Bug in macOS Ventura May Have Silently Broken Your Malware Protection; Here’s How to Fix It

Ventura bug malware security tool

Along with the new features in macOS Ventura, there’s a pretty major security concern. A bug in the shipping version of macOS Ventura is breaking third-party security tools that protect you from malware. Apple says a fix is on the way, but here’s how to find out if you’re affected and “unbreak” what Apple has broken.

Malware and Other Security Apps Lose Full Disk Access

In order to scan your files and emails for potentially harmful software, apps like Malwarebytes require Full Disk Access. You may not remember, but you gave your antivirus or anti malware software that access when you first installed it. Without Full Disk Access, real-time protection and other features simply can’t run.

Unfortunately, macOS Ventura has introduced a bug that revokes that access. It’s not the first troublesome change we’ve seen, but it is arguably the worst. This holds especially true because apps don’t even realize they’ve lost the disk access they need to perform a comprehensive scan of your files and emails. Thomas Reed, director of Mac and mobile platforms at Malwarebytes, says the realization hit just as the company was releasing a beta to extend Ventura compatibility.

We were getting bug reports from customers that something was wrong, and we were like, “crap, we just released a flawed beta.” We even pulled our beta out of circulation temporarily. But then we started seeing reports about other products, too, after people upgraded to Ventura, so we were like, “uh oh, this is bad.”

It all happened as Apple tried to fix an exploit security researcher Csaba Fitzel found that allowed attackers to disable tools like Malwarebytes. Fitzel told Wired that he and Apple worked on several potential fixes for the issue, but he was able to bypass all of them. Finally, he says, Apple opted to redesign the entire concept of how Full Disk Access worked.

Unfortunately, that fix caused other issues that never reared their ugly heads until after the macOS Ventura public release.

How to Fix the MacOS Ventura Bug Crippling Your Malware and Other Security Tools

Okay, now that you know why all this happened, let’s look at how to fix it. Soon, hopefully, Apple will release an update to Ventura that makes this workaround unnecessary. Until then, here are the steps you need to take to get your security software working properly again.

  • Go to System Settings > Privacy & Security.
  • Click Full Disk Access.
  • Click once on Malwarebytes Protection or your affected security tool to select it.
  • Click the minus button () at the bottom of the list to remove the tool.
  • Open Malwarebytes or your affected security tool and try enabling real-time protection.
  • The app should guide you through the process of giving it Full Disk Access.
  • Go back to System Settings > Privacy & Security > Full Disk Access. Your security software should have been added back to the list, so turn on Full Disk Access.

That should resolve the issue. You might, however, still need to re-enable real-time protection within your security app.

3 thoughts on “Bug in macOS Ventura May Have Silently Broken Your Malware Protection; Here’s How to Fix It

  • It’s one thing for this to silently happen on personal devices, it’s another in a business with many devices.

    One nuclear option: Use MDM to block InstallAssistant until a fix, which I’m skeptical will come to existence, or a manageable way to re-apply necessary permissions. This isn’t the first time this behavior has happened during an upgrade. Catalina to anything newer did the same thing.

    1. According to what Malwarebytes said, this problem actually doesn’t happen with MDM configs. It’s only on personal devices. From Wired:

      “Researchers noticed—and Apple confirmed to WIRED—that the bug doesn’t happen when large organizations use Apple’s “mobile device management” program to upgrade their fleet of devices to Ventura. This is significant, because if the bug carried over to managed enterprise devices, it would mean yet another reason for companies to put off important software updates.”

      1. We’re still setting up testing for this. I can see how MDM could be used in various ways to install threat protection software. Ours simply downloads the current installer, drops our config next to it and runs. There may be better managed methods we’re not using. Crossing fingers!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.