The Apple Mac is certainly a powerful computer but what makes it even more powerful is the quality of applications. Here are top 10 Mac apps!
WebRoot detects Xprotect as Refog
Last week as Apple released macOS Monterey 12.3 and as customers' systems updated, our security monitoring platform lit up like the proverbial Christmas tree.
Xprotect Remediator MRT v3 detected as Keylogger.Refog.1.r.
To start with we had to dig into what Xprotect Remediator MRT is. It didn't take long to find that Xprotect is Apple's built-in Anti-Virus technology.
Apple updated Xprotect on March 3rd, 2022 to version 2157, introducing rule MACOS.e150543, which prevents variants of the adware FPlayer. The other updates to XProtect come to rule MACOS.1db9cfa and MACOS.6eaea4b. Both rules prevent the XCSSET malware, introduced in version 2142 and 2144 respectively. Both were last updated in version 2149 from June 28, 2021.
Now we had to identify why WebRoot identified this as a virus. We identified that this only occurred with macOS clients running WebRoot version 188.8.131.52. Older versions didn't show the issue with macOS Monterey 12.3, and clients running version 184.108.40.206 on older builds of macOS Monterey didn't report the problem.
So it was certainly a macOS Monterey 12.3 WebRoot Version 220.127.116.11 issue.
A quick discussion with WebRoot support confirmed this was a False positive and we were advised that a resolution was in the works and would be released shortly.