4Şub
Adding custom rules to apple xprotect
I'm trying to build an endpoint protection software on MacOS, apart from ESF or OpenBSM, I need to block and detect malicious softwares.
I found xprotect to be useful,
- https://www.sentinelone.com/blog/macos-security-updates-part-3-apples-whitelists-blacklists-and-yara-rules/
- https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/web
But I'm not sure whether I can add custom yara rules. It looks so wrong to modify the sqlite3 database. Is there any official ways to do that?