Archive

Archive for December 17, 2014

Forcing XProtect blacklist updates on Mavericks and Yosemite

December 17, 2014 3 comments

One of the changes Apple made between Mountain Lion and Mavericks was how XProtect was updated. On 10.6.x – 10.8.x, Apple used /usr/libexec/XProtectUpdater to update XProtect’s blacklist. If you needed to force XProtect to update, you could run the following command with root privileges:

/usr/libexec/XProtectUpdater

Running that command with root privileges would force a check-in with Apple’s XProtect feed. If XProtect needed an update, running this command would check the current XProtect blacklist, detect that the online version was newer and pull down the new version. Once the new version had downloaded, XProtectUpdater would then exit.

Screen Shot 2014-12-17 at 10.40.35 AM

If XProtect was up to date, running this command would check the current XProtect blacklist and detect that the online version was the same as what was currently loaded on the system. XProtect would then produce a notification that it was ignoring the update because the online version was not newer than the one already on the system. XProtectUpdater would then exit.

Screen Shot 2014-12-17 at 10.39.36 AM

In 10.9.x and continuing on in 10.10.x, Apple moved the XProtect updates into Apple’s software update feed. As part of this change, the previous way of forcing XProtect by running /usr/libexec/XProtectUpdater no longer worked because /usr/libexec/XProtectUpdater did not exist on 10.9.x and higher.

Screen Shot 2014-12-17 at 10.27.07 AM

Instead, you now need to use the softwareupdate command to force the update process. For more details, see below the jump.

Read more…

%d bloggers like this: