Monthly Archives: October 2018

YaraScanService – How to remove it

after Mac OS is upgraded to High Sierra, YaraScanService which is part of MRT.app would start automatically.
YaraScanService takes about 20GB memory in my macbook pro.

so it would make whole mac os frozen.

Even it is working, it would stop a while and start to work.
User wouldn’t feel smoothly operation.

Here is step on how to remove YaraScanService
1. reboot mac os and press ‘Command + R’ to boot into recovery mode.
2. Click the “Utilities” menu and select “Terminal” to open a terminal window.
3. run command csrutil
# csrutil status
# csrutil disable
4. reboot mac os again, now command such as ‘rm -rf xxx’ will work and won’t receive any deny message.
5. after login into macos, open “Terminal” and run
$ sudo rm -rf /System/Library/CoreService/MRT.app
6. in /System/Library/LaunchDaemons , run
$ grep -nri “mrt” *

and delete all files that are displayed on result
7. in /System/Library/LaunchAgent, run
$ grep -nri “mrt” *

and delete all files that are displayed on result

8. reboot mac os, now do some test to check YaraScanService is started or not.
9. go to recovery mode to enable csrutil
$ csrutil enable