Get in Touch
Back to main blog page

Running configuration data updates for Apple’s XProtect and MRT security tools

2nd February 2018 | posted by David Acland | Tags: , , , , ,

Hi all, and welcome to another “I wrote something handy and thought I should share” blog. In this post I’ll go over two scripts I’ve written to check for and install all available updates to the XProtect and MRT security tools, included in macOS.

Some Background

In the MacAdmins ‘JamfNation’ Slack Channel, someone asked about the possibility of running software updates without alerting the user with things like notifications from the OS. This is indeed possible for most updates, but the ‘Config Data’ updates for XProtect and MRT (kinda like the ‘Virus definition updates for your Anti-Malware products) will only be installed if you enabled the automatic check for updates (as detailed here). But, if you enable this automatic check, your users will likely get Software Update notifications, which is not ideal in a Lab environment.

So that leaves a choice between having devices flag up new software updates to end users, or not getting critical security software updates to XProtect etc.


Option 1:  Reposado

If you utilise the Open Source Reposado solution to manage your macOS updates, Greg has written a great guide on dealing with these updates for your estate, here.

However, what if you have devices worldwide, including perhaps at user’s homes? Or what if you have some other reason where you can’t (or don’t want to) run a Software Update Server solution?


Option 2: It’s Scriptin’ Time

At some point last September I stumbled upon a post detailing a new, undocumented feature of the softwareupdate binary in macOS 10.12 and newer, --include-config-data.

This command will not only display the Config Data updates when using the list command, but will also allow you to forceable check and install any available Config Data updates, relevant to your Mac!

But there are some limitations:

  • This new flag is completely undocumented, both in the man and help pages for softwareupdate. Its usage, language and entire functionality could change or be removed at anytime
  • So far, I’ve only seen it on macOS 10.12.x and 10.13.x. If you’re on anything older, it ain’t gonna work.

So, without further delay, here’s the two scripts I wrote around this:

Found here

This script will check to see if the OS is higher (newer) than 10.11.x (exiting if not), check to see if there are any Config Data updates available (exiting if not), then proceed to install them.


EA –

Found here

This script will check to see if the OS is higher (newer) than 10.11.x (echoing out a result of “N/A” and exiting if not) and check to see if there are any Config Data updates available (echoing out a result of “None” and exiting if not). If it finds any available ones, it’ll echo these out as the result, perfect for use in a Jamf Pro Extension attribute.


Usage Suggestions

For these scripts, I’d suggest using one of the various methods out there to disable the automatic software update checking, then triggering the install script in addition to any other method you’re using to deploy your Software Updates. For the Extension Attribute, add this in to your Jamf Pro Server to have it collect this information each time an Inventory collection is performed.


Credit Missing?

As you may have seen above, I didn’t figure out this new feature alone, but rather saw it mentioned somewhere. As a big believer in credit where credit is due, I’d like to attribute the discovery to the correct person / message. All I can remember is it was either the Mac Admins Slack, or one of the Mac messaging boards. If anyone finds it, please let me know in the usual channels (Comments, Slack, Twitter etc) and I’ll update this accordingly.



And there we go, I’ve detailed the solution I’ve used to ensure Macs get their Config Data updates. As always, if you have any questions, queries or comments, let us know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.


The usual disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. I will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.


One thought on “Running configuration data updates for Apple’s XProtect and MRT security tools”

Leave a Reply

Your email address will not be published.

Other Articles

Registering Apple TVs with Apple Business/School Manager
15th June 2021

I recently had the pleasure of working with a client to enrol their unmanaged Apple…

Google Chrome logo
Managing Google Chrome on macOS with a Config Profile
7th April 2018

A client recently asked us set a few default Google Chrome settings for new Mac…

Case Study – Manchester Metropolitan University
20th May 2020

Moof have been working with Manchester Metropolitan University for over 4 years delivering a managed…

5 tips to keep your Mac running smoothly
22nd January 2018

We have all been there where your Mac starts to run a bit slower than…

How to Ensure That Your Macs Stay Compliant and Secure
12th May 2022

Robust cyber security is even more important in the modern era with the rise of…

About moof IT

moof IT are an Apple focused IT company providing a full range of services to over 150 clients including user support, device management, infrastructure and security.

Contact Info

Tel: 0203 983 4444


London: 1st Floor 20 Noel Street London W1F 8GW

Manchester: The Sharp Project, Thorp Rd, Manchester M40 5BJ

Surrey: Unit 9B, Southbridge House, Southbridge Place, Croydon CR0 4HA

Social Media