Get in Touch
Back to main blog page
icon

Running configuration data updates for Apple’s XProtect and MRT security tools

2nd February 2018 | posted by David Acland | Tags: , , , , ,

Hi all, and welcome to another “I wrote something handy and thought I should share” blog. In this post I’ll go over two scripts I’ve written to check for and install all available updates to the XProtect and MRT security tools, included in macOS.

Some Background

In the MacAdmins ‘JamfNation’ Slack Channel, someone asked about the possibility of running software updates without alerting the user with things like notifications from the OS. This is indeed possible for most updates, but the ‘Config Data’ updates for XProtect and MRT (kinda like the ‘Virus definition updates for your Anti-Malware products) will only be installed if you enabled the automatic check for updates (as detailed here). But, if you enable this automatic check, your users will likely get Software Update notifications, which is not ideal in a Lab environment.

So that leaves a choice between having devices flag up new software updates to end users, or not getting critical security software updates to XProtect etc.

 

Option 1:  Reposado

If you utilise the Open Source Reposado solution to manage your macOS updates, Greg has written a great guide on dealing with these updates for your estate, here.

However, what if you have devices worldwide, including perhaps at user’s homes? Or what if you have some other reason where you can’t (or don’t want to) run a Software Update Server solution?

 

Option 2: It’s Scriptin’ Time

At some point last September I stumbled upon a post detailing a new, undocumented feature of the softwareupdate binary in macOS 10.12 and newer, --include-config-data.

This command will not only display the Config Data updates when using the list command, but will also allow you to forceable check and install any available Config Data updates, relevant to your Mac!

But there are some limitations:

  • This new flag is completely undocumented, both in the man and help pages for softwareupdate. Its usage, language and entire functionality could change or be removed at anytime
  • So far, I’ve only seen it on macOS 10.12.x and 10.13.x. If you’re on anything older, it ain’t gonna work.

So, without further delay, here’s the two scripts I wrote around this:

 

Install_Configuration_Data_Updates.sh

Found here

This script will check to see if the OS is higher (newer) than 10.11.x (exiting if not), check to see if there are any Config Data updates available (exiting if not), then proceed to install them.

 

EA – List_Configuration_Data_Updates.sh

Found here

This script will check to see if the OS is higher (newer) than 10.11.x (echoing out a result of “N/A” and exiting if not) and check to see if there are any Config Data updates available (echoing out a result of “None” and exiting if not). If it finds any available ones, it’ll echo these out as the result, perfect for use in a Jamf Pro Extension attribute.

 

Usage Suggestions

For these scripts, I’d suggest using one of the various methods out there to disable the automatic software update checking, then triggering the install script in addition to any other method you’re using to deploy your Software Updates. For the Extension Attribute, add this in to your Jamf Pro Server to have it collect this information each time an Inventory collection is performed.

 

Credit Missing?

As you may have seen above, I didn’t figure out this new feature alone, but rather saw it mentioned somewhere. As a big believer in credit where credit is due, I’d like to attribute the discovery to the correct person / message. All I can remember is it was either the Mac Admins Slack, or one of the Mac messaging boards. If anyone finds it, please let me know in the usual channels (Comments, Slack, Twitter etc) and I’ll update this accordingly.

 

Summary

And there we go, I’ve detailed the solution I’ve used to ensure Macs get their Config Data updates. As always, if you have any questions, queries or comments, let us know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.

 

The usual disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. I will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

 

Other Articles

blog img
Suppressing auto-update checks for Microsoft Visual Studio Code for Mac
15th January 2018

Hi there, it’s the same faces, but in a new location! Welcome to moof IT,…

Enterprise banner
10 Security tips for the average user
15th February 2018

Hi there. I hope you’ve had a good holiday and New Year’s celebration!  For this…

blog image
MacAD UK 2018 – Shields up, Captain?
21st February 2018

Update, 2018.03.30: Added link to YouTube Video Hi All, I had the pleasure of delivering…

blog image
Summary of the Apple T2 chip
2nd November 2018

This is a summary of the Apple T2 chip shipping in lots of the new…

I’m Spartacus
13th June 2018

Apple CodeSigning vulnerability A new vulnerability has been announced in the tech news this week…

About moof IT

moof IT are an Apple focused IT company providing a full range of services to over 150 clients including user support, device management, infrastructure and security.

Contact Info

Tel: 0203 983 4444

Email: hello@moof-it.co.uk

London: 1st Floor 20 Noel Street London W1F 8GW

Manchester: The Sharp Project, Thorp Rd, Manchester M40 5BJ

Surrey: Unit 9B, Southbridge House, Southbridge Place, Croydon CR0 4HA

Social Media