How to check gatekeeper version on macOS Catalina?

[camelia]

Hello,

What is the terminal command to check gatekeeper version on macOS Catalina?

Can someone please confirm if this terminal command works to check xprotect on macOS Catalina?

/usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist

Thanks
Camelia

 

[bogdanw]

/usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist

It works and returns 2106 on Catalina Beta 11 19A582a.
You can also use

defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString

system_profiler SPInstallHistoryDataType | grep -A 4 "Gatekeeper Configuration Data"

system_profiler SPInstallHistoryDataType | grep -A 4 "XProtectPlistConfigData"

The last two show updates installed for Gatekeeper.

 

[tywebb13]

Hello,

What is the terminal command to check gatekeeper version on macOS Catalina?

Can someone please confirm if this terminal command works to check xprotect on macOS Catalina?

/usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist

Thanks
Camelia

The code to check gatekeeper version is

/usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" /private/var/db/gkopaque.bundle/Contents/Info.plist

 

[bogdanw]

tywebb13 is right about Gatekeeper, here is a script to display system information in Catalina

set MacOSName to do shell script "defaults read /System/Library/CoreServices/SystemVersion.plist ProductName"
set MacOSVers to do shell script "defaults read /System/Library/CoreServices/SystemVersion.plist ProductVersion"
set MacOSBuild to do shell script "defaults read /System/Library/CoreServices/SystemVersion.plist ProductBuildVersion"
set XProtectVers to do shell script "defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/version.plist CFBundleShortVersionString"
set XProtectDate to do shell script "GetFileInfo -d /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/version.plist"
set GatekeeperVers to do shell script "defaults read /private/var/db/gkopaque.bundle/Contents/version.plist CFBundleShortVersionString"
set GatekeeperDate to do shell script "GetFileInfo -d /private/var/db/gkopaque.bundle/Contents/version.plist"
set SIPVer to do shell script "defaults read /Library/Apple/Library/Bundles/IncompatibleAppsList.bundle/Contents/version.plist CFBundleShortVersionString"
set SIPDate to do shell script "GetFileInfo -d /Library/Apple/Library/Bundles/IncompatibleAppsList.bundle/Contents/version.plist"
set MRTVer to do shell script "defaults read /Library/Apple/System/Library/CoreServices/MRT.app/Contents/version.plist CFBundleShortVersionString"
set MRTDate to do shell script "GetFileInfo -d /Library/Apple/System/Library/CoreServices/MRT.app/Contents/version.plist"
set SIPStatus to do shell script "/usr/bin/csrutil status"
set GatekeeperStatus to do shell script "spctl --status | sed -e s/'assessments'//g"
display dialog tab & tab & tab & MacOSName & " " & MacOSVers & " (" & MacOSBuild & ")" & return & return & "Component " & tab & tab & "Version " & tab & tab & "Updated " & return & "XProtect " & tab & tab & XProtectVers & tab & tab & XProtectDate & return & "Gatekeeper " & tab & tab & GatekeeperVers & tab & tab & tab & GatekeeperDate & return & "SIP" & tab & tab & tab & tab & SIPVer & tab & tab & SIPDate & return & "MRT " & tab & tab & tab & MRTVer & tab & tab & tab & MRTDate & return & return & SIPStatus & return & "Gatekeeper Status:" & GatekeeperStatus & return buttons {"Close"} default button 1

I am not sure about the SIP version. Maybe someone can confirm.
The script is based on https://gist.github.com/clburlison/db6aaf4a717eb8ef3545 and https://www.jamf.com/jamf-nation/fe...macos-security-and-malware-protection-systems

 

[avz]

Not necessary Catalina related but does that mean that I have two Gatekeeper versions at the same time? I refreshed my installation by reinstalling the same OS while keeping the data.

 

[bogdanw]

Not necessary Catalina related but does that mean that I have two Gatekeeper versions at the same time?

No, it's a history of updates. See this topic too https://forums.macrumors.com/threads/how-to-know-mrt-version.2210895/

 

[avz]

No, it's a history of updates. See this topic too https://forums.macrumors.com/threads/how-to-know-mrt-version.2210895/

So which Gatekeeper version do I have? Version 140 has a later installation date than the version 181. This is very important to know for people who likes to "refresh" their OS installation.

 

[bogdanw]

So which Gatekeeper version do I have? Version 140 has a later installation date than the version 181. This is very important to know for people who likes to "refresh" their OS installation.

You can check the version from Terminal with:

defaults read /private/var/db/gkopaque.bundle/Contents/version.plist CFBundleShortVersionString

Or with the script I posted above. Updated versions:
GetSysInfo.scpt for Catalina https://gist.github.com/b0gdanw/d104900a6c90b67493f27207b135eb07
GetSysInfo.scpt for Mojave https://gist.github.com/b0gdanw/9829f8ca03655b77cf08aeb3af936c93

 

[avz]

You can check the version from Terminal with:

defaults read /private/var/db/gkopaque.bundle/Contents/version.plist CFBundleShortVersionString

Or with the script I posted above. Updated versions:
GetSysInfo.scpt for Catalina https://gist.github.com/b0gdanw/d104900a6c90b67493f27207b135eb07
GetSysInfo.scpt for Mojave https://gist.github.com/b0gdanw/9829f8ca03655b77cf08aeb3af936c93

Thanks. Great to know that critical updates don't get overwritten and just add up(making installation date irrelevant).

 

[HenryAZ]

Slight drift, but how does one obtain the latest version?

 

[avz]

Slight drift, but how does one obtain the latest version?

 

[haralds]

A shoutout for the free utilities (and blogging) from the Eclectic Company:

Downloads

Consolation, LockRattler, Storyspace documents, and more.

eclecticlight.co

 

[gilby101]

A shoutout for the free utilities (and blogging) from the Eclectic Company:

In particular, SilentKnight will both a) check current status (of Gatekeeer, XProtect, etc.) and b) initiate updates. https://eclecticlight.co/lockrattler-systhist/

 

[jpn]

hi

good info. thanks.

can you pls tell me what is the difference between what Gatekeeper does and X Protect does?

thanks

 

[gilby101]

can you pls tell me what is the difference between what Gatekeeper does and X Protect does?

Gatekeeper checks new (to your Mac) application for valid developer signatures. So it is looking for known good apps and allowing them to run without further hindrance.

XProtect inspects apps for known malware using signatures of malware. So it is looking for known bad things. Apple has been erratic in updating its list of signatures.

There is also MRT (malware removal tool) which supposedly removes known malware at startup.

Here is a somewhat critical article covering all this https://business.blogthinkbig.com/antimalware-xprotect-macos/. To be fair, my understanding is that Apple have recently been updating XProtect more frequently.

Personally I am somewhat cynical about Gatekeeper as whenever an app is blocked I nearly always choose to allow the app anyway. Maybe it would catch some unexpected new malicious app. XProtect and MRT may provide some protection but I prefer to use Malwarebytes or a traditional signature based a-v tool (e.g. Avast).

 

[jpn]

Gatekeeper checks new (to your Mac) application for valid developer signatures. So it is looking for known good apps and allowing them to run without further hindrance.

XProtect inspects apps for known malware using signatures of malware. So it is looking for known bad things. Apple has been erratic in updating its list of signatures.

There is also MRT (malware removal tool) which supposedly removes known malware at startup.

Here is a somewhat critical article covering all this https://business.blogthinkbig.com/antimalware-xprotect-macos/. To be fair, my understanding is that Apple have recently been updating XProtect more frequently.

Personally I am somewhat cynical about Gatekeeper as whenever an app is blocked I nearly always choose to allow the app anyway. Maybe it would catch some unexpected new malicious app. XProtect and MRT may provide some protection but I prefer to use Malwarebytes or a traditional signature based a-v tool (e.g. Avast).

thanks so much. really appreciate the time you took to explain it.
its very clear now.

adjacent to this topic:
up until very recently i was always setting my mac and my iPhone to the most controlled setting (meaning, if possible i never wanted automatic updating of anything, including OS, apps, System Data files and Security Updates, etc. but this is getting more and more difficult to do as apple is more and more demanding about needing latest updates or having automatic updates in place in order to (i think) better control the entire hardware-software system as a whole, especially if it involves iOS Wallet, apple Pay, etc.
apple is clearly going in the direction of the iPhone and the mac being integrated (apple ID unlocking yr mac, etc).
so the net result is i have opted more recently to just allow apple to control its automatic updating. everything that it wants.
and actually it hasn't been a problem at all for me. its clearly the apple strategy.
i can see where system engineers and developers and people who want to change/control by themselves a lot on their systems would be against this level of control apple is seeking.

thanks for yr help.