Purposely trigger XProtect detectors?

I have an Endpoint system extension that, in theory, receives XProtect alerts.

I regularly see XProtectPluginService starting programs like XProtecteRemediatorSheepSwap on my Mac.

I would love to be able to put one or more files/bundles on my Mac that triggers the detectors, so I can see the alerts go from the Endpoint system extension through to the UI.

Does Apple have or recommend a way (short of being infected) for triggering the XProtect detectors for testing?

Up vote post of Todd_at_Ennetix Down vote post of Todd_at_Ennetix
311 views
Posted by
Todd_at_Ennetix
Reply
Add a Comment

Replies

Does Apple have or recommend a way … for triggering the XProtect detectors for testing?

Not that I’ve seen.

Although one trick I recently learnt about is gktool, which allows you to run a Gatekeeper scan on a file explicitly.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment