On macOS Catalina, all code on launch is now subject to a malware check against around 100 Yara Rules encoded in Apple’s XProtect scanner, even if Gatekeeper is bypassed. In this video, I explain how researchers who want to examine malware known to XProtect on macOS Catalina can bypass these latest security checks.