In 10.14 Beta 2 - what does YaraScanService do?

Just updated to 10.14 Beta 2 (18A314h). I am seeing a process named YaraScanService. I don't think it was there in Beta 1.


Anyone know what this does?

Accepted Reply

This service is started by MRT (Malware Removal Tool). I think this scanner is a part of it.

Replies

This service is started by MRT (Malware Removal Tool). I think this scanner is a part of it.

Is this new in Mojave? Just noticed it today after the Beta 2 install.

Relieved to know that it is part of OS. :-)

Why is it consuming CPU percetages between 70-90% after restart for quite some time?

Unbikkk

I'm not 100% sure, but I think after restart it scans some crucial system areas.

No; it is not since Mojave Beta 2. Some people say they have this application on Sierra.

I see it too. I do not have an app called Malware Removal Tool or such. Yes, new to me since only Beta 2 of Mojave. Does anyone really KNOW what it is or does?

You say you don't know. Can you point to any documentation on this?

What is YARA?

YARA [h ttps://virustotal.github.io/yara ]is an open source tool, originally developed by Victor Alvarez, that helps malware researchers identify malware. YARA works by ingesting “rules” and applying the logic in the rules to identify malicious files or processes.

/System/Library/CoreServices/MRT.app You can find yara in PrivateFrameworks.

This service is consuming more CPU and Memory. I had never seen this service in previous versions. Please remove this service.

yarascansevice had been running on 10.13.6 beta.


It stopped for 1 hour.