Review XProtect Logs

XProtect is a built-in anti-malware feature in macOS. XProtect checks any application when it's first launched or modified against its database of known malware and unsafe file types. When you download a file through certain apps, such as Safari, Mail, or Messages, XProtect automatically scans the file. If it matches any known malware in its database, XProtect will prevent the file from running and alert you to the threat.

For background system scanning, macOS previously used MRT. Since 2022, a new module XProtect Remediator was added to macOS.

To check the scan results of XProtect Remediator, use XProCheck. However, Apple has not published details about Remediator, so the logs may be hard to understand.