xprotect_entries

Database of the machine’s XProtect signatures.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: xprotect_entries

  • Mac OSX

Table schema

Name Type Description
name TEXT Description of XProtected malware
launch_type TEXT Launch services content type
identity TEXT XProtect identity (SHA1) of content
filename TEXT Use this file name to match
filetype TEXT Use this file type to match
optional INTEGER Match any of the identities/patterns for this XProtect name
uses_pattern INTEGER Uses a match pattern instead of identity

Query examples

Select all the results for the given table.

SELECT * FROM xprotect_entries;