Get in Touch
Back to main blog page

Running configuration data updates for Apple’s XProtect and MRT security tools

2nd February 2018 | posted by David Acland | Tags: , , , , ,

Hi all, and welcome to another “I wrote something handy and thought I should share” blog. In this post I’ll go over two scripts I’ve written to check for and install all available updates to the XProtect and MRT security tools, included in macOS.

Some Background

In the MacAdmins ‘JamfNation’ Slack Channel, someone asked about the possibility of running software updates without alerting the user with things like notifications from the OS. This is indeed possible for most updates, but the ‘Config Data’ updates for XProtect and MRT (kinda like the ‘Virus definition updates for your Anti-Malware products) will only be installed if you enabled the automatic check for updates (as detailed here). But, if you enable this automatic check, your users will likely get Software Update notifications, which is not ideal in a Lab environment.

So that leaves a choice between having devices flag up new software updates to end users, or not getting critical security software updates to XProtect etc.


Option 1:  Reposado

If you utilise the Open Source Reposado solution to manage your macOS updates, Greg has written a great guide on dealing with these updates for your estate, here.

However, what if you have devices worldwide, including perhaps at user’s homes? Or what if you have some other reason where you can’t (or don’t want to) run a Software Update Server solution?


Option 2: It’s Scriptin’ Time

At some point last September I stumbled upon a post detailing a new, undocumented feature of the softwareupdate binary in macOS 10.12 and newer, --include-config-data.

This command will not only display the Config Data updates when using the list command, but will also allow you to forceable check and install any available Config Data updates, relevant to your Mac!

But there are some limitations:

  • This new flag is completely undocumented, both in the man and help pages for softwareupdate. Its usage, language and entire functionality could change or be removed at anytime
  • So far, I’ve only seen it on macOS 10.12.x and 10.13.x. If you’re on anything older, it ain’t gonna work.

So, without further delay, here’s the two scripts I wrote around this:

Found here

This script will check to see if the OS is higher (newer) than 10.11.x (exiting if not), check to see if there are any Config Data updates available (exiting if not), then proceed to install them.


EA –

Found here

This script will check to see if the OS is higher (newer) than 10.11.x (echoing out a result of “N/A” and exiting if not) and check to see if there are any Config Data updates available (echoing out a result of “None” and exiting if not). If it finds any available ones, it’ll echo these out as the result, perfect for use in a Jamf Pro Extension attribute.


Usage Suggestions

For these scripts, I’d suggest using one of the various methods out there to disable the automatic software update checking, then triggering the install script in addition to any other method you’re using to deploy your Software Updates. For the Extension Attribute, add this in to your Jamf Pro Server to have it collect this information each time an Inventory collection is performed.


Credit Missing?

As you may have seen above, I didn’t figure out this new feature alone, but rather saw it mentioned somewhere. As a big believer in credit where credit is due, I’d like to attribute the discovery to the correct person / message. All I can remember is it was either the Mac Admins Slack, or one of the Mac messaging boards. If anyone finds it, please let me know in the usual channels (Comments, Slack, Twitter etc) and I’ll update this accordingly.



And there we go, I’ve detailed the solution I’ve used to ensure Macs get their Config Data updates. As always, if you have any questions, queries or comments, let us know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.


The usual disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. I will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.


One thought on “Running configuration data updates for Apple’s XProtect and MRT security tools”

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Articles

Apple M1 Ultra is the most Powerful Computer Chip ever
28th April 2022

M1 Ultra really is the most powerful chip ever in a personal computer – it’s…

How to fix issues with Outlook search in macOS
14th January 2020

From time to time, you search for emails in Outlook and it doesn’t display the…

2022’s 10 Security Threats We Can Learn From
2nd March 2023

Cybersecurity is a critical issue for businesses today, and it’s essential to stay informed about…

Recent Changes to Apple Configurator
7th February 2022

Apple have now made it easier to get your Macs into Apple Business manager/Apple school…

What is credential stuffing and why should you care?
25th November 2019

Credential stuffing, is a simple but effective technique to take over more of your online…

About moof IT

moof IT are an Apple focused IT company providing a full range of services to over 150 clients including user support, device management, infrastructure and security.

Contact Info

Tel: 0203 983 4444


London: 1st Floor 20 Noel Street London W1F 8GW

Social Media