives.org
Let's see what's changed this year (probably June 2023).
 
  • Like
  • +Reputation
Reactions: roger_m, simmerskool and Trident
Trident

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,736
Gandalf_The_Grey said:
The last test done in June by 2022 AV-Comparatives Intego was the only one not certified:

www.av-comparatives.org

Mac Security Test & Review 2022

Read the Mac Security Test & Review 2022 to learn how well Mac security software products can protect against Malware
www.av-comparatives.org www.av-comparatives.org
Let's see what's changed this year (probably June 2023).
Click to expand...
It’s also quite expensive and uneconomical for users who have devices with different platforms, as the Windows version is not great (just another Avira-based AV). They don’t offer any mobile apps either.
 
  • Like
Reactions: roger_m, simmerskool and Gandalf_The_Grey
N

NormanF

Level 8
Verified
Jan 11, 2018
355
flaubert1971 said:
Never any antivirus on my MacPro now with macOS Ventura 13.4. Just robust firewall protection with Murus Pro. Never had a virus problem: never caught a virus in years.
Click to expand...

The reason why an AV is unnecessary is because like on Linux, software installation on a Mac is done with the highest security privilege. Users are on a standard account where in contrast on Windows, the administrator account is the default.
 
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Ink said:
Interesting to know that F-Secure goes beyond the generic Antivirus route and offers DeepGuard for pro-active protection against potentially harmful changes.


LuLu Firewall is another great free and open-source tool for Mac users.
malwaretips.com

New Update - Free and open-source Real-time Mac Security: Malware scanner, Behaviour Blocker, Anti-Spy, Firewall and Anti-Ransomware

https://objective-see.org/ GitHub: objective-see - Overview Blog: Objective-See: Blog Mac Firewall - Objective-See: LuLu On-Demand Scanner - Objective-See: KnockKnock Anti-Ransomware - Objective-See: RansomWhere? Behaviour Blocker - BlockBlock Anti-Webcam/Mic - Objective-See: KextViewr Task...
malwaretips.com malwaretips.com
Click to expand...
what about Little Snitch?
 

Similar threads

vtqhtr413
    • Like
Technology Intel to deliver a 5X jump in AI in just two chip generations
Replies
2
Views
362
Technology News
LennyFox
L
silversurfer
    • Like
    • Wow
Intel Details 144-Core Sierra Forest, Granite Rapids Architecture, and Xeon Roadmap
Replies
0
Views
406
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • +Reputation
Malware News New RustDoor macOS malware impersonates Visual Studio update
Replies
0
Views
835
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top