Last Week on My Mac: It either works or it doesn’t

With everything poised ready for the new version of macOS due in just over a week, this time of year often gets hectic. Last week I had three updates to deliver, to SilentKnight, XProCheck and silnite. I was also expecting the regular fortnightly update to XProtect Remediator, more as a test of whether Apple has fixed the problems in delivering those updates through Content Caching servers.

It’s not that the older versions of those apps didn’t work in Ventura, but that I know that over the coming few weeks many of us will be upgrading or updating macOS, and that’s when you most need SilentKnight’s checks. This has been complicated by ongoing problems with security data updates obtained through local Content Caching servers. When we’re looking at hefty security updates for those staying with Big Sur or Monterey, as well as everyone upgrading to Ventura, the last thing you want to do is disable the service that spares you time and bandwidth.

Here the results look encouraging. For only the second time since early June, my Macs were all able to download and install Thursday’s XProtect and XProtect Remediator updates without disabling the Content Caching service. Unfortunately, I’ve had a couple of reports from those whose servers weren’t as co-operative, and had to be disabled for installation to work. So I’m baffled again, as to how some Macs running exactly the same service seem to work properly, while others don’t.

It’s not as if we have much we can control in the Content Caching server. For most, it’s either on or off, the only settings being whether to include iCloud content, and the size and location of its cache. Neither can you inspect what content it has cached. Like so much else, it either works or it doesn’t, and when it doesn’t there’s precious little you can do apart from turn it off.

These problems may not be in the Content Caching server at all. Given that Monterey’s server can’t have been updated since the release of macOS 12.6 over a month ago, it’s hard to see how two weeks ago it could have failed to deliver installable updates, but now they work just fine, for some at least.

The lesson from my new updates is how big an impact these problems are having on users. Until last week, SilentKnight didn’t check whether any macOS security features were working, just whether they were configured and up to date. I’m continuing to see a steady stream of conscientious and often advanced users who discover from SilentKnight or silnite that their Macs have been skipping security updates, sometimes going back as far as early June. The most common explanation is that they have been relying on their Content Caching server to provide those updates.

What happens is terrifyingly simple. On or after 30 June, when Apple pushed the update to XProtect Remediator version 64, their Mac downloaded that update from their local Content Caching server, and it failed to install. Despite further unsuccessful attempts to install that update, XProtect Remediator was left at version 62, even when 65 and 67 were pushed in July, 68 and 71 in August, and 72, 74 and 75 in September. Yes, some users are discovering that their Macs have skipped the last eight updates in a row.

I don’t know and can’t control the notifications made by Software Update, as it doesn’t appear in the list of apps and services in the Notifications pane. As far as I can tell from users, though, they remain blissfully unaware of all those failed updates. As they’re not propagated back to the Content Caching server either, there’s effectively neither report nor record of these problems. Of course, if the user happened to browse the Unified log at the time, they’d see the failure reported, but the chances of that happening are as good as zero.

If you do suspect that your Mac isn’t installing these updates correctly, there’s no way of checking. If you happen to know that they’re named in Software Update as XProtectPayloads, you can look them up in System Information’s Installations list, but that only records successful installations, and doesn’t even mention failures. In any case, as I’ve pointed out repeatedly, because Apple deliberately keeps these a secret from the user, who’s to know what should have been installed in the first place?

Like the Content Caching server, Software Update either works or it doesn’t, and when it doesn’t work it isn’t forthcoming about its failures. Not only is macOS inherently unreliable, but it hides its failings from the user.