Silent Sierra night: security settings files in macOS Sierra

Note: this version ceases to be updated from 14 June 2017. A newer version is available here.

In amongst the tens or hundreds of thousands of files which together make macOS Sierra work, there are security and other settings files which Apple normally updates silently. These are almost completely undocumented, but can sometimes cause problems, by disabling an old version of Flash, Java, or Silverlight, or even breaking your network connection. Here’s a quick roundup of those which you are most likely to come across.

Core Suggestions Configuration Data
Latest version: 1.0 508.24.
These are support data for /System/Library/PrivateFrameworks/CoreSuggestions.framework, to be used in various travel features.

CoreLSKD Configuration Data
Latest version: 7.15.1.
These are support data for /System/Library/PrivateFrameworks/CoreLSKD.framework and go into /usr/share/kdrl.bundle for internal use.

Gatekeeper Configuration Data
Latest version: 112, 3 June 2017.
This is an SQLite database which is placed in /private/var/db/gkopaque.bundle/Contents/Resources/gkopaque.db to provide blacklists and whitelists for Gatekeeper’s security system, which checks the code signatures of apps.

Gatekeeper Disk Image Configuration Data
Latest version: 7.2.
This is new for macOS Sierra, and provides data for checking signed disk images, which is kept in /private/var/db/gke.bundle/Contents/Resources/gke.auth

Incompatible Kernel Extension Configuration Data
Latest version: 12.5.0, 18 December 2016.
This is a list of kernel extensions (KEXTs) which will be excluded at startup, and is stored in /System/Library/Extensions/AppleKextExcludeList.kext.
There have been some glitches in this: version 3.28.1 of 26 February 2016 was a dud, and was replaced by 3.28.2 on 28 February 2016, because it excluded a key Ethernet driver for some recent models.

MRT Configuration Data
Latest version: 1.18, 7 June 2017.
These are the settings for Apple’s Malware Removal Tool /System/Library/CoreServices/ and go into that app, so that it can remove any malware which OS X detects.

Latest version: 1.0 2092 (but incorrectly given as 2091), 7 June 2017.
These are the whitelists and blacklists used by XProtect, as detailed here. They go into /System/Library/CoreServices/XProtect.bundle/Contents/Resources/XProtect.meta.plist and

Chinese Word List Update
Latest version: 5.26, 14 June 2017.
This is, of course, not security related, and only of relevance when using Chinese language support on your Mac.

Latest version: 1037.11, 10 December 2016.
These settings are placed in /System/Library/PrivateFrameworks/SystemMigration.framework and /System/Library/Sandbox/Compatibility.bundle, for use by Migration Manager.

Details last updated 14 June 2017. Note this has now been superseded by a more recent version.