macOS Ventura: a bug prevents security utilities from scanning a volume thoroughly

In wanting to overhaul its malware detection system in macOS, Apple introduced a bug in Ventura that prevents security applications from fully analyzing the contents of a disk. A fix is ​​planned.

After the launch of Ventura in its first final version, security software vendors like Malwarebytes Where BlockBlock found that their tools no longer have full access to the storage volume, which they are supposed to scan for an intruder.

Applications that have requested full disk access

This access is validated by the user and this authorization is visible (and revocable) in the System Settings. So far everything was fine, at least on the surface. The access authorization is indicated as granted, yet the software informs the user that he cannot perform his task.

Blame it on a bug that appeared with the beta 11 of Ventura. As well as Explain security researcher Csaba Fitzl at Wired, Apple wanted to thoroughly review this access authorization system. This researcher had discovered a flaw that allowed an app to revoke granted access and prevent security utilities from looking for it. Apple corrected the shot, but Fitzl found a parry, and so on repeatedly.

Rather than continue this game of cat and mouse, Apple has decided to completely revise its approach. The result was integrated into the final beta of Ventura… with a bug. Two release candidate versions followed this 11th beta, but without correcting this problem which ended up in the wild.

Luckily, it doesn’t show up when Ventura is installed on a fleet of Macs — typically in business — with Apple’s deployment utility. It limits breakage on a large scale, but an individual’s Mac is affected.

Apple has planned to correct this problem in a future update, but without specifying which one. Version 13.1 of Ventura is currently in its first beta, it would be finalized around mid-December.

Until then, you can restore normal operation for these utilities by going to System Settings > Privacy and Security > Full Disk Access. There, depending on the editors, the method varies. It’s necessary remove mention of utility in question, launch the application, reactivate the live analysis function then return to the system settings to activate the app in the access rights. Or, no need to delete the app at first in the settings, just deactivate it and follow the instructions described next.

Hopefully, the utility should no longer complain about not being able to fully scan the volume.


Scroll to Top