Thanks MrHoffman...The reason I want to disable it is becuase Apple is forcibly blocking Java which is not very Enterprise frendly. We have applications that require certain version of Java and has caused many headache in our environment. I didn't totally diable XProtect. I just updated the XProtect.meta.plist to allow our supported version of Java a newer and disabled the autodownload of the updated XProtect file.
For those of you that would like to be able to block XProtect files from from updating automatically, I have two scripts for you. The first one is for a silent deployment using an Enterprise Desktop Management System. The second is a user friendly script (user needs to have elevated rights and we have a method to elevate our users to admin for a short time) that captures their password from a terminal window and sets all the correct settings. Hope this helps some people with the heart ache.
First Script - silent push
#!/bin/bash
#Variables
buddy=/usr/libexec/PlistBuddy
xprotect=/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProte ct.meta.plist
override=/var/db/launchd.db/com.apple.launchd/overrides
overrideplist=/var/db/launchd.db/com.apple.launchd/overrides.plist
xProtect_disable(){
$buddy -c "set :JavaWebComponentVersionMinimum 1.6.0_36-b06-435" $xprotect
$buddy -c "set :PlugInBlacklist:10:com.oracle.java.JavaAppletPlugin:MinimumPlugInBundleVersion 1.7.12.22" $xprotect
$buddy -c "set :LastModification Fri, 26 Apr 2016 00:34:40 GMT" $xprotect
$buddy -c "set :Version 1000000" $xprotect
overrideExist=`defaults read $override | grep xprotectupdater`
if [[ $overrideExist ]]; then
$buddy -c "set :com.apple.xprotectupdater:Disabled true" $overrideplist
else
$buddy -c "add :com.apple.xprotectupdater:Disabled bool true" $overrideplist
fi
launchctl unload /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist
sleep 5
launchctl load /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist
}
xProtect_disable
# End of Script
Second script - user interative
#!/bin/bash
#Variables
buddy=/usr/libexec/PlistBuddy
xprotect=/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProte ct.meta.plist
override=/var/db/launchd.db/com.apple.launchd/overrides
overrideplist=/var/db/launchd.db/com.apple.launchd/overrides.plist
xProtect_disable(){
echo $netpass | sudo -S ls /Users
errorReturn=$?
if [[ "$errorReturn" -ne "0" ]]; then
osascript -e 'tell application "Finder"' -e 'activate' -e 'with timeout of 2 seconds' -e 'display dialog "There was an issue fixing Java on this system." & return & return & "This is probably related to an incorrect password." & return & return & "Ensure you have admin rights, re-run the command, and verify you are entering the password you log into the Mac with at logon" buttons ["OK"] default button 1 with title "Java Fix" with icon caution' -e 'end timeout' -e 'end tell'
exit 1
fi
echo $netpass | sudo -S $buddy -c "set :JavaWebComponentVersionMinimum 1.6.0_36-b06-435" $xprotect
echo $netpass | sudo -S $buddy -c "set :PlugInBlacklist:10:com.oracle.java.JavaAppletPlugin:MinimumPlugInBundleVersion 1.7.12.22" $xprotect
echo $netpass | sudo -S $buddy -c "set :LastModification Fri, 26 Apr 2016 00:34:40 GMT" $xprotect
echo $netpass | sudo -S $buddy -c "set :Version 1000000" $xprotect
clear
echo "YOU WILL SEE SEVERAL PASSWORD PROMPTS."
echo "PLEASE DON'T ENTER ANYTHING ELSE."
echo "THIS WINDOW WILL CLOSE WHEN DONE."
overrideExist=`echo $netpass | sudo -S defaults read $override | grep xprotectupdater`
clear
if [[ $overrideExist ]]; then
echo $netpass | sudo -S $buddy -c "set :com.apple.xprotectupdater:Disabled true" $overrideplist
else
echo $netpass | sudo -S $buddy -c "add :com.apple.xprotectupdater:Disabled bool true" $overrideplist
fi
echo $netpass | sudo -S launchctl unload /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist
clear
sleep 5
echo $netpass | sudo -S launchctl load /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist
clear
osascript -e 'tell application "Finder"' -e 'activate' -e 'with timeout of 2 seconds' -e 'display dialog "Java has been fixed on this Computer." & return & return & "Ensure you are running at least Java 6 Upade 37 or Java 7 Update 13 to continue." buttons ["OK"] default button 1 with title "Java Fix" with icon caution' -e 'end timeout' -e 'end tell'
}
echo "Please enter network password"
echo -n "Network Password: "
read -s netpass
echo "Please verify your network password"
echo -n "Network Password: "
read -s netpass2
while [[ "$netpass" != "$netpass2" ]]; do
clear
echo "The passwords entered do not match"
echo "Please reenter your network password"
echo -n "Network Password: "
read -s netpass
echo "Please verify your network password"
echo -n "Network Password: "
read -s netpass2
done
clear
echo "YOU WILL SEE SEVERAL PASSWORD PROMPTS."
echo "PLEASE DON'T ENTER ANYTHING ELSE."
echo "THIS WINDOW WILL CLOSE WHEN DONE."
xProtect_disable
exit 0