XProtect Report
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1XProtect Report - Apple OS X3/4/2013 8:00:25 AM
2XProtect Report - Apple OS X8/15/2013 11:21:22 AM
3XProtect Report9/20/2013 9:22:04 AM
4XProtect Report10/10/2013 8:43:52 AM
5XProtect Report10/24/2013 9:12:22 AM

Description

Learn more about this analysis online: http://bigfix.me/cdb/analysis/82

Analysis of Apple's XProtect Security System

- /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

- /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist


Property Details

ID2994590
StatusProduction - Fully Tested and Ready for Production
TitleXProtect Report
DomainBESC
KeywordsApple Mac XProtect
Added by on 10/24/2013 9:12:22 AM
Last Modified by on 10/24/2013 9:12:22 AM
Counters 5322 Views / 5 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

XProtect Meta LastModification
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if(not exists file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else if(not exists dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else if((not exists entries whose(exists keys of it AND exists values of it AND "LastModification" = key of it) of dictionary of it) of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else (((string of value of entry whose(exists keys of it AND exists values of it AND "LastModification" = key of it) of dictionary of it) of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") as string)
XProtect Meta Version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if(not exists file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else if(not exists dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then error "none" else if((not exists entries whose(exists keys of it AND exists values of it AND "Version" = key of it) of dictionary of it) of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then error "none" else ((integer of value of entries whose(exists keys of it AND exists values of it AND "Version" = key of it) of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") as string)
XProtect Meta PluginBlacklist
Period 6 hours
 
  * Results in a true/false
Show indented relevance
((key of it & " = " & string "MinimumPlugInBundleVersion" of dictionaries of values of it) of entries of dictionary "10" of dictionary "PlugInBlacklist" of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as string)
XProtect Meta JavaWebComponentVersionMinimum
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if(not exists file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else if(not exists dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then "<No dictionary>" else if((not exists entries whose(exists keys of it AND exists values of it AND "JavaWebComponentVersionMinimum" = key of it) of dictionary of it) of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else (((string of value of entry whose(exists keys of it AND exists values of it AND "JavaWebComponentVersionMinimum" = key of it) of dictionary of it) of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") as string)
XProtect PlugInUpdateAvailable
Period 6 hours
 
  * Results in a true/false
Show indented relevance
concatenation "; " of ((keys of it, (booleans of values of it) of entries of dictionaries of values of it) of entries of dictionary "10" of dictionary "PlugInBlacklist" of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as string)
XProtect Malware Descriptions
Period 6 hours
 
  * Results in a true/false
Show indented relevance
strings "Description" of dictionaries of values of array of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist"
XProtect Malware Count
Period 6 hours
 
  * Results in a true/false
Show indented relevance
number of strings "Description" of dictionaries of values of array of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist"
XProtect File LastModification
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if(not exists file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist") then ERROR "none" else modification time of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist" as string
Apple Java Version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists file "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist") then ERROR "Not Installed" else string "CFBundleShortVersionString" of dictionary of file "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist" as string
Oracle Java Version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists folder "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin" OR not exists folder "/Library/PreferencePanes/JavaControlPanel.prefPane") then ERROR "Not Installed" else bundle version of folder "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin"
Adobe Flash Plugin Version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists folder "/Library/Internet Plug-Ins/Flash Player.plugin") then ERROR "Not Installed" else bundle version of folder "/Library/Internet Plug-Ins/Flash Player.plugin"
Adobe Flash Plugin Blocked
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists folder "/Library/Internet Plug-Ins/Flash Player.plugin") then ERROR "Not Installed" else if (bundle version of folder "/Library/Internet Plug-Ins/Flash Player.plugin" as version < string "MinimumPlugInBundleVersion" of dictionary "com.macromedia.Flash Player.plugin" of dictionary "10" of dictionary "PlugInBlacklist" of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as version) then True else False
Apple Java Plugin Blocked
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists file "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist") then ERROR "Not Installed" else if (string "CFBundleShortVersionString" of dictionary of file "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist" as string) as version < (string "MinimumPlugInBundleVersion" of dictionary "com.apple.java.JavaAppletPlugin" of dictionary "10" of dictionary "PlugInBlacklist" of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as version) then True else False
Oracle Java Version Blocked
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists folder "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin" OR not exists folder "/Library/PreferencePanes/JavaControlPanel.prefPane") then ERROR "Not Installed" else if (bundle version of folder "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin" as version) < (string "MinimumPlugInBundleVersion" of dictionary "com.oracle.java.JavaAppletPlugin" of dictionary "10" of dictionary "PlugInBlacklist" of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as version) then True else False
XProtect Updater Status
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists dictionary "com.apple.xprotectupdater" of dictionaries of file "/var/db/launchd.db/com.apple.launchd/overrides.plist") then "Enabled" else if (boolean "Disabled" of dictionary "com.apple.xprotectupdater" of dictionary of file "/var/db/launchd.db/com.apple.launchd/overrides.plist") then "Disabled" else "Enabled"
Installed Internet Plug-Ins
Period 6 hours
 
  * Results in a true/false
Show indented relevance
((name of it as string & " = " & bundle version of it as string) of folders whose (name of it ends with ".plugin") of folder "/Library/Internet Plug-ins" as string)

Relevance

Used in 17 analyses   * Results in a true/false
Show indented relevance
version of operating system >= "10.6"
Used in 207 fixlets and 97 analyses   * Results in a true/false
Show indented relevance
mac of operating system

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
hansen_m -
Added 'XProtect Updater Status'