I was recently contacted by Oskar who had a problem decrypting Defender for Mac Quarantine files. After quick investigations we discovered that the encrypted file doesn’t really conform to any specific file format (no magic bytes, etc.) which resulted in me updating DeXRAY’s code to handle these files ‘naively’ i.e. ‘decrypt everything if a file name looks like Mac Deender Quarantine file name’… and.. it seems to work.
Download the latest version here.