Directory
Developer Zone
Design & Creativity
Productivity
Other Utilities
Others
BlockBlock
BlockBlock is a real-time security protection tool designed specifically for macOS, continuously monitoring processes and services running on the system. It instantly blocks suspicious malicious software activities and effectively prevents malicious programs from running automatically in the background, providing an additional layer of security protection for your Mac.
BlockBlock: macOS Persistent Threat Monitoring Tool
BlockBlock is a macOS system security tool developed by Objective-See, designed to monitor and block malicious software from self-starting through persistence mechanisms. It continuously monitors common persistence locations in the system, alerting users when suspicious persistence components are detected, thus effectively preventing malware from automatically running after system restarts.
🛡️ Features and Advantages
1. Real-time Monitoring of Persistence Mechanisms
- Monitors Core Locations: BlockBlock continuously monitors common persistence locations in macOS, including login items, launch daemons, launch agents, cron jobs, and other points frequently exploited by malware for persistence.
- Endpoint Security Framework: Built on Apple’s official “Endpoint Security Framework,” ensuring high efficiency and system compatibility.
2. Intelligent Alerts and Responses
- Detailed Alert Information:
- Displays the process triggering the persistence action (name, PID, path, arguments).
- Shows modified persistence files and newly added persistence components.
- Provides options to view code signing information, VirusTotal detection results, and process lineage.
- Flexible Response Options:
- Allow: Trust the process and persistence item.
- Block: Block the persistence item and remove the corresponding component from the filesystem.
- Temporary Handling: By checking the “temporarily” checkbox, users can allow or block actions temporarily without creating long-term rules.
- Rule Scope Configuration: Users can customize rule matching scope via a dropdown menu (e.g., match only the process, persistence file, persistence item, or combinations thereof).
3. Rule Creation and Management
- Automatic Rule Generation: Rules are automatically generated based on user allow/block actions, ensuring future identical persistence attempts are handled automatically.
- Manual Rule Management: Users can view, edit, or delete existing rules through the “Rules” option in the status bar menu, enabling granular control.
4. System Integration and Logging
- System Permissions Required: Installation requires system authorization and granting “Full Disk Access” to BlockBlock in System Settings to ensure effective filesystem monitoring.
- Automatic Startup Protection: After installation, BlockBlock launches automatically at system startup to provide continuous protection.
- Detailed Logging: All alerts, responses, and actions are recorded in the
/Library/Objective-See/BlockBlock/BlockBlock.logfile for easy tracking and auditing.
5. Easy Installation and Uninstallation
- Simple Installation Process: Download the latest version, run “BlockBlock Installer.app,” and click “Install” to complete setup.
- Clear Uninstallation Steps: Use the “Uninstall BlockBlock” option in the status bar menu to launch the uninstaller and remove the software completely.
🚀 Support and Compatibility
- Supported Operating Systems: macOS 10.15 and above
- Latest Version: 2.2.5 (View changelog)
- Open Source: BlockBlock’s source code is publicly available for review and auditing, enhancing transparency and trustworthiness.
BlockBlock is a lightweight, professional-grade security tool specifically designed for macOS systems, ideal for users concerned about system security and aiming to prevent malware from infiltrating via persistence mechanisms. Its design based on Apple’s official security framework ensures seamless compatibility with macOS, while its intuitive interface and flexible control options make security protection both simple and efficient.
All software data on this site is synchronized from the Awesome mac project. Copyright belongs to original authors.
Recommended Apps
Dylib Hijack Scanner
Dylib Hijack Scanner is a professional macOS security tool designed to detect and scan for Dylib Hijacking attacks, helping users identify potential risks from malicious code and protect the system from third-party application hijacking. Developed by the Objective-See security team.
Encrypto
Encrypto is a sleek and efficient file encryption tool designed specifically for macOS. Utilizing military-grade AES-256 encryption, it allows you to easily add password protection to any file, ensuring secure transmission and storage. It is the ideal choice for safeguarding privacy and sensitive data.
GPG Suite
GPG Suite is a professional macOS encryption toolkit that provides end-to-end OpenPGP encryption for your emails and files, ensuring communication privacy and data security.
KextViewer
KextViewer is a professional security utility that enables real-time detection, enumeration, and monitoring of all kernel extensions (KEXT) drivers loaded on a Mac system. It helps users promptly identify suspicious drivers and potential security threats, effectively enhancing the security of macOS.
KnockKnock
KnockKnock is a macOS security tool designed to detect malware and suspicious launch items. By scanning persistent entries, it helps users gain a comprehensive understanding of system startup processes and effectively defend against potential security threats.
LinkLiar
LinkLiar is a macOS tool specifically designed to protect network privacy by modifying and spoofing MAC addresses, preventing device tracking and deception detection within local networks. It enhances user anonymity and security while browsing, making it ideal for individuals and enterprises with high network privacy requirements.
Comments