Help

Xprotect and X.9

gachowski
Valued Contributor II

Posted on ‎04-23-2014 01:02 PM

Looks Like Xprotect has changed in X.9. Anybody have any updated info. It looks like the date was pulled out of the .plist so the EA to get the status has to change. I am also looking for a way to force the update to the current version.

Like sudo /usr/libexec/XProtectUpdater

Thanks
C

0 Kudos
2 REPLIES 2

jhbush
Valued Contributor II

Posted on ‎04-23-2014 01:20 PM

This is what I use to check the date on the file.

#!/bin/sh

# Script to find the last time Apple updated Xprotect on a target computer.

XPROTECT=`ls -l /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist | awk '{print $6,$7,$8}'`

echo "<result>$XPROTECT</result>"

exit 0
0 Kudos

Josh_S
Contributor III

Posted on ‎04-23-2014 11:27 PM

If you want to set up an extension attribute as a data type of 'Date' so you can use "Before", "After", "More/Less than x days" type of search criteria, you could also do something like:

#!/bin/sh

xProtectModTime="$(stat -f '%Sm' -t '%F %T' /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist)"

printf '<result>%s</result>' "${xProtectModTime}"
0 Kudos