Silent night: El Capitan’s security settings files

In amongst the tens or hundreds of thousands of files which together make OS X El Capitan work, there are security and other settings files which Apple normally updates silently. These are almost completely undocumented, but can sometimes cause problems, by disabling an old version of Flash, Java, or Silverlight, or even breaking your network connection. Here’s a quick roundup of those which you are most likely to come across.

Gatekeeper Configuration Data
Latest version: 181, 26 August 2019.
This is an SQLite database which is placed in /private/var/db/gkopaque.bundle/Contents/Resources/gkopaque.db to provide blacklists and whitelists for Gatekeeper’s security system, which checks the code signatures of apps. El Capitan doesn’t have a Gatekeeper ‘disk version’, unlike Sierra and later.

Incompatible Kernel Extension Configuration Data
Latest version: 11.6.1 (frozen and not updated any more).
This is a list of kernel extensions (KEXTs) which will be excluded at startup, and is stored in /System/Library/Extensions/AppleKextExcludeList.kext.

MRT Configuration Data
Latest version: 1.93, 29 April 2022.
This is the settings for Apple’s Malware Removal Tool /System/Library/CoreServices/ and goes into that app, so that it can remove any malware which OS X detects.

Latest version: 1.0 2165, 10 November 2022.
These are the whitelists and blacklists used by XProtect, as detailed here. They go into /System/Library/CoreServices/XProtect.bundle/Contents/Resources/XProtect.meta.plist and

Although this has not been updated since the original release of El Capitan, I include it here for completeness. These settings are placed in /System/Library/PrivateFrameworks/SystemMigration.framework and /System/Library/Sandbox/Compatibility.bundle, for use by Migration Manager.

Details last updated 10 November 2022.