You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Is the New Security Update Working on My Computers?

I have noticed that the XProtect.plist on 2 different computers have never updated since I installed the new Security Update on June 1. I have an Apple Care Product Specialist trying to figure it out.


But, I ran across this (pasted below) today when checking Console, and if anyone can dechiper logs, maybe some independent analysis will tell me why I'm not getting the "MacDefender" scan this security update was supposed to provide (and why the subject .plist has never updated since installing the Security Update on 2 10.6.7 Intel iMacs 4 days ago).


If anyone can dechiper the log and tell me what I might do to correct this problem, kudos!


The log entries (which contain a series of "failed") are:



Version:1.0StartHTML:0000000149EndHTML:0000004433StartFragment:0000000199EndFrag ment:0000004399StartSelection:0000000199EndSelection:00000043996/4/11 8:59:20 AM com.apple.launchd[1] (com.apple.xprotectupdater[39]) Exited with exit code: 255
6/4/11 8:59:24 AM com.apple.notifyd[12] EV_DELETE failed for file watcher 22
6/4/11 8:59:24 AM com.apple.notifyd[12] EV_DELETE failed for file watcher 21
6/4/11 8:59:24 AM com.apple.notifyd[12] EV_DELETE failed for file watcher 20
6/4/11 8:59:24 AM com.apple.notifyd[12] EV_DELETE failed for file watcher 19
6/4/11 8:59:24 AM com.apple.notifyd[12] EV_DELETE failed for file watcher 18
6/4/11 8:59:24 AM com.apple.notifyd[12] EV_DELETE failed for file watcher 17
6/4/11 8:59:24 AM com.apple.notifyd[12] EV_DELETE failed for file watcher 15
6/4/11 8:59:24 AM com.apple.notifyd[12] EV_DELETE failed for file watcher 16
And
6/4/11 12:15:50 PM com.apple.launchd[1] (com.apple.xprotectupdater[39]) Exited with exit code: 255
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 22
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 21
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 20
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 19
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 18
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 17
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 15
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 16
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 30
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 29
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 28
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 27
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 26
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 25
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 23
6/4/11 12:15:54 PM com.apple.notifyd[12] EV_DELETE failed for file watcher 24
6/4/11 12:15:55 PM com.apple.WindowServer[80] Sat Jun 4 12:15:55 {INFO REMOVED}-imac.local WindowServer[80] <Error>: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
6/4/11 12:16:32 PM com.apple.launchd.peruser.501[126] (com.apple.ReportCrash) Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
6/4/11 12:16:39 PM com.apple.launchd.peruser.501[126] (com.apple.Kerberos.renew.plist[161]) Exited with exit code: 1
6/4/11 1:03:18 PM System Preferences[222] Could not connect the action resetLocationWarningsSheetOk: to target of class AppleSecurity_Pref
6/4/11 1:03:18 PM System Preferences[222] Could not connect the action resetLocationWarningsSheetCancel: to target of class AppleSecurity_Pref

Posted on Jun 4, 2011 10:29 AM

Reply
177 replies

Jun 23, 2011 6:34 PM in response to MadMacs0

I agree in that Apple chose not to mention anything in the "security" part of the update, but they did at least mention the removal of MD in the main info about the update, but chose to leave that out of the "security" part of the updates info as well. So, since they didn't mention either in the "about the security of this update" section, I am just wondering if they chose not to advertise...

The 10.6.8 update is recommended for all users running Mac OS X Snow Leopard and includes general operating system fixes that enhance the stability, compatibility, and security of your Mac, including fixes that:

  • Enhance the Mac App Store to get your Mac ready to upgrade to Mac OS X Lion
  • Resolve an issue that may cause Preview to unexpectedly quit
  • Improve support for IPv6
  • Improve VPN reliability
  • Identify and remove known variants of Mac Defender


Jun 24, 2011 12:15 AM in response to MadMacs0

Hmm, guess Powerbook 1701 and baltwo missed my subsequent posting.


At any rate, I did a quick comparison of all the XProtect files included in the 10.6.8 update (but not the MRT files as we haven't been discussing them in this thread).


The LaunchDaemon is identical. Still uses run at load and every 24 hours thereafter.


The Security Prefs Panel has been reved from v2.3 to v2.4. It's slightly smaller with what appears to be more efficient use of resources. I'll have to leave it to you 10.6 folks to tell us if there's anything new in the UI.


The XProtectUpdater process has grown by about 1% (600 bytes) so there have been some changes here. Poking around with a HexEditor it looks like there has been some minor modification to the error checking, so there is hope that they have solved the startup issue. Those of you with 255 exit codes should do a restart and see what you find in your logs.


I couldn't find any differences in the remaining files. There is no longer a starting XProtect.plist (unless they have found a new place to hide it), presumably because you either already have an up-to-date listing or will the first time it runs. If you don't have one, I would think that would cause problems for the MRT process, but we don't really know enough about it to say for certain.

Jun 24, 2011 4:17 AM in response to powerbook1701

MadMac0,

I'm agreeing with you...I was just commenting on the fact that Apple chose to leave comments out of the verbiage for the updates regarding Xprotect. In contradiction to leaving it out of the description, they did however mention removal of the MacDefender threat in the overall general comments about the update. Apple, however, chose not to mention anything about any of that in the "security" part of the update found here:

http://support.apple.com/kb/HT4723


You think that changes to the new malware system would have been listed there as well...

Jul 3, 2011 2:13 PM in response to pcbjr

I'm going to resurrect this post for a minute ...


Using 10.6.7 on my iMac (which I updated weeks ago when I started this),


I get the following in Sys Pres>Security:


User uploaded file


Just updated my wife's MBP tp 10.6.7 (using Combo from the Apple website) and get this:


User uploaded file


NOTE - No Automatic Safe Downloads List.


I reinstalled the Combo, and still, nothing.


Why? Ideas?

Jul 3, 2011 2:44 PM in response to pcbjr

pcbjr wrote:


Just updated my wife's MBP tp 10.6.7 (using Combo from the Apple website) and ...


No Automatic Safe Downloads List.


I reinstalled the Combo, and still, nothing.


Why? Ideas?

The updated Security prefs pane v2.3 was first introduced with SecUpd2011-003 and updated to v2.4 by the 10.6.8 update. It would appear that you have the security update but your wife does not.

Jul 3, 2011 4:15 PM in response to pcbjr


pcbjr wrote:



Yes,


But why does 10.6.7 a few weeks ago give me the Security Update, and today, on another Mac, it doesn't?

One of us is very confused. 10.6.7 came out in March and did not contain the Security Update. The Security Update came out on May 31 and it says 10.6.7 is required to install it. In order for your wife to take advantage of it she will need to install this http://support.apple.com/kb/DL1387.

(Plus - with all the printer/other issues w/ 10.6.8, I'm steering clear for a few weeks

Not my area of expertise, but from reading MadFixIt those problems were not being seen by many people and workarounds had been found for most, if not all. Your mileage may vary.

Is the New Security Update Working on My Computers?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.