doc: Add appendix to explain antivirus interference

madsmtm · madsmtm · commit 8ce3636685b6 · 2025-09-11T09:01:02.000+02:00
The screenshot was taken in a macOS 26 Tahoe RC VM, with exif data
stripped using `exiftool` and size-optimized using `image_optim`.
diff --git a/src/doc/src/SUMMARY.md b/src/doc/src/SUMMARY.md
@@ -100,3 +100,4 @@
 * [Changelog](CHANGELOG.md)
 * [Appendix: Glossary](appendix/glossary.md)
 * [Appendix: Git Authentication](appendix/git-authentication.md)
+* [Appendix: Antivirus Software](appendix/antivirus.md)
diff --git a/src/doc/src/appendix/antivirus.md b/src/doc/src/appendix/antivirus.md
@@ -0,0 +1,30 @@
+# Antivirus Software
+
+Many operating systems include antivirus software programs that scan the system for malware. These sometimes interfere with development workflows, see below.
+
+## XProtect
+
+macOS has a layered system for protecting against malware, see [Apple's documentation](https://support.apple.com/en-gb/guide/security/sec469d47bd8/web) for details. One of the components here is XProtect, which intercepts all binary launches and scans new binaries for malware before executing them.
+
+Unfortunately, scanning binaries is done on a single thread and can be fairly slow (100-300ms). This affects projects developed with Cargo, since Cargo creates many binaries that are often only executed once (examples include build scripts and test binaries).
+
+You can avoid this overhead by doing the following:
+- Open `System Settings` and navigate to the `Privacy & Security` item.
+- On older macOS versions, click the `Privacy` tab.
+- Navicate to the `Developer Tools` item.
+- Add your terminal to the list, and enable it.
+  - You can run `spctl developer-mode enable-terminal` to add `Terminal.app` to this list.
+  - If you use a third-party terminal application, you might need to add that here as well.
+- Restart your terminal.
+
+See the screenshot below for what this looks like on macOS 26 Tahoe.
+
+![System Settings with Terminal.app set as a Developer Tool](../images/macos-developer-tool-settings.png)
+
+### Security considerations
+
+Unfortunately, there doesn't seem to be a way to scope this to select binaries, e.g. adding Cargo directly as a developer tool has no effect, it has to be the "top-level" process.
+
+As such, **this disables your antivirus for all software that is launched via your terminal**. This is only one part of macOS' security protections that specifically checks for known malware signatures, and it is nowhere near as unsafe as disabling SIP or giving Full Disk Access would be - but depending on your security constraints, you might still consider leaving it enabled.
+
+Changing this setting has not been tested on systems in enterprise environments, it might affect more things there.
diff --git a/src/doc/src/images/macos-developer-tool-settings.png b/src/doc/src/images/macos-developer-tool-settings.png
diff --git a/src/doc/src/index.md b/src/doc/src/index.md
@@ -32,6 +32,7 @@ The commands will let you interact with Cargo using its command-line interface.
 **Appendices:**
 * [Glossary](appendix/glossary.md)
 * [Git Authentication](appendix/git-authentication.md)
+* [Antivirus Software](appendix/antivirus.md)
 
 **Other Documentation:**
 * [Changelog](CHANGELOG.md)
