MS Defender Launch daemon

New Contributor II


I'm very much a novice when it comes to launch daemons and the instruction on this page have me flummoxed

Under the sub heading "Load your file" it has <your file name.plist> I cannot find any reference to this "Your file name.plist" 

Any assistance with this would be greatly appreciated.





Esteemed Contributor II

@mattedmonds You will use the contents shown under the "Schedule a quick scan" or "Schedule a full scan" sections to create the .plist file which tells MSDefender what type of scan to run. Once you've created it, you use that file name in the command that the "Load your file" section has you run.

New Contributor II

Hi sdagley I did try that but got this response 

itsupport@Workhorse ~ % launchctl load -w /Library/LaunchDaemons/
Warning: Expecting a LaunchAgents path since the command was ran as user. Got LaunchDaemons instead.
`launchctl bootstrap` is a recommended alternative.
Load failed: 5: Input/output error
Try running `launchctl bootstrap` as root for richer errors.


So I tried running as SUDO and got this response

itsupport@Workhorse ~ % sudo launchctl load -w /Library/LaunchDaemons/
/Library/LaunchDaemons/ Invalid property list
Load failed: 109: Invalid property list

Esteemed Contributor II

@mattedmonds When you created your .plist was the DOCTYPE line a single line like this (it's supposed to be one line but the forum software seems determined to wrap the text):


<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">


If not edit it so it's on one line as shown above because it's not supposed to be broken after the EN" like the MS article shows (or how it gets copied to the pasteboard if you click the Copy button).

New Contributor II

@sdagley Thanks for that it worked. if I'm deploying these together as a package to target devices do I need to run the line "launchctl load -w /Library/LaunchDaemons/<your file name.plist>" under the "execute command" in Files and processes? 

Esteemed Contributor II

@mattedmonds If you're creating a .pkg in Composer to deploy the .plist I'd recommend creating a postinstall script for that .pkg that runs these commands (note that I change the launchctl load to the newer launchctl bootstrap): 

chown root:wheel /Library/LaunchDaemons/*
chmod 644 /Library/LaunchDaemons/*
xattr -c /Library/LaunchDaemons/*     
launchctl bootstrap system /Library/LaunchDaemons/

This way the .pkg will both install the .plist and run it.

New Contributor II

excellent! I was thinking that might be the way. Thank you for all your help


Glad i found this thread, thankyou for the "launchctl bootstrap system" change info. Helped me allot. 

I also wanted to add to this thread, did you know that you can create a .plist file in a script instead of creating the .plist file and having to create a .pkg via composer then upload it to jamf ? Instead follow the script below to create the .plist file , put it where you want , change the attributes and then load it. (ours was setting a daily quick scan)



cat << EOF > /Library/LaunchDaemons/

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
<string>/usr/local/bin/mdatp scan quick</string>


chown root:wheel /Library/LaunchDaemons/
chmod 644 /Library/LaunchDaemons/
sudo xattr -c /Library/LaunchDaemons/
/bin/launchctl bootstrap system /Library/LaunchDaemons/