It only checks downloaded files run through File Quarantine, which makes it similar to the SmartScreen feature on Windows. It’s designed to sit between your Mac and the web, preventing you from running a few known-malicious applications. RELATED: Mac OS X Isn't Safe Anymore: The Crapware / Malware Epidemic Has Begun If you disable it, your Mac won’t update its XProtect file with the latest definitions from Apple.
Ensure the “Install system data files and security updates” option is enabled. To view this setting, click the Apple menu, select System Preferences, and click the App Store icon. Malware definition updates arrive through Apple’s normal software update process. Like other software updates on Mac OS X, these are enabled by default, but can be disabled. When you open a downloaded application, File Quarantine checks if it matches any of the malware definitions in the XProtect file. If it does, you’ll see a nastier warning message that says running the file will damage your computer and informing you which malware definition it matches. You can even open this file and see the list of malicious applications Mac OS X is checking for when you open downloaded application files. Back in 2009, Apple made File Quarantine also check downloaded application files against a list stored in the System/Library/Core Services/CoreTypes.bundle/Contents/Resources/ist file on your Mac.