Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

PsykX

macrumors 68030
Original poster
Sep 16, 2006
2,816
4,060
So yesterday I had a popup from a process called "XProtectRemediatorPirrit" asking me for my admin username and password.
It did not say anything else. Just wanted my password.
I just dismissed it, but it appeared again today. I'm kind of concerned now.

I know XProtect is some kind of hidden Anti-virus + Anti-malware built right into macOS.

But first of all, I'd be really surprised to have malware or viruses on my computer. I don't visit fishy websites and I'm not into torrents and illegal downloading. I pay my stuff.
Second, can any developer just create a process called "XProtectRemediatorPirrit" and ask me for my password? How can I know this is authentic and from Apple itself?

I'm running macOS Sonoma 14.4.1 (23E224).
Mac Mini M2 Pro.

Here's my processes in Activity Monitor (after I dismissed the popup though...)
CleanShot 2024-05-02 at 10.24.35@2x.png
 
But why would it ask for my username and password?
I thought this thing was 100% transparent for the user. It doesn't say explicitly what my password will allow.

This might in the end be a design issue from Apple. When you ask for sensitive information, at least tell the users why you need it and the repercussions of not complying.
 
But why would it ask for my username and password?
I thought this thing was 100% transparent for the user. It doesn't say explicitly what my password will allow.

This might in the end be a design issue from Apple. When you ask for sensitive information, at least tell the users why you need it and the repercussions of not complying.
Credentials are asked for when a part of (or whole) OS needs to update. It also is required for specific deep level OS action. As I said, there is no cause for concern here, although it was an excellent idea to ask on the forum.
 
  • Like
Reactions: PsykX
But first of all, I'd be really surprised to have malware or viruses on my computer. I don't visit fishy websites and I'm not into torrents and illegal downloading. I pay my stuff.

Just a couple of quick thoughts:
  • The comments to the Eclectic Light Company post that is linked above have information, including responses from the site owner, that might help you to decide what to do. Further, Howard Oakley (the site owner) is very well respected throughout the Mac troubleshooting community.
  • There are many ways for hostile software to get on your devices. Even if you only visit "trusted" websites, for example, ad banners—which are commonly served up by companies other than the site owner—have become a common vector for infections. So in my view, personal vigilance is important but has become a less effective defense than it used to be.
 
Last edited:
  • Like
Reactions: PsykX
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.