On Apple's website, the company makes this claim about macOS High Sierra's security features:
Can anyone give me more details on the technology that enables macOS to determine if a file downloaded with Safari is a malware ? I'm just curious to see how it compares with an antivirus (no need to start a discussion about why you need or don't need an antivirus on Mac or in general, please not for the 10000th time).
Best Answer
It's part of the XProtect / file quarantine scheme built into the OS. macOS has a hard-coded list of file signatures in
/System/Library/CoreServices/XProtect.bundle/Contents/Resources/XProtect.plist. If a file matches one of the signatures, it gets flagged and quarantined. The list is silently updated, outside the usual software-update mechanism.It is effectively a very rudimentary blacklist of known malware. XProtect does not provide active scanning or heuristic-based protection offered by typical antivirus products.