XProtect Report
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1XProtect Report - Apple OS X3/4/2013 8:00:25 AM
2XProtect Report - Apple OS X8/15/2013 11:21:22 AM
3XProtect Report9/20/2013 9:22:04 AM
4XProtect Report10/10/2013 8:43:52 AM
5XProtect Report10/24/2013 9:12:22 AM

Description

Learn more about this analysis online: http://bigfix.me/cdb/analysis/82

Analysis of Apple's XProtect Security System

- /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

- /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

Property Details

ID2994590
StatusProduction - Fully Tested and Ready for Production
TitleXProtect Report
DomainBESC
KeywordsApple Mac XProtect
Added by on 10/24/2013 9:12:22 AM
Last Modified by on 10/24/2013 9:12:22 AM
Counters 8711 Views / 7 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

XProtect Meta LastModification
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if(not exists file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else if(not exists dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else if((not exists entries whose(exists keys of it AND exists values of it AND "LastModification" = key of it) of dictionary of it) of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else (((string of value of entry whose(exists keys of it AND exists values of it AND "LastModification" = key of it) of dictionary of it) of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") as string)
XProtect Meta Version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if(not exists file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else if(not exists dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then error "none" else if((not exists entries whose(exists keys of it AND exists values of it AND "Version" = key of it) of dictionary of it) of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then error "none" else ((integer of value of entries whose(exists keys of it AND exists values of it AND "Version" = key of it) of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") as string)
XProtect Meta PluginBlacklist
Period 6 hours
 
  * Results in a true/false
Show indented relevance
((key of it & " = " & string "MinimumPlugInBundleVersion" of dictionaries of values of it) of entries of dictionary "10" of dictionary "PlugInBlacklist" of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as string)
XProtect Meta JavaWebComponentVersionMinimum
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if(not exists file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else if(not exists dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then "<No dictionary>" else if((not exists entries whose(exists keys of it AND exists values of it AND "JavaWebComponentVersionMinimum" = key of it) of dictionary of it) of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") then ERROR "none" else (((string of value of entry whose(exists keys of it AND exists values of it AND "JavaWebComponentVersionMinimum" = key of it) of dictionary of it) of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist") as string)
XProtect PlugInUpdateAvailable
Period 6 hours
 
  * Results in a true/false
Show indented relevance
concatenation "; " of ((keys of it, (booleans of values of it) of entries of dictionaries of values of it) of entries of dictionary "10" of dictionary "PlugInBlacklist" of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as string)
XProtect Malware Descriptions
Period 6 hours
 
  * Results in a true/false
Show indented relevance
strings "Description" of dictionaries of values of array of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist"
XProtect Malware Count
Period 6 hours
 
  * Results in a true/false
Show indented relevance
number of strings "Description" of dictionaries of values of array of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist"
XProtect File LastModification
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if(not exists file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist") then ERROR "none" else modification time of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist" as string
Apple Java Version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists file "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist") then ERROR "Not Installed" else string "CFBundleShortVersionString" of dictionary of file "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist" as string
Oracle Java Version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists folder "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin" OR not exists folder "/Library/PreferencePanes/JavaControlPanel.prefPane") then ERROR "Not Installed" else bundle version of folder "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin"
Adobe Flash Plugin Version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists folder "/Library/Internet Plug-Ins/Flash Player.plugin") then ERROR "Not Installed" else bundle version of folder "/Library/Internet Plug-Ins/Flash Player.plugin"
Adobe Flash Plugin Blocked
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists folder "/Library/Internet Plug-Ins/Flash Player.plugin") then ERROR "Not Installed" else if (bundle version of folder "/Library/Internet Plug-Ins/Flash Player.plugin" as version < string "MinimumPlugInBundleVersion" of dictionary "com.macromedia.Flash Player.plugin" of dictionary "10" of dictionary "PlugInBlacklist" of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as version) then True else False
Apple Java Plugin Blocked
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists file "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist") then ERROR "Not Installed" else if (string "CFBundleShortVersionString" of dictionary of file "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist" as string) as version < (string "MinimumPlugInBundleVersion" of dictionary "com.apple.java.JavaAppletPlugin" of dictionary "10" of dictionary "PlugInBlacklist" of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as version) then True else False
Oracle Java Version Blocked
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists folder "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin" OR not exists folder "/Library/PreferencePanes/JavaControlPanel.prefPane") then ERROR "Not Installed" else if (bundle version of folder "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin" as version) < (string "MinimumPlugInBundleVersion" of dictionary "com.oracle.java.JavaAppletPlugin" of dictionary "10" of dictionary "PlugInBlacklist" of dictionary of file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as version) then True else False
XProtect Updater Status
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (not exists dictionary "com.apple.xprotectupdater" of dictionaries of file "/var/db/launchd.db/com.apple.launchd/overrides.plist") then "Enabled" else if (boolean "Disabled" of dictionary "com.apple.xprotectupdater" of dictionary of file "/var/db/launchd.db/com.apple.launchd/overrides.plist") then "Disabled" else "Enabled"
Installed Internet Plug-Ins
Period 6 hours
 
  * Results in a true/false
Show indented relevance
((name of it as string & " = " & bundle version of it as string) of folders whose (name of it ends with ".plugin") of folder "/Library/Internet Plug-ins" as string)

Relevance

Used in 17 analyses   * Results in a true/false
Show indented relevance
version of operating system >= "10.6"
Used in 222 fixlets and 99 analyses   * Results in a true/false
Show indented relevance
mac of operating system

Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
hansen_m -
Added 'XProtect Updater Status'
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as