XProtectUpdates (XPU) is a LaunchAgent and shell script. It will run a scan every four hours and notify the user if macOS XProtect has been updated.
XPU also tries to get more information on the update from Digita Security's Xplorer.
Note: XPU is not an XProtect management solution; for that you might also want to check out UXProtect by Digita Security.
If you want to receive update notifications on every relevant macOS Security component, you should use macOS Security Updates instead.
- clone repo
chmod +x xprotectupdates.sh && ln -s xprotectupdates.sh /usr/local/bin/xprotectupdates.shcp local.lcars.XProtectUpdates.plist $HOME/Library/LaunchAgents/local.lcars.XProtectUpdates.plistlaunchctl load $HOME/Library/LaunchAgents/local.lcars.XProtectUpdates.plist- optional: install terminal-notifier
After running the LaunchAgent at least once, e.g. with launchctl start local.lcars.XProtectUpdates, you can test the XProtect update notification functionality by entering the following command sequence:
plutil -replace Version -integer 2098 "$HOME/.cache/xpu/XProtect.meta.plist" && launchctl start local.lcars.XProtectUpdates
- The agent (and thereby the script) will run every 4 hours. If there has been an XProtect update, it's possible that Digita's Xplorer hasn't been updated yet, i.e. XPU will not return any useful information on the contents of the update. This obviously still needs some testing, but if you want to be on the safe side, you can change the agent's frequency by editing the plist key
StartInterval, e.g. from 4 to 8 hours. - XPU has only been tested on El Capitan (OS X 10.11).
- XPU uses the macOS Notification Center, so the minimum system requirement is OS X 10.8.
launchctl unload $HOME/Library/LaunchAgents/local.lcars.XProtectUpdates.plist- remove the cloned XProtectUpdates GitHub repository
rm -f /usr/local/bin/xprotectupdates.shrm -rf $HOME/.cache/xpurm -f $HOME/Library/Logs/local.lcars.XProtectUpdates.logrm -f /tmp/local.lcars.XProtectUpdates.stdoutrm -f /tmp/local.lcars.XProtectUpdates.stderr