Well hello High Sierra 10.13.3 and Sierra/El Cap Security Update 2018-001

As usual, it takes Apple 2-3 days to make the Updates available for download...

Hopefully finder crash be gone!

Beside keep each other posted if the 10.13.3 update package is available!

FYI Build Numbers of 2018-001 patched machines
10.11.6 = 15G19009
10.12.6 = 16G1212

10.13.3 Combo

Thanks!

no download url for 10.12 Sierra Security Update 2018-001?

Great, now we just need Apple to provide a fix for 3rd party SSD drives that fail when encrypted. #submitted

Anybody having trouble installing 10.13.3 on an iMac Pro? I tried 4 times (15 mins each, pretending to install the update) but after logging on it's still on 10.13.2.

2018-001 Sierra:
https://support.apple.com/kb/DL1956?viewlocale=en_US&locale=en_US

2018-001 El Capitan:
https://support.apple.com/kb/DL1955?viewlocale=en_US&locale=en_US

Question i am working to block this update for systems that are running 10.12.6. The reason is because the systems in our environment run Carbon Black and the current version we have installed is not compatible and causes Kernel Panics.
The user would attempt to log back in to their system and a kernel panic message will come up preventing the user from logging in.

I am trying to utilize what i had running for 10.13.2 upgrade in a policy to block the files if downloaded awaiting installation

Files and Processes
SEARCH FOR FILE BY PATH Full path to the file /Library/Updates/091-52053/

The bold section is what works for 10.13.2 i would like to know the name for 10.12.6

@bjones , however you want to deploy it, run this command on macOS 10.12.6 (and OS X 10.11.6) Macs: softwareupdate --ignore "Security Update 2018-001". That will make Apple Software Updates ignore that update.

Does anyone know what extension attribute we can use to identify Macs that have installed these patches? I can see them if I go to the System Information app, and look in the Installation item under Software, so I would think I could pull that info out using system_profiler, but when I try to grep for the update running system_profiler SPApplicationsDataType I can't seem to find the update on a system I know applied it.

@pcrandom Use a Smart Group with the criteria Operating System Build to match machines with the update (see the post from @brunerd above with the build numbers after the update is applied)

@pcrandom perfect thanks i have that going so far but i am trying to remove for systems that have it cached.. By any chance do you know what the folder name is under /Library/Updates/ that it creates? This is for those that got passed the block.

@sdagley d’oh, I had missed the part about the build incrementing. Way easier than trying to pull an individual update’s installation status.

@bjones , sorry don’t have that info but if the ignore is set properly then software update won’t install it even if it’s cached.

@bjones It's /Library/Updates/091-62747.

Also, if you have Macs that already applied the update and are kernel panicking, and you can't boot into Safe Mode or Single User Mode to remove Carbon Black Response or Carbon Black Protect, I figured out the files that need to be removed before the Mac can boot normally:

For Response, delete:

/Library/Extensions/CbOsxSensorNetmon.kext
/Library/Extensions/CbOsxSensorProcmon.kext
/Library/LaunchDaemons/com.carbonblack.daemon.plist
/Applications/CarbonBlack/CbOsxSensorService

For Protect, delete:

/Library/Extensions/b9kernel.kext
/Library/LaunchDaemons/com.bit9.Daemon.plist
/Applications/Bit9/Daemons/b9daemon

You can either Target Disk Mode the affected Mac and delete from Finder using a working Mac, or you can boot into Recovery partition and use Terminal to delete. After removing those files, the Mac should be able to start up without kernel panicking, and the uninstall scripts for each product still remain, which you can then run in Terminal:

sudo /Applications/CarbonBlack/sensoruninst.sh
and/or
sudo /Applications/Bit9/uninstall.sh

@dgreening Thanks mate!