Checking XProtect and Gatekeeper update status on Macs

As part of making sure that XProtect and Gatekeeper are providing up-to-date protection, it can be worthwhile to see when your Mac received the latest updates from Apple for both XProtect and Gatekeeper. As both are background processes, as well as also receiving Config Data updates silently in the background, it’s not always obvious when updates have been applied.

To assist with this, I’ve written a couple of scripts to report the last time that Gatekeeper and XProtect have been updated on a particular Mac. For more details, see below the jump.

XProtect

To check XProtect’s update status, I’ve written the script below. Based on the OS version of the Mac in question, it will take the following actions:

• Macs running 10.5.8 and earlier – The script will display a message stating “XProtect not available for” followed up by the OS version number
• Macs running 10.6.x through 10.8.x – The script will check XProtect’s /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist file for the file’s last-modified date, then report the date in a human-readable date format.
• Macs running 10.9.x and later – The script will check the installer package receipts for XProtect update installer packages for the relevant version of Mac OS X, then report the installation date of the most recent update in a human-readable date format.

The script is also available on GitHub at the following address:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/report_latest_xprotect_update

A Casper Extension Attribute is also available on GitHub at the following address:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Extension_Attributes/report_latest_xprotect_update

Gatekeeper

To check Gatekeeper’s update status, I’ve written the script below. Based on the OS version of the Mac in question, it will take the following actions:

• Macs running 10.7.4 and earlier – The script will display a message stating “Gatekeeper not available for” followed up by the OS version number.
• Macs running 10.7.5 – The script will display a message stating “Gatekeeper update status not available for” followed up by the OS version number.
• Macs running 10.8.x and later – The script will check the installer package receipts for Gatekeeper update installer packages for the relevant version of Mac OS X, then report the installation date of the most recent update in a human-readable date format.

The script is also available on GitHub at the following address:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/report_latest_gatekeeper_update

A Casper Extension Attribute is also available on GitHub at the following address:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Extension_Attributes/report_latest_gatekeeper_update