Device Security

    How to Tell If Gatekeeper or XProtect Is Disabled on Your Mac

    Confirm whether macOS's built-in defences (Gatekeeper, XProtect, SIP) are still active.

    6 min read · Beginner friendly

    macOS ships with three layers of free, automatic protection: Gatekeeper (only run signed/notarised apps), XProtect (built-in malware blocker), and SIP (System Integrity Protection). Some malware tries to disable them.

    Step 1: Check Gatekeeper

    1. System SettingsPrivacy & Security
    2. Scroll to Allow applications downloaded from
    3. It should be set to App Store or App Store and identified developers
    4. If neither option is selected, Gatekeeper has been weakened

    Step 2: Check SIP

    1. Open Terminal (Spotlight → Terminal)
    2. Type csrutil status and press Enter
    3. You should see System Integrity Protection status: enabled
    4. If it says disabled and you did not deliberately turn it off, your Mac has been tampered with

    Step 3: Check the Firewall and FileVault

    • System SettingsNetworkFirewall should be On
    • System SettingsPrivacy & SecurityFileVault should be On

    More from Device Security

    No image

    How to Block Scam Calls and Filter Spam SMS on Android

    How to Block Scam Calls and Filter Spam SMS on Android
    No image

    How to Detect Spyware or Stalkerware on an iPhone

    How to Detect Spyware or Stalkerware on an iPhone
    No image

    How to Stop Apps Spying Through Your iPhone Camera and Microphone

    How to Stop Apps Spying Through Your iPhone Camera and Microphone