YaraScanService

Discussion in 'Mac OS X Support' started by tenebra, Jul 12, 2018.

  1. tenebra

    tenebra

    Joined:
    Nov 30, 2013
    Messages:
    11
    Motherboard:
    GA-Z97X-UD3H r1.1
    CPU:
    i7-4790K
    Graphics:
    MSI GTX 980 Ti Gaming 6G
    Mac:
    MacBook Pro, Mac mini
    Classic Mac:
    Power Mac
    Mobile Phone:
    Android
    Jul 12, 2018 at 7:02 PM #1
    tenebra

    tenebra

    Joined:
    Nov 30, 2013
    Messages:
    11
    Motherboard:
    GA-Z97X-UD3H r1.1
    CPU:
    i7-4790K
    Graphics:
    MSI GTX 980 Ti Gaming 6G
    Mac:
    MacBook Pro, Mac mini
    Classic Mac:
    Power Mac
    Mobile Phone:
    Android
    After installing the 10.13.6 update I noticed a process "YaraScanService" eating up lots of CPU and memory. I don't find much about it on the web, it seems to be some malware scanner. It is located in /System/Library/CoreServices/MRT.app/Contents/XPCServices. Does anybody know more about this process?
     
  2. waterzooi

    waterzooi

    Joined:
    Jan 30, 2011
    Messages:
    11
    Mac:
    Mac Pro
    Jul 16, 2018 at 6:19 AM #2
    waterzooi

    waterzooi

    Joined:
    Jan 30, 2011
    Messages:
    11
    Mac:
    Mac Pro
    This seems a common problem (although I am not affected personally).
    The process is legit and linked to Apple's Malware Removal Tool.
     
  3. jaymonkey

    jaymonkey Moderator

    Joined:
    Aug 27, 2011
    Messages:
    1,859
    Motherboard:
    ASRock-Z97 Extreme-6
    CPU:
    i7-4790K O/C @ 4.5GHz
    Graphics:
    HD4600 + GTX 980 Ti
    Mac:
    MacBook Air
    Mobile Phone:
    Android, iOS
    Aug 6, 2018 at 11:54 PM #3
    jaymonkey

    jaymonkey Moderator

    Joined:
    Aug 27, 2011
    Messages:
    1,859
    Motherboard:
    ASRock-Z97 Extreme-6
    CPU:
    i7-4790K O/C @ 4.5GHz
    Graphics:
    HD4600 + GTX 980 Ti
    Mac:
    MacBook Air
    Mobile Phone:
    Android, iOS
    @tenebra,

    Its a new anti-malware service installed with MacOS 10.13.6 & 10.14.X, its the Apple equivalent of Microsoft's Malicious Software Removal Tool (MRT) ... Pretty sneaky of Apple to install something like this without asking for the users permission.

    The YaraScanService consumes a lot of CPU and memory resources while its scanning, it is meant to run once and then delete itself, however on my laptop hack it ran on every reboot. Since I always install Sophos Anti-Virus on all my Mac & Hackingtosh systems which also detects malware I have no need for it and (like MS MRT) it is a massive resource hog.

    If it fails to remove itself automatically and you see that its running all the time or after every reboot you can disable it permanently with the following method :-
    1. Kill the YaraScanService using Activity Monitor
    2. Open terminal and type the following commands:
      Code:
      sudo launchctl unload /System/Library/LaunchDaemons/com.apple.MRTd.plist
      sudo rm -R /System/Library/CoreServices/MRT.app
    3. Reboot
    4. Check that YaraScanService is no longer running, if it is try the above again in safe mode

    Note: After a MacOS update the Apple MRT service will be automatically re-installed and re-enabled so you will need perform the above procedure again.

    Hope this helps.
    Cheers
    Jay
     
    samanosuke likes this.
    Last edited: Aug 7, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice