Advice Request macOS needs an AV?

Please provide comments and solutions that are helpful to the author of this topic.
Trident said:
Since you’re a paying customer it is their duty to get certain product issues fixed. If they can’t, they will escalate it to the relevant team. As always, you’ll need to try for yourself, proceed with caution.
Click to expand...
I will visit Norton mac website and see vibe I get... :rolleyes:
 
  • Like
Reactions: vtqhtr413 and Trident
Anthony Qian said:
I’m using F-Secure on my Mac, so far so good. F-Secure, as far as I’m aware, is the only AV product that has behavioral protection function (DeepGuard) on macOS.
Click to expand...
symantec-enterprise-blogs.security.com

Symantec Endpoint Security on MacOS

Meet the new Symantec Agent for macOS Endpoint Protection
symantec-enterprise-blogs.security.com symantec-enterprise-blogs.security.com
The new version can be installed and managed from either the on-premises Symantec Endpoint Protection Manager or the Integrated Cyber Defense Manager (ICDm) cloud console. This agent release includes key innovations such as:

  • Behavioral analysis, which analyzes good and bad behaviors to prevent new and unknown threats on the macOS.
Click to expand...
According to Symantec documentation above, Symantec client for Mac includes behavioural analysis as well. Since Norton for Mac in the package names still carries “Symantec” references, one can assume that behavioural protection is included. However documentation is inconclusive to say for sure. Nevertheless, F-Secure is not the only one.
 
  • Like
Reactions: vtqhtr413, Nevi, roger_m and 1 other person
Trident said:
symantec-enterprise-blogs.security.com

Symantec Endpoint Security on MacOS

Meet the new Symantec Agent for macOS Endpoint Protection
symantec-enterprise-blogs.security.com symantec-enterprise-blogs.security.com

According to Symantec documentation above, Symantec client for Mac includes behavioural analysis as well. Since Norton for Mac in the package names still carries “Symantec” references, one can assume that behavioural protection is included. However documentation is inconclusive to say for sure. Nevertheless, F-Secure is not the only one.
Click to expand...
I’ve edited my comment. However F-Secure lets you create your own HIPS-like rule on macOS, which is quite customizable.
 
  • Like
Reactions: simmerskool, Trident and roger_m
Ink said:
Do you need those functions when running trusted apps? Are you able to share screenshots as an example.
Click to expand...
According to F-Secure's help manual, there are three levels of protection of DeepGuard:
• Default: This level allows most built-in macOS apps and processes to work normally. It does not monitor read operations on the computer, but checks attempts to write or run files.
• Classic: This level allows most built-in macOS apps and processes to work normally. It monitors attempts to read, write, or run files.
• Strict: This level only allows access to necessary processes. This allows you to more closely monitor system processes and built-in applications.

So I believe Apple's native apps are not monitored and are allowed to run smoothly. For other third-party apps, I have not noticed DeepGuard blocking their behavior, except for the app called pap.er. Screenshot is attached.

截屏2023-05-21 23.03.45.png
 
  • Like
  • Thanks
Reactions: ItsReallyMe, roger_m, Ink and 1 other person
HIPS like in a way that it will block certain behaviours of your choice (let’s say screenshot creation for the sake of example or writing files in certain directories) or it just includes aggressiveness level for the behaviour monitor?

I might give it a spin in the coming days. Do you know if it still uses Avira engine or just proprietary ones?
 
Anthony Qian said:
I’ve edited my comment. However F-Secure lets you create your own HIPS-like rule on macOS, which is quite customizable.
Click to expand...
I think I have an unused F-Secure license, tempted to try F-Secure on mac, but still reluctant to drift away from pure Apple protection :cautious:
 
  • Like
Reactions: Trident
Trident said:
HIPS like in a way that it will block certain behaviours of your choice (let’s say screenshot creation for the sake of example or writing files in certain directories) or it just includes aggressiveness level for the behaviour monitor?

I might give it a spin in the coming days. Do you know if it still uses Avira engine or just proprietary ones?
Click to expand...
Only when you turn on the advanced mode of DeepGuard does it allow you to create your own rules and modify protection levels.

Yeah, like F-Secure for PC, Mac version also uses Avira engine as well as their own engine, Hydra (F-Secure Latest Database Updates). Additionally, detection from Protection Cloud can also be triggered and suspicious files will also be sent.
 
  • Like
Reactions: simmerskool and Trident
Anthony Qian said:
According to F-Secure's help manual, there are three levels of protection of DeepGuard:
• Default: This level allows most built-in macOS apps and processes to work normally. It does not monitor read operations on the computer, but checks attempts to write or run files.
• Classic: This level allows most built-in macOS apps and processes to work normally. It monitors attempts to read, write, or run files.
• Strict: This level only allows access to necessary processes. This allows you to more closely monitor system processes and built-in applications.

So I believe Apple's native apps are not monitored and are allowed to run smoothly. For other third-party apps, I have not noticed DeepGuard blocking their behavior, except for the app called pap.er. Screenshot is attached.

View attachment 275550
Click to expand...
Interesting to know that F-Secure goes beyond the generic Antivirus route and offers DeepGuard for pro-active protection against potentially harmful changes.

simmerskool said:
How to Geek mentioned a KnockKnock for scanning if you do not want a real-time av on macOS. I have never used it.
Click to expand...
LuLu Firewall is another great free and open-source tool for Mac users.
malwaretips.com

New Update - Free and open-source Real-time Mac Security: Malware scanner, Behaviour Blocker, Anti-Spy, Firewall and Anti-Ransomware

https://objective-see.org/ GitHub: objective-see - Overview Blog: Objective-See: Blog Mac Firewall - Objective-See: LuLu On-Demand Scanner - Objective-See: KnockKnock Anti-Ransomware - Objective-See: RansomWhere? Behaviour Blocker - BlockBlock Anti-Webcam/Mic - Objective-See: KextViewr Task...
malwaretips.com malwaretips.com
 
  • Like
Reactions: simmerskool, Gandalf_The_Grey and Trident
Hi,
I have tried F-secure, norton, kaspersky, bitdefender and since a year I have switched to INTEGO.
Frankly, for me it is the best protection on MAC.
Fast scans
firewall
What more can you ask for?
 
  • Like
Reactions: simmerskool and Trident
The last test done in June by 2022 AV-Comparatives Intego was the only one not certified:
Unfortunately, Intego app did not quite reach our threshold for Mac malware detection, and so was not certified this year.
Click to expand...
www.av-comparatives.org

Mac Security Test & Review 2022

Read the Mac Security Test & Review 2022 to learn how well Mac security software products can protect against Malware
www.av-comparatives.org www.av-comparatives.org
Let's see what's changed this year (probably June 2023).
 
  • Like
  • +Reputation
Reactions: roger_m, simmerskool and Trident
Gandalf_The_Grey said:
The last test done in June by 2022 AV-Comparatives Intego was the only one not certified:

www.av-comparatives.org

Mac Security Test & Review 2022

Read the Mac Security Test & Review 2022 to learn how well Mac security software products can protect against Malware
www.av-comparatives.org www.av-comparatives.org
Let's see what's changed this year (probably June 2023).
Click to expand...
It’s also quite expensive and uneconomical for users who have devices with different platforms, as the Windows version is not great (just another Avira-based AV). They don’t offer any mobile apps either.
 
  • Like
Reactions: roger_m, simmerskool and Gandalf_The_Grey
flaubert1971 said:
Never any antivirus on my MacPro now with macOS Ventura 13.4. Just robust firewall protection with Murus Pro. Never had a virus problem: never caught a virus in years.
Click to expand...

The reason why an AV is unnecessary is because like on Linux, software installation on a Mac is done with the highest security privilege. Users are on a standard account where in contrast on Windows, the administrator account is the default.
 
Ink said:
Interesting to know that F-Secure goes beyond the generic Antivirus route and offers DeepGuard for pro-active protection against potentially harmful changes.


LuLu Firewall is another great free and open-source tool for Mac users.
malwaretips.com

New Update - Free and open-source Real-time Mac Security: Malware scanner, Behaviour Blocker, Anti-Spy, Firewall and Anti-Ransomware

https://objective-see.org/ GitHub: objective-see - Overview Blog: Objective-See: Blog Mac Firewall - Objective-See: LuLu On-Demand Scanner - Objective-See: KnockKnock Anti-Ransomware - Objective-See: RansomWhere? Behaviour Blocker - BlockBlock Anti-Webcam/Mic - Objective-See: KextViewr Task...
malwaretips.com malwaretips.com
Click to expand...
what about Little Snitch?
 

You may also like...