But this doesn't scan for zero-days, only for several major known malwares.
If you want to catch real zero-days, you have to approach things very differently. Do behavioral analytics, seeing what a process is up to and if it's poking into things it shouldn't.
Many leading AV suppliers like SentinelOne, Cylance, Crowdstrike do this and are very successful at it. However Apple is just starting in the antimalware market so I forgive them that they're just scanning for some known-bads for now.
I'm honestly not convinced any of these vendors are able to do anything about zero days either. They mostly seem to try and catch post exploitation and trying to detect "weird shit" happening post compromise (persistence, exfiltration, etc.). No AI/ML security product is going to stop someone from throwing a kernel exploit a disappearing into the night.
