The macOS sensor relies on both file magic header detection and file extensions to determine file types to be scanned by the background scan.
Magic header detection is used when a file has no extension or an arbitrary (obfuscated) extension.
Binary Files
| Apple executables | Apple driver extensions | Apple dynamic libraries |
| Windows executables | Windows dynamic libraries |
Data Files
| Adobe PDF |
| MS Office |
| Open Office |
Installer Files
| Apple installers (DMG, PKG) |
| By extension only: Windows MSI files, Android APK installers |
Script Files
| java (class and jar) | Perl | Python |
| PHP | Ruby | Shell |
| Applescript | Any other script files with "#!" file header indicating interpreter association |
Windows Script Files by Extension Only
| bat | chm | cmd |
| com | hta | inf |
| ins | isp | ocx |
| reg | vb | vbe |
| vbs | ws | wsf |
| wsh | ps1 | ps1xml |
| psc1 | psd1 | psm1 |
