How does the Malwarebytes protection for macOS work?

[Massimiliano]

I am aware that your macOS product has nothing to do with your Windows product; I would like to know something more about the protection that the product offers for macOS (both real-time and scanning): it only protects based on the signatures of the threats contained in the database or it also has protection against zero-day threats; therefore offers protection, even if differently, the same level of the product for Windows, of course for macOS? (excluding web protection, ad and tracker protection, send anonymous telemetry contained in the iOS version and I hope soon in the macOS version: I am aware that you can not anticipate anything so I do not ask you when it will be)
I also ask: how often do I need to do a manual scan and how is it enough to rely on real-time protection? I ask because I happened to download the OpenAnyFiles app from the Mac AppStore in the past before it was included in the Malwarebytes signatures and was only deleted with a subsequent manual scan because the protection in real-time, even if it was considered now as a pup (after my installation), he did not detect it until I did not scan it (and if I did not regularly look at the forum I would never have noticed it).

an explanation from Thomas would be welcome ...
thank you
regards
Massimiliano

[Massimiliano]

Nobody can give me a clarification on these doubts that I posed?
thank you
regards

[candylovergirl]

Hi

I want to know too 

Thanks

Came

[Massimiliano]

Answer that they gave me from the technical support:

We use different technique for detection and among them signature based is one for known threats.

We are currently looking for adware, malware and rootkits.

We recommended once a day to scan manually the mac system.

Real-time should be turned ON every time unless there is other program  causing interference we can turn it off for a while to finish those tasks and again turn it back on.
 

Greetings

Massimiliano

Edited March 16, 2018 by MAXBAR1

[alvarnell]

Glad you got an official answer.

Detecting zero-days is a very difficult task and even those who claim to provide such protection are extremely limited in their ability to actually do so and have traditionally had a low success rate. They either have to find the same file located in a different location or observing suspicious behavior. The first requires scanning every new or changed file with read access and can take several hours to accomplish on a large volume. The second puts the burden of deciding what behavior is malicious and what is a false positive on the user with little or no added information.

I suspect the RealTime protection focuses on catching malicious downloads before they can install anything, whereas a [daily] scanning will find malware that slipped by somehow and is already installed and probably active. Technical details concerning how this is done and what is being monitored would probably do more to educate malware developers on how to defeat it, so I won't even attempt to guess here on all that.

[treed]

Malwarebytes for Mac does not currently have any machine-learning or other such engines.

RTP works by monitoring for filesystem changes, and acts when a threat is detected. However, this can mean that a threat that was previously unknown, but already installed, might not be detected by RTP,  even after the database is updated. We do have some plans to address this.