Is the New Security Update Working on My Computers?

MadMacs0 wrote:

baltwo wrote:

Thanks for the feedback. No wireless or wifi stuff here, so that's not the issue on my end. AFAICT, the autoupdating mechanism isn't working. I've filed a bug report on the lack of autoupdating..

Although wifi could be an issue if you have a marginal signal, the reports I've read indicate it to be some other factor involved in obtaining internet access, such as the DHCP process. This must take place regardless of whether you are wired or wireless and when delayed beyond the attempt at load by the the XProtectUpdater to check for updates will cause it to fail. What I would be interested in knowing is whether or not this initial failure also shuts down the autoupdating mechanism.

I'm on a cable modem w/auto DHCP leasing. However, that should have no affect on the daemon doing its thing on reboot or every 24 hours after reboot.

baltwo wrote:

MadMacs0 wrote:

The only manual update method recommended by Apple is to toggle the "Automatically update safe downloads list" box in the Security Systems Preference pane.

Have a reference? The only published KB article is http://support.apple.com/kb/HT4650 and it's silent on any manual update method.

Obviously the manual method wasn't envisioned as being necessary back when that article was posted and hopefully won't be necessary again when they fix this thing.

The source was pcbjr, the person who started this thread who was attempting to deal with Apple Tech Support and Engineering. Resolution was sumarized in this entry https://discussions.apple.com/message15370670#15370670.

baltwo wrote:

I'm on a cable modem w/auto DHCP leasing. However, that should have no affect on the daemon doing its thing on reboot or every 24 hours after reboot.

So you have never had an error in your system log showing connectivity issues at startup as others here have had.

Again, it doesn't matter whether you are connected wirelessly or wired, there is still a process involved to renew your internet connectivity that takes place when you startup and part of that involves checking to see if your DHCP lease has expired yet and renegotiating it if necessary. Speculation has been fairly unanimous that it is this time delay is causing the initial check to fail. As I said before, I am wondering if this initial check failure is also responsible for killing the 24 hour check.

Download and install the 10.6.7 COMBO update, run Software Update, and the Security Update should pop up. However, there's no need. You're at version 20, the last one as of 1/2 hour ago. The failures showing in the Console log are associated with unmounting external HDs and is a known issue. Of more import for you is why you're getting crashes associated with Kerberos renewals.

pcbjr wrote:

Meaning?

https://discussions.apple.com/thread/2152319?threadID=2152319&tstart=1 for starters.

The last five posts provide the answer.

Open Macintosh HD->System->Library->LaunchAgents

Copy the file: com.apple.ReportCrash.Self.Plist

Navigate to: Users->Home->Library->LaunchAgents

If it doen't exist, reate a new folder in Library titled: LaunchAgents

Paste: com.apple.ReportCrash.Self.Plist into your home folder's LaunchAgents folder

Restart. Now you should never see this again in the Console log:

com.apple.launchd.peruser.501[133] (com.apple.ReportCrash) Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self

com.apple.launchd.peruser.501[133] (com.apple.Kerberos.renew.plist[167]) Exited with exit code: 1

baltwo wrote:

Download and install the 10.6.7 COMBO update, run Software Update, and the Security Update should pop up. However, there's no need. You're at version 20, the last one as of 1/2 hour ago. The failures showing in the Console log are associated with unmounting external HDs and is a known issue. Of more import for you is why you're getting crashes associated with Kerberos renewals.

I just followed baltwo's suggestion to install the 10.6.7 combo updater. But I still get the 255 error. Here is a snippet from my system.log, to be compared with my previous post:

Jun 19 18:09:48 localhost com.apple.launchd[1]: *** launchd[1] has started up. ***

Jun 19 18:09:58 localhost blued[17]: Apple Bluetooth daemon started

Jun 19 18:10:00 myMBP configd[14]: setting hostname to "myMBP.local"

Jun 19 18:10:00 myMBP configd[14]: network configuration changed.

Jun 19 18:10:00 myMBP mDNSResponder[18]: mDNSResponder mDNSResponder-258.18 (Jan 18 2011 20:25:03) starting

Jun 19 18:10:02 myMBP configd[14]: network configuration changed.

Jun 19 18:10:08: --- last message repeated 1 time ---

Jun 19 18:10:07 myMBP bootlog[48]: BOOT_TIME: 1308532188 0

Jun 19 18:10:08 myMBP mtversionlog[52]: SWU: system version changed from 10.6.7 (10J869) to 10.6.7 (10J869)

Jun 19 18:10:12 myMBP XProtectUpdater[29]: NSURLConnection error: Error Domain=NSURLErrorDomain Code=-1009 UserInfo=0x100102aa0 "This computer’s Internet connection appears to be offline." Underlying Error=(Error Domain=kCFErrorDomainCFNetwork Code=-1009 UserInfo=0x1005103d0 "This computer’s Internet connection appears to be offline.")

Jun 19 18:10:12 myMBP com.apple.launchd[1] (com.apple.xprotectupdater[29]): Exited with exit code: 255

Jun 19 18:10:12 myMBP com.apple.usbmuxd[31]: usbmuxd-211 built on Feb 8 2011 at 13:49:43 on Feb 8 2011 at 13:49:43, running 64 bit

Jun 19 18:10:23 myMBP /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow[37]: Login Window Application Started

Jun 19 18:10:32 myMBP loginwindow[37]: Login Window Started Security Agent

One difference is that the apparent network failure when at the localhost in the prior test is missing. But the XProtectUpdater problems persist.

I think I'm done, and will wait and hope for 10.6.8.

Sorry, I had to bale about the time you posted this in order to get my chores done today.

pcbjr wrote:

Did what you suggested:

First you would need to restart your computer then use the Console app to view your system and/or console logs to see what, if anything they say about the XProtectUpdater process failing with exit code 255. That confirms that the initial update did not take place.

Next you need to know what version of the defs is installed on your computer. You can use either the AppleScript tool or the widget that have been previously discussed, run this command in the Termainal app

defaults read /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta Version

Next, use the following Terminal commmand:

sudo launchctl list

enter your admin password at the prompt and hit return. Then find "xprotect" and tell us what the number in the 2nd column is. If the update succeeded, it should be "0" and if it failed I would expect it to be 255. If you don't find the process listed at all then, it isn't going to run, period.

the last step would be to wait 24 hours to see if it auto-updates (by running the version check again).

255 was on my console days ago. I figured that the initial update may have not taken hold, so days ago I downloaded it and manually installed it. Still had 255 and no auto update.

See no 255 in today's Console logs (assuming I looked in the right place).

Using the Terminal, running sudo launchctl list,it says "0" today.

But, that may be because I used "Safe Download Version" yesterday.

Honestly, it looks like XProtect is working at this point. I wasn't aware that you were still using Safe Download Version and hope you know that you should not use it again.

<snip>

I'm going to skip the console dump, both because others who know much more about it are helping you with it and because I don't think it has anything to do with XProtect.

Next -

Does:

do shell script "sudo /usr/libexec/XProtectUpdater" with administrator privileges

set a to do shell script "defaults read /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta Version"

set b to do shell script "defaults read /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta LastModification"

display dialog "Safe Download definitions are at version " & a & "," & return & "last updated on " & b

actually run the updater, or just tell me where I am version-wise?

I am currently at Version 20, but I attribute that to "Safe Download Version".

The first line of the script actually runs the updater. It also probably removes the daily autoupdate entry from launchd's queue and has been known to permanently damage or delete the user's login.keychain for a few people and I believe it to be functionally identical to the "Safe Download Version" tool. That's why I can't recommend any approach to manual updating other than toggling the Security Prefs panel option.

Is there any way to cleanly remove the last security update and re-install it?

Yes, but you will have to manually remove each of the components and doubt that it's worth the effort, especially in light of your apparent success above. Let's wait until you get your other issues solved and address it if you believe you are still having an XProtect problem.

steveBinLA wrote:

baltwo wrote:

Download and install the 10.6.7 COMBO update, run Software Update, and the Security Update should pop up. However, there's no need. You're at version 20, the last one as of 1/2 hour ago. The failures showing in the Console log are associated with unmounting external HDs and is a known issue. Of more import for you is why you're getting crashes associated with Kerberos renewals.

I just followed baltwo's suggestion to install the 10.6.7 combo updater. But I still get the 255 error.

I think he recommended that approach to pcbjr as a way to reinstall the Security Update, not necessarily to cure your problem, but it never hurts to run the last updater. I do it whenever things start acting weird and it usually works.

One difference is that the apparent network failure when at the localhost in the prior test is missing. But the XProtectUpdater problems persist.

I think I'm done, and will wait and hope for 10.6.8.

But it still looks like it went through a bunch of steps before connecting to the internet, resulting in an XProtectUpdater connection error. Apple's best bet would probably to build in a delay or insert a connectivity check up front and set a delay if there is no connectivity.

I can't really blame you for waiting, since about all you could do at this point would be to experiment with your network, which you seem reluctant to do.

baltwo wrote:

Have a reference? The only published KB article is http://support.apple.com/kb/HT4650 and it's silent on any manual update method.

Consider also that AFAIK there is no definitive reference that says running /usr/libexec/XProtectUpdater from the command line is free of any undesirable side effects. Sure, we know that the command runs the update routine, but without any official documentation like evan a man page we don't know if it is designed to be a stand alone executable or instead should only be run when certain conditions are met or some system variables are set appropriately.

As I have mentioned before, I only started having auto-update problems after I used something other than the GUI-based checkbox method to force an update. While that isn't definitive, it does suggest that these alternate methods might be the source of at least some of the problems with the auto-update mechanism.

FWIW, I have browsed through the raw code of the XProtectUpdater file. I can't tell all that much from it, but it does include references to other files & variables, including what appears to be keychain trust certificates, dynamic libraries, etc.

Because of this, & because it is unlikely that Apple would neglect to do everything appropriate if a user toggled the preference, I strongly suggest that users avoid any other method of running the update check.

BTW, if you want to know what the current XProtect version is without forcing an update check, it looks like opening http://configuration.apple.com/configurations/macosx/xprotect/1/clientConfigurat ion.plist in a browser will do that. This appears to be the URL the update checker references, & one of its first keys is the version number.