Toggle sidebar Toggle sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Deactivating install security responses and system files?

G

greenmike

macrumors member
Original poster
Hi there,

I use my M4 Pro mainly for work in post production and don't want anything to install in the background without my approval.

To deactivate "Download new updates when available", "Install MacOS updates" and "Install application updated from the app store" is obvious to me but I'm not so sure about the bottom "install security responses and system files".

Can I also deactivate this and be able to install them later manually on the updates section of the settings? Or will I deactivate some essential system function and rather not do it?
 
You can de-activate everything.

However, ask yourself why you don't want the security updates to install automatically, as I think these include signature updates to the built-in virus checker.
 
adrianlondon said:
You can de-activate everything.

However, ask yourself why you don't want the security updates to install automatically, as I think these include signature updates to the built-in virus checker.
Click to expand...
Would these security updates when deactivated still show up manually on the update page when deactivated?

I just don't want anything to install in the background without my say-so. This can crash entire sessions possibly and cause issues when I'm working on things.
 
greenmike said:
Would these security updates when deactivated still show up manually on the update page when deactivated?
Click to expand...
Typically, no, these updates won't show in the Settings panel. However, they will show when you run softwareupdate --list --include-config-data at the command line. You will be able to install them individually using the command line.

Or you can use the excellent utility SilentKnight to view available updates and install individual ones
eclecticlight.co

SilentKnight, Skint, SystHist, silnite, LockRattler & Scrub

Skint – a watchful eye on security settings Updated! Checks key security settings and features including SIP, SSV, Gatekeeper, XProtect, XProtect Remediator and macOS security updates. Runs a…
eclecticlight.co eclecticlight.co
 
  • Like
Reactions: Novae Bentos and chown33
greenmike said:
Can I also deactivate this and be able to install them later manually on the updates section of the settings? Or will I deactivate some essential system function and rather not do it?
Click to expand...
You should leave them on.
The only issue I know of with background updates, XProtect updates showing up in notifications https://forums.macrumors.com/threads/i-keep-getting-this-message.2433445/

I use a configuration profile to ensure that AutomaticDownload, AutomaticallyInstallMacOSUpdates and AutomaticallyInstallAppUpdates are turned off.
SoftwareUpdate.mobileconfig https://forums.macrumors.com/threads/defer-tahoe-for-90-days.2465304/post-34117211
 
I keep ALL of that "automatic" stuff turned off.
I don't want ANYTHING installing in the background, security updates or whatever.

For security updates, I use the FREE utility called "Lockrattler" to download and install them manually.

This policy has worked for me for many years...

EDIT:
Even though Lockrattler hasn't been updated for a while, it still seems to work just as intended with Tahoe and Sequoia...
 
Last edited:
  • Like
Reactions: CoastalOR
Using third-party closed sourced apps to manage macOS security updates, like SilentKnight, LockRattler or whatever Oakley calls it this year, it's a really bad idea.
 
"it's a really bad idea."

Could you explain why?
I'm going to GUESS that Lockrattler is just a graphical user interface that sends certain terminal commands (software update related) to the OS and Apple's servers -- same as one could do using the terminal if one knew the proper commands to send.
 
Fishrrman said:
"it's a really bad idea."

Could you explain why?
I'm going to GUESS that Lockrattler is just a graphical user interface that sends certain terminal commands (software update related) to the OS and Apple's servers -- same as one could do using the terminal if one knew the proper commands to send.
Click to expand...
I imagine that is @bogdanw 's point .. you have to GUESS as Howard Oakley's utilities are not open source. Personally, I don't have an issue with Howard's utilities being closed source. Everyone has their own comfort level.
 
According to the included SilentKnightHelp212.pdf:
“SilentKnight connects to my GitHub server and downloads the current firmware version for your Mac, then connects to obtain the current list of security data versions.”
According to the “SilentKnight and silnite: FAQ”, it only connects to https://github.com/hoakleyelc/updates
We can assume that to be true, but without proof we can also worry about “Breach started with GitHub”https://www.bleepingcomputer.com/ne...-breach-led-to-salesforce-data-theft-attacks/
 
So, if I deactivate "install security responses and system file", I won't be able to go to check for updates and install it?

If that's the case then it's ridiculous.

That Apple article is useless because it doesn't state when I deactivate it, whether I can just check for updates and install it?
 
greenmike said:
So, if I deactivate "install security responses and system file", I won't be able to go to check for updates and install it?

If that's the case then it's ridiculous.

That Apple article is useless because it doesn't state when I deactivate it, whether I can just check for updates and install it?
Click to expand...
Background updates don’t show up as selectable updates in System Settings.
Overall, the answer is no, you can’t manually check for Background updates and install them.

You can update XProtect by running in Terminal sudo xprotect update.

You can update the software required to connect iOS devices by downloading and installing CoreTypes.pkg & MobileDeviceOnDemand.pkg
https://forums.macrumors.com/threads/itunes-software-updates.2416893/post-33894235

As I said before, it’s best to leave "Install Security Responses and system files" turned on.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back