You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: millbear69
millbear69 Author
User level: Level 1
10 points

How do I view the Xprotect definitions?

I just wondering how to view the Xprotect definitions. Thanks to anyone that could give input.

Posted on Oct 22, 2011 2:17 PM

Reply
Question marked as Top-ranking reply
User profile for user: andyBall_uk
andyBall_uk
User level: Level 7
20,516 points

Posted on Oct 22, 2011 2:41 PM

Hi 🙂


if you mean the Xprotect.plist file


use Finder-Go-Go to Folder (Command-Shift-G) and enter

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/

then select xprotect.plist & press the Space key


entering

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

into Safari's address bar should do the same, and show the file ready-selected.


or at least that works on Snow - I haven't specifically looked in Lion

View in context
20 replies
Question marked as Top-ranking reply
User profile for user: andyBall_uk
andyBall_uk
User level: Level 7
20,516 points

Oct 22, 2011 2:41 PM in response to millbear69

Hi 🙂


if you mean the Xprotect.plist file


use Finder-Go-Go to Folder (Command-Shift-G) and enter

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/

then select xprotect.plist & press the Space key


entering

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

into Safari's address bar should do the same, and show the file ready-selected.


or at least that works on Snow - I haven't specifically looked in Lion

Reply
User profile for user: andyBall_uk
andyBall_uk
User level: Level 7
20,516 points

Oct 22, 2011 3:51 PM in response to millbear69

you might check that the file and/or folder is not locked, and that you have no 'security' software which might be blocking the update.


There is a malware variant which disables xprotect, or so I read - so if you installed 'Flash' other than direct from Adobe recently, or anything else not beyond suspicion, I'd certainly look into exactly what it was.

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,233 points

Oct 22, 2011 7:48 PM in response to millbear69

millbear69 wrote:


It seems that the latest entry in the list was Flashback.A. Is that what it should be at?

Yes, Apple seems to be lumping all versions of the Flashback installer into one version whereas F-Secure has catagorized A through C and Intego says that they found A through D, the last one seen over a week ago.


Since I don't have a copy of the latest version, I can't say for certain that Apple is completely up-to-date, but the timing would indicate that they could be.


The version (1010) and format of the Lion database is slightly different with only ten malware items identified and within the last entry for OSX.Flashback.A there are eleven different signatures.

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,233 points

Oct 24, 2011 1:29 PM in response to Med.amine

Med.amine wrote:


i just want ton know how to verfiy that xprotect work cause i don't see it's process .

What version of the database do you currently have? If you don't know it should still be in this file:


/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist


as Andy Ball previously suggested.


Since you are posting to the Lion Forum, I'll assume that's what your are running, in which case the current version is 1010.

Reply

How do I view the Xprotect definitions?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up