Skip to main content

CoreLock is a free AI-powered Mac security app that scans for malware, audits privacy permissions, monitors network connections, and fixes issues in one click. It uses behavioral analysis, YARA rules, and hash-based detection — all running locally on your device. CoreLock scans 8 security areas in under 60 seconds: running processes, network connections, app certificates, privacy permissions (camera, microphone, screen recording), startup items, file system health, and system performance. Free tier includes 3 scans per day. Pro is $4.99/month with unlimited scans and auto-fix. Available for macOS (Apple Silicon and Intel) and Windows.

v2.4 — TCC permission audit

See what's running
on your Mac. In English.

CoreLock scans processes, network, files, certificates, and permissions — then tells you, plainly, what's normal and what isn't. Under 60 seconds. 100% local. Free forever.

Download for MacSee how it works
MACOS 12+ · WIN 10/11No account. No credit card.
CoreLock — Process Audit
Scanning
284processes
Elapsed
00:23s
Progress
MacKeeperHelper/Library/Application Support/MacKeeper/helper.xpc185.21.8.4412.4%flag
Update_Installer_v2.app~/Downloads/Update_Installer_v2.app0.2%flag
com.apple.WindowServer/System/Library/…/WindowServer3.8%ok
Slack Helper (Renderer)/Applications/Slack.app/…/Slack Helperslack-edge.com1.2%ok
Arc Browser/Applications/Arc.app/Contents/MacOS/Arc172.67.12.46.1%ok
1Password 8/Applications/1Password.app/…my.1password.com0.3%ok
Raycast/Applications/Raycast.app/…0.4%ok
3 modules complete · 5 remaining
2 flagged281 trusted
60sec
Full system scan
8
Security modules
100%
Local — no cloud
$0forever
Free tier, no card
01 — The problem

Your computer is talking. You just can't understand it.

A

Antivirus speaks a language designed to sell you things.

“PUP.Optional.BundleInstaller detected.” What does that mean? Is it bad? Your guess is as good as ours.

Threat found: Trojan.GenericKD.68421993
Action: Upgrade to Premium
B

Activity Monitor shows everything. Explains nothing.

260 processes. Most are fine. Three are not. You have no idea which are which — and neither does Apple, who built it.

PID PROCESS %CPU
29847 com.apple.Wh… 42.1
14029 launchd_helper_v2 18.3
...and 258 more.
C

Every app has permissions. You granted them all years ago.

When you last checked: never. Screen recording, microphone, full disk access — someone has them. Do you remember who?

Screen Recording — 7 apps
Microphone — 11 apps
Full Disk Access4 apps
02 — The difference

One app. Eight things your computer never told you.

Behavioral AI, not signature matching.

Traditional antivirus checks hashes against a database of known threats. CoreLock watches behavior — process trees, network destinations, permission combinations — and flags patterns that look like spyware, even if no one has seen it before.

12,400+YARA RULES
Haiku 4.5LLM ANALYSIS
Local-onlyZERO TELEMETRY
DETECTION ENGINE · v2.4

TCC permission audit

Which apps have your camera, mic, screen, and full disk. Revoke with one click.

macOS only

Network connection map

See every outbound connection, where it's going, and which app opened it.

Real-time

Certificate chain verify

Check every signed app. Flag revoked, unsigned, or expired certificates.

Ventura+

Startup item analysis

What actually launches when you boot up. Kill the ones you don't need.

LaunchAgents & Daemons

File scan — 14M signatures

Combines ClamAV's open rule set, VirusTotal-compatible hash lookups, and YARA pattern matching. On-demand or scheduled. Deep scan your Downloads folder, external drives, or the whole disk.

~1M files in 2 minutes on M-series

Performance audit

Find the app eating 40% of your CPU while you sleep. Find the login item that adds 18 seconds to every boot. Fix, don't panic.

Runs after every scan
03 — How it works

Three steps. No PhD in security required.

STEP 01

Install & open.

6 MB download. No account, no credit card, no email capture. First scan starts the moment you open the app.

CoreLock.dmg6.4 MB
STEP 02

Run a scan.

Click once. Under a minute. The scanner walks through 8 modules — processes, network, files, certs, startup, permissions, privacy, performance.

PROC ✓NET ✓FILES…CERTS
STEP 03

Read & decide.

Plain-English explanations. Everything is sorted by how worried you should actually be. One-click fixes for the ones you care about.

Unsigned app in /Downloads
→ “Update_Installer_v2.app” is not
   signed by a known developer.”
04 — Inside the app

Built for clarity. Not for anxiety.

CORELOCK / DASHBOARD / SCAN #0247
MODULES
Processes● 2
Network● 0
Files
Certificates
Startup items● 1
Permissions● 3
Privacy● 0
Performance
PROCESSES · 2 FINDINGS
Two apps are behaving oddly.
MacKeeperHelper is connecting to a server in Ukraine.

This process has opened 14 outbound connections in the last hour to an IP that doesn't appear in any legitimate software's known server list. Most users on your system have never installed MacKeeper.

PID 2984714 CONNECTIONSUNSIGNED
Update_Installer_v2.app — running from your Downloads folder.

This executable isn't signed by a developer Apple knows about. Programs that run from Downloads and aren't signed are unusual. It's either something you installed and forgot about, or something you didn't install at all.

UNSIGNEDPID 14029INSTALLED 3 DAYS AGO
TRUSTED
281
FLAGGED
2
SCAN TIME
0:47
05 — How we stack up

Against the usual suspects.

CapabilityCoreLockNortonMalwarebytesCleanMyMac
Plain-English explanationsYesJargonJargonYes
AI behavioral analysisYesSignature onlyLimitedNo
TCC permission auditYesNoNoNo
Runs 100% locallyYesCloud-assistedCloud-assistedYes
Full system scan timeUnder a minute4–8 min2–3 min~1 min
Aggressive upsell pop-upsNoneConstantFrequentOccasional
Free tier3 AI scans/dayTrial onlyScanner onlyLimited
Monthly price (Pro)$4.99$7.99–$12.99$6.67$9.96

Comparison based on publicly listed pricing and documented features as of April 2026. All trademarks property of their respective owners.

06 — Pricing

Free forever. Pro when you need it.

FREE$0

Starter

$0/ forever

Everything you need to know what's on your computer. No credit card. No account.

  • 3 AI scans per day
  • Full process & network audit
  • TCC permission review
  • Startup item analysis
  • Performance profiling
Download free
PROMOST POPULAR

Pro

$4.99/ month

Unlimited scans. Auto-fix. Deep file scanning. AI chat to ask questions about anything it finds.

  • Unlimited AI scans
  • One-click auto-fix
  • Deep file scanning (14M signatures)
  • Scheduled background scans
  • AI chat assistant
  • Priority support
See Pro plans
TEAMB2B

Team

$9.99/ seat / mo

For small businesses managing 5–50 Macs. Shared dashboard. Fleet-wide scans. Compliance reports.

  • Everything in Pro
  • Admin dashboard
  • Fleet-wide audit reports
  • SOC 2 / HIPAA compliance exports
  • SSO & SCIM
  • Dedicated success rep
Contact us
07 — Frequently asked

Objections, handled.

Macs don't get viruses, right?

+
Macs get malware — just at a lower rate than Windows, and often in forms Apple's built-in Gatekeeper doesn't catch. Adware bundlers, info-stealers that run unsigned from Downloads, and spyware-style apps with camera/mic permissions are all things we see in real-world scans. CoreLock doesn't assume you're infected; it just tells you what's actually running.

Is my data going to your servers?

+
No. Every scan — including the AI analysis — runs on your device. No file contents, no scan results, and no telemetry leave your Mac. The Pro tier syncs subscription state with our auth server and nothing else. We literally can't see what's on your computer, and we prefer it that way.

How is this different from Malwarebytes or Norton?

+
Traditional antivirus relies on signature matching — they check the hash of each file against a database of known-bad hashes. CoreLock does that too, but its primary detection method is behavioral: watching process trees, network patterns, and permission combinations that look like spyware or adware even when the file itself is novel. It also audits things antivirus typically doesn't, like TCC permissions, certificate validity, and startup items.

Can CoreLock replace my antivirus?

+
For most Mac users, yes. On Windows, we recommend running it alongside Defender (which is already good at signature matching) — CoreLock handles the behavioral and privacy layers Defender doesn't.

What does the AI actually do?

+
Two things. (1) It classifies findings — a local model looks at aggregated scan results and groups them by behavioral pattern. (2) It explains them — once a finding is classified, an explanation model turns the technical output into English a human can act on. Both run on-device using a quantized Haiku-class model.

The free tier is only 3 scans per day — is that enough?

+
For a healthy machine, yes — most users scan once a week. The cap only bites if you're actively cleaning up a problem and want to re-scan repeatedly to check your work. That's when Pro pays for itself.

Is CoreLock notarized by Apple?

+
Yes — the app is signed with an Apple Developer ID and notarized. It opens normally on macOS without the right-click-open workaround older versions needed.

See what's actually there.

Download CoreLock. Run one scan. It takes less time than reading this paragraph — and you'll know more about your computer than most of its owners ever will.

Download for macOSDownload for Windows
MACOS 12+ · WINDOWS 10/11 · 6.4 MB · SIGNED & NOTARIZED