Question re: some of the checks oriented towards malware artifacts/known malicious extensions (e.g. “Malware - macOS Malware Apps,” “Nano Adblocker,” “OSX/Leverage.A (files)“). This seems like the purview of AV/EDR apps, is there a reason why these checks exist in particular? Are they known to not be caught by other malware scanners?

Hey Evan! Yes, these Checks were built specifically for malware commonly missed by typical EDR providers. That said, we've moved away from providing new Checks in this area over time as we have found that they're not a great fit for our end-user remediation remit. Essentially, the user is told "contact IT" if a failure generates for these issues, and that is a direction that we have pivoted away from in recent years. All that to say, we do not plan to release more Checks of this type and if future maintenance is needed on them may choose to decommission them instead.

Got it - thanks for that insight, makes sense!