There are some issues with Malwarebytes for Mac and macOS Mojave (10.14), due to a Mac feature called TCC. This article explains TCC, what the issues are, and how to work around them.
TCC is a Mojave feature that controls access to certain user data and stands for Transparency, Consent, and Control. TCC prevents apps from gaining access to things like contact info, e-mail messages, calendar data, etc, without explicit consent from the user.
How TCC conflicts with Malwarebytes
There are only two cases where TCC becomes a problem:
- Minor problem - Due to attempts to scan protected locations, a number of errors to show up in the system logs, primarily visible through the Console app. This is not actually an issue, and these can be ignored.
- Significant problem - Safari’s Extensions folder is one of the TCC protected locations. Malwarebytes should not be able to scan this location by default, but there have been a few cases where it can, but then any attempt to quarantine a detected Safari extension may receive a Remedy failed error in Malwarebytes.
Removing these extensions doesn't matter. Apple only allows certain extensions to load in Mojave, and other extensions have to use a new mechanism that doesn’t involve this protected folder. So, even if a bad extension is present, it can’t be loaded.
Solution for Remedy failed error
Give access to RTProtectionDaemon by following these instructions:
- Open System Preferences > Security & Privacy > Privacy
- Select the Full Disk Access item in the list.
- Click the lock in the bottom left corner of the window to unlock the preference pane.
- Click the + button below the list of apps.
- In the file selection dialog that opens, press command-shift-G.
- Enter the following path, then press Go:
- Select RTProtectionDaemon, then click Open.
- RTProtectionDaemon is now added to the list, which means Malwarebytes can remove these extensions, and no longer generate errors.
For additional macOS Mojave information and troubleshooting, contact Apple Support.