Get in Touch
Back to main blog page

Running configuration data updates for Apple’s XProtect and MRT security tools

2nd February 2018 | posted by David Acland | Tags: , , , , ,

Hi all, and welcome to another “I wrote something handy and thought I should share” blog. In this post I’ll go over two scripts I’ve written to check for and install all available updates to the XProtect and MRT security tools, included in macOS.

Some Background

In the MacAdmins ‘JamfNation’ Slack Channel, someone asked about the possibility of running software updates without alerting the user with things like notifications from the OS. This is indeed possible for most updates, but the ‘Config Data’ updates for XProtect and MRT (kinda like the ‘Virus definition updates for your Anti-Malware products) will only be installed if you enabled the automatic check for updates (as detailed here). But, if you enable this automatic check, your users will likely get Software Update notifications, which is not ideal in a Lab environment.

So that leaves a choice between having devices flag up new software updates to end users, or not getting critical security software updates to XProtect etc.


Option 1:  Reposado

If you utilise the Open Source Reposado solution to manage your macOS updates, Greg has written a great guide on dealing with these updates for your estate, here.

However, what if you have devices worldwide, including perhaps at user’s homes? Or what if you have some other reason where you can’t (or don’t want to) run a Software Update Server solution?


Option 2: It’s Scriptin’ Time

At some point last September I stumbled upon a post detailing a new, undocumented feature of the softwareupdate binary in macOS 10.12 and newer, --include-config-data.

This command will not only display the Config Data updates when using the list command, but will also allow you to forceable check and install any available Config Data updates, relevant to your Mac!

But there are some limitations:

  • This new flag is completely undocumented, both in the man and help pages for softwareupdate. Its usage, language and entire functionality could change or be removed at anytime
  • So far, I’ve only seen it on macOS 10.12.x and 10.13.x. If you’re on anything older, it ain’t gonna work.

So, without further delay, here’s the two scripts I wrote around this:

Found here

This script will check to see if the OS is higher (newer) than 10.11.x (exiting if not), check to see if there are any Config Data updates available (exiting if not), then proceed to install them.


EA –

Found here

This script will check to see if the OS is higher (newer) than 10.11.x (echoing out a result of “N/A” and exiting if not) and check to see if there are any Config Data updates available (echoing out a result of “None” and exiting if not). If it finds any available ones, it’ll echo these out as the result, perfect for use in a Jamf Pro Extension attribute.


Usage Suggestions

For these scripts, I’d suggest using one of the various methods out there to disable the automatic software update checking, then triggering the install script in addition to any other method you’re using to deploy your Software Updates. For the Extension Attribute, add this in to your Jamf Pro Server to have it collect this information each time an Inventory collection is performed.


Credit Missing?

As you may have seen above, I didn’t figure out this new feature alone, but rather saw it mentioned somewhere. As a big believer in credit where credit is due, I’d like to attribute the discovery to the correct person / message. All I can remember is it was either the Mac Admins Slack, or one of the Mac messaging boards. If anyone finds it, please let me know in the usual channels (Comments, Slack, Twitter etc) and I’ll update this accordingly.



And there we go, I’ve detailed the solution I’ve used to ensure Macs get their Config Data updates. As always, if you have any questions, queries or comments, let us know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.


The usual disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. I will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.


Other Articles

Introducing moof IT and saying goodbye to Amsys
30th December 2017

With Apple’s ever increasing march into enterprise, the vision that Amsys set out to achieve,…

To cloud or not to cloud… that is the question
7th January 2020

For the last few years the only sensible place to host your email services has been…

Jamf Pro and patching
13th September 2019

One of the main elements of Jamf Pro that sets it apart from the competition…

What’s changed in the new CIS Benchmarks for Catalina and Mojave?
9th April 2020

As some of you may have spotted, CIS ( released new security benchmarks for Catalina…

Case Study – Moorhouse Consulting
7th May 2020

Moof have been working with Moorhouse for over 4 years, the CFO Jon Russell was…

About moof IT

moof IT are an Apple focused IT company providing a full range of services to over 150 clients including user support, device management, infrastructure and security.

Contact Info

Tel: 0203 983 4444


London: 1st Floor 20 Noel Street London W1F 8GW

Manchester: The Sharp Project, Thorp Rd, Manchester M40 5BJ

Surrey: Unit 9B, Southbridge House, Southbridge Place, Croydon CR0 4HA

Social Media