hoakley November 2, 2022 Macs, Technology

Getting the most from SilentKnight: a tutorial

The changes in SilentKnight 2.2 are relatively small, but taken with its other features now give you a lot of flexibility in how you use the app. While it was originally intended to help keep Macs fully up to date with macOS, firmware and security updates, SilentKnight is increasingly used by those who only want some updates and not others. That isn’t as straightforward as I’d like, because SilentKnight is built on the command tool softwareupdate, which is again primarily intended to obtain and install updates, not to defer some.

Here, for those who don’t want certain updates, is a walkthrough of how to use those features.

Open SilentKnight

When you first open the app, it may check whether it’s the current version by looking that up on my GitHub page. It only does this once a day, and if you prefer you can disable that in Settings.

It then starts checking the information to be displayed in its window. This involves inspecting version numbers of installed security data, fetching information from macOS, and checking its own records in its preference file as to when updates were last installed. To see whether versions are current, it accesses two files on my GitHub: one lists the current version numbers of security data and other files, the other contains firmware versions for different models of Mac.

The app also checks the log on your Mac to obtain all scan reports from XProtect Remediator (XPR) in the last 24 hours. You can disable that check if you wish.

At the same time, SilentKnight uses the softwareupdate command tool to check whether any updates are available from Apple for that Mac, another feature you can disable if you wish.

All this information is assembled in the app’s window for you to see. If there are updates available, the app will normally display its button to Install All Updates, another behaviour you can change in its Settings.

Settings

To open its Settings window, use that command in the app’s SilentKnight menu. You’ll then see four settings:

at the top, a radio button to choose between options for checking and download behaviour,
a checkbox to set whether the Install All Updates button is shown or hidden,
a checkbox to set whether to check XPR scans in the log,
a checkbox to set whether to check for updates to SilentKnight itself.

sk250

Here are its standard settings, which you should use by default as they make life simpler.

The radio button selects how you want SilentKnight to check for and handle Apple’s updates:

Don’t check means that whenever you open the app it won’t check for Apple’s updates at all;
Download only means that the app will check for updates with Apple, but when you choose to fetch them, they will only be downloaded and not installed. That allows you to choose which to install, but some of those downloaded updates may not install properly when obtained in this way. It adds to your work, and makes use more complicated, but it’s available if you prefer.
Download and install means that when you click on the button to Install All Updates, SilentKnight will both download and install all available updates from Apple.

Note that SilentKnight never downloads or installs any updates automatically: you always have to tell it to do that by clicking on the button, or using a menu command. You remain in control.

sk251

It’s easy not to pay close attention to the list of updates available, and automatically click on the Install All Updates button. To help prevent you from doing that, you can set that button to be hidden by unchecking this checkbox. This doesn’t alter the behaviour set by the radio buttons, just determines whether that button is shown (ticked) or hidden (unchecked).

When you’ve made any changes in Settings that you want to stick, click on the Set button, then quit SilentKnight. Open it again, and open Settings to confirm that they’re set the way that you want. Although changing its settings doesn’t require quitting the app, that’s a good way to check that they should remain as you want them when you next use the app.

Checks and updates

This is an example taken from an Intel MacBook Pro which hasn’t been used for some weeks, and has fallen behind with its updates. Settings used are the standard, with Download and install and the Install All Updates checkbox ticked.

sk221

This shows both XProtect and XPR are out of date and need to be updated, and there were no XPR scans in the last 24 hours, as the Mac was shut down for the whole time.

sk252

Available updates include a mixture of two security updates, that will bring XProtect and XPR up to date, and two large macOS updates, either to macOS 12.6.1 or 13.0. Although I was going to upgrade this Mac to Ventura anyway, I’d much prefer to do that using Software Update with its progress bar and other aids. So what I wanted was to download and install just those two security updates. To do that, I opened the SilentKnight Updater window using the Install Named Update… command in the File menu, which lets me download and install each update individually.

Look carefully at each entry in the list of available updates, and they consist of a first line like
* Label: XProtectPayloads_10_15-83
followed by a line giving title, size, and other information including whether installing that update restarts your Mac.

sk253

To install a named update, select the name given after Label, here XProtectPayloads_10_15-83, copy that, and paste it into the box labelled Name of update in the SilentKnight Updater window. Then click on the Install Named Update button. The Software Update Tool then tells you what it has done, and here has successfully downloaded and installed that update.

Repeat that with any other updates you want to download and install.

When I did this on my MacBook Pro, I ran into a bug that’s currently affecting the Content Caching server in macOS. Although one of the updates installed fine, the second threw an error when trying to install, as typically happens with this bug.

sk223

What I did then was disable the Content Caching server (something you can now do directly in SilentKnight, using the command in its File menu), and once that was no longer active I clicked on the Install Named Update button again. SilentKnight was then able to install that update successfully, and I could enable the Content Caching server again.

Normally, when you use the Install All Updates button, once the updates are complete SilentKnight checks the versions again so you can be confident that it has worked properly and your Mac really is up to date. Because I used Install Named Update instead, I need to run that check manually by clicking on the Check button at the top of SilentKnight’s window.

sk225

The two red Xes have now gone, as the updates worked. Because XPR scans aren’t checked a second time, that information hasn’t changed. The information in the Latest updates installed now shows the most recent updates, and the other updates available are still listed as being available.

If I didn’t want to install any more updates, all I have to do now is quit SilentKnight. When I next open it, it will go through exactly the same sequence of checks, and no doubt still report that updates to 12.6.1 and 13.0 are available if I want them. But that’s my choice, and when I did upgrade that Mac to Ventura, I used Software Update rather than SilentKnight.

I hope this helps you get the most from SilentKnight.

26Comments

Add yours

1

EcleX on November 2, 2022 at 10:21 am

Many thanks! Perhaps “Name of update” could be replaced by “Label of update”. Or replace label by name. I mean, to have the very same word.

LikeLiked by 2 people
- 2
  
  hoakley on November 2, 2022 at 5:08 pm
  
  Thank you.
  A good idea, except that the command is called Install Named Update, not Install Labelled Update, which doesn’t really make sense. Whatever word is used, users have to know what they’re doing to use that feature.
  Howard.
  
  LikeLike
  - 3
    
    EcleX on November 2, 2022 at 7:51 pm
    
    Thanks. Users should know what they do, but the fact is that some make mistakes, like the ones that inadvertently upgraded from Monterey to Ventura via SilentKinight.
    
    Since that is the fact and we cannot change it, the more “idiot proof” is an interface, the better. For instance, replacing “Label” in SilentKnight window by “Name”, as it shows in the SilentKnight’s File submenu.
    
    That is not for me; I know already that. It is for others. Whatever you do will be fine for me.
    
    LikeLiked by 1 person
    - 4
      
      hoakley on November 2, 2022 at 9:08 pm
      
      Thank you.
      It may come as a surprise, but I actually spend a great deal of time thinking out different alternatives in the design of my apps, even down to the spacing and layout of routine parts of dialogs.
      I’m also very aware of an important adage: if it ain’t broke, don’t fix it. One of the worst things you can do to any app is to keep changing its design. Users notice little things. Changes unsettle and confuse – and a good example is seen here in Settings, which is new with SK 2, and I thought would make the user’s life much easier than the old menu options. Instead it has upset many people, and to a degree I regret trying to improve that.
      So, let’s consider what the breakage was, why some “inadvertently upgraded from Monterey to Ventura”. Was it anything to do with installing named updates? No, it was because those users, out of habit, clicked on Install All Updates by mistake.
      So what you’re proposing here doesn’t address the problem that I’m trying to fix at all, does it? Have any users, in all the feedback that has been given here, said that label in the Install Named Update window caused them any confusion, or resulted in error?
      You have yourself used that feature in the past. Like most users you needed a little help in discovering which text to copy and paste, which I hope is explained in the Help Reference, and in the tutorial above. Interestingly, at no time then did you make the suggestion that the label needed changing.
      If it ain’t broke, don’t fix it. It’s a good adage for software development, particularly the human interface.
      Howard.
      
      LikeLike
5

Greg on November 2, 2022 at 1:19 pm

Thanks for this explainer. It fully clarifies for me how your excellent utility works. I had misinterpreted the Settings dialog, even after reading the reference document. I feared that, with the defaults, SilentKnight was automatically downloading and installing updates when launched.

May I suggest an alternative presentation of Settings which might makes things clearer?

____
[✓] Check for SilentKnight updates
[✓] Check XProtect malware scan results
_____
Security data and software updates:
[✓] Check for available updates
All Updates button:
(•) Download and install
( ) Download only
( ) Hidden
_____

With the first two options for the button in the main window, it would be labelled ‘Install all updates’ or ‘Download all updates’ respectively.

LikeLiked by 1 person
- 6
  
  hoakley on November 2, 2022 at 5:14 pm
  
  Thank you.
  Sorry, you still don’t understand the difference between the radio buttons and the checkbox.
  The radio buttons determine the whole app’s behaviour. When set to Download only, the menu command, any button, and Install Named Update all change their behaviours, and don’t install at all, only download. Similarly, the Download and install option does the same, but each of those both downloads and installs.
  In contrast, hiding the Install Updates Button doesn’t change SK’s behaviour – the menu commands still do the same, as does Install Named Update, and they download and install.
  Thus the options you give the button don’t cover everything that changes.
  This is explained very clearly in the Help Reference.
  Howard.
  
  LikeLike
  - 7
    
    Greg on November 2, 2022 at 9:08 pm
    
    Thank you Howard. I now see what you mean about the option determining the 3 ways of proceeding with updates.
    
    Originally, I wrongly interpreted that ‘download’ or ‘download and install’ might happen automatically. The radio buttons present a choice between three alternatives, but there are two distinct behaviours. Firstly, whether SilentKnight checks for those updates _automatically_ on launch (as well as when clicking the ‘Check’ button to refresh). Secondly, when _manually_ use one of several commands, whether updates are downloaded only or installed.
    
    Therefore I suggest having, e.g. a ‘Check for updates’ checkbox, and separately a ‘For selected updates: (DL only / DL and install)’ option.
    
    Thank you for your collection of splendid utilities for our Macs.
    
    LikeLiked by 1 person
    - 8
      
      hoakley on November 2, 2022 at 9:20 pm
      
      Thank you.
      No – here I invoke economy and elegance in design. This isn’t something I just threw together, but the product of many hours of wrangling.
      You see, having Check for Updates as a separate option makes no sense. SK can’t know whether there are any updates to download or install without doing that, and can’t offer the button, whether or not you want it hidden. Therefore these are three mutually incompatible options, forming a single group of radio buttons.
      Otherwise, the user could have Check for Updates disabled, and then wonder why SK wouldn’t download and install updates (technically you can actually do that through the menu command, but that’s flying blind and very dangerous indeed!). Never present the user with an impossible combination of options, as someone will try it and complain at the unpredictable results.
      There are also no “selected” updates involved in Settings: this deals with all updates, whatever the options chosen. The only way to work with selected updates is in the Install Named Updates window, and that can only open when SK’s main window is open, where it will have listed updates that are available (although technically you can play blind man’s buff by entering random text in the hope of discovering a named update, again not a wise thing to try).
      Howard.
      
      LikeLike
    - 9
      
      Greg on November 2, 2022 at 9:35 pm
      
      I would say the [DL/install] option should be nested, and greyed out when ‘Check for updates’ is disabled.
      
      Additionally, the ‘Install’ menu commands are enabled even when ‘Don’t check’ is selected in Settings and the window shows a red cross, which I find odd.
      
      I haven’t thought about it as much as you have, so I defer to your judgment. I just wanted to let you know the reason of my original confusion. I was only reassured when you wrote today “Note that SilentKnight never downloads or installs any updates automatically: you always have to tell it to do that by clicking on the button, or using a menu command. You remain in control.”
      
      LikeLiked by 1 person
    - 10
      
      hoakley on November 3, 2022 at 6:17 am
      
      Thank you.
      Yes, you’ve spotted an anomaly in the menus that I need to re-examine in the next version. But arbitrarily disabling options in Settings on the basis of the state of a checkbox is very bad interface design. That’s exactly what radio buttons are designed to avoid.
      Howard.
      
      LikeLike
11

Dakotamoons on November 2, 2022 at 4:13 pm

PERFECT! KUDOS! THANK YOU Howard for taking the time to explain in detail, although most of this is already presented in your bundled PDF’s for each update, this simple to understand step-by-step tutorial really sealed the deal for me.

For some reason, perhaps it was the frontal lobotomy, I don’t know, I still was confused about the “Instal All Updates” button. Now I fully understand. As such I have set my SilentKnight prefs as follows to proceed in total, just short of unintentionally upgrading from on macOS to the next unintentionally.

Here’s a screenshot which, for me, should push SK to the limits just short of an unintended OS upgrade: https://9581826.com/SilentKnight.JPG

A million thanks Howard for everything you do.

LikeLiked by 1 person
- 12
  
  hoakley on November 2, 2022 at 5:17 pm
  
  Thank you.
  You’re making life more difficult for yourself than you need.
  I have this set to Download and Install, and Allow Install Updates ticked. I then read what updates are being offered before deciding what to do with them. If I see a macOS update, or a regular fortnightly update to Safari Tech Preview, all I do is quit SK, open Software Update, and run those from there. Once that’s done, I open SK to see if there’s anything left to install.
  But it’s your choice.
  Howard.
  
  LikeLike
13

Dakotamoons on November 2, 2022 at 4:22 pm

Greg, just a quick reminder though, unless I still don’t understand the “Download and Install” button.

For example, suppose SK determined a few security updates were available, AND, that a newer masOS version was too. If I understand correctly, if you have the “Download and Install” radio button is checked on, then if you were running Monterey, the Ventura would probably show up in the list of updates, and therefore would update your OS to Ventura by default?

Perhaps I still do not understand. Is there a distinction between “Updates” and “Upgrades” in SK terminology? In my case I NEVER would want SK to automatically “Upgrade” my OS, so I have that option _unchecked._

Am I missing something here?
Screenshot of my settings, intended to _prevent_ an OS update:

LikeLiked by 1 person
- 14
  
  Dakotamoons on November 2, 2022 at 4:26 pm
  
  I’m feeling so sorry for kicking a dead horse here, particularly as Howard went out of his way to create this tutorial. Please forgive me, but I just need to be sure. Sorry Howard, this must be driving you nuts. My bad.
  
  “Sometimes I read too much, so I just end up getting confused on much higher level.” ~attribution unknow
  
  LikeLiked by 1 person
- 15
  
  hoakley on November 2, 2022 at 5:21 pm
  
  Apple and I refer to an upgrade as being, for example, from Monterey to Ventura. An update is from 13.0 to 13.1. Both may be delivered by softwareupdate (and Ventura is), so can appear in the list of available updates.
  Howard.
  
  LikeLiked by 1 person
16

BenSar on November 2, 2022 at 4:27 pm

A million more. Thank you for taking so much more trouble to clarify SK’s usage. “We” (the users) never allow any imaginable obscurity to get voiced here!

I think that this time you have slain these dragons. Thank you…

… of course: no guarantee that more won’t raise their heads – or insist on “bettering” (i.e. changing) your choices!

LikeLiked by 2 people
- 17
  
  hoakley on November 2, 2022 at 5:22 pm
  
  Thank you.
  Howard.
  
  LikeLike
18

BenSar on November 2, 2022 at 5:08 pm

not get voiced, of course!

LikeLiked by 1 person
19

malcork on November 2, 2022 at 5:15 pm

This article is a good way to understand and use this application. Maybee i would appreciate tutorials for others Oakley’apps. Congratulations, it is a good beginning to improve comprehemsion and use of Oakley’apps. M.Corcoran >

LikeLiked by 2 people
- 20
  
  hoakley on November 2, 2022 at 5:24 pm
  
  Thank you. I try to produce them when I can. Are there any others you’d like?
  Howard.
  
  LikeLike
21

Panda Mery on November 3, 2022 at 3:40 am

A feature request for the Install Named Update command: instead of having a free text box in which to paste a label copied from the output area to have a list of available labels one can select. Ideally this would allow multiple selection.

Thank you for all these wonderful tools. SK is the one I use most.

LikeLiked by 2 people
- 22
  
  hoakley on November 3, 2022 at 6:32 am
  
  Thank you.
  If you think this through, you’ll realise why it makes this more complex and prone to failure.
  Getting the list of items for that menu in the first place relies on parsing softwareupdate output. As that’s loosely structure free text, that’s unreliable, and items you want could be omitted. So that menu has to be a Combo box, to allow the user to enter something not in that menu because of a parsing problem.
  I’ve not seen a Combo box that allows multiple selection, and I think that’s too complex for many users to try to use.
  Even if it was simple, this puts the user at risk of easily selecting the wrong item, and accidentally installing an unwanted macOS update, because the labels in that menu are taken out of context, and don’t display the full name or size of the item. That is after all the current issue that I’m trying to address – human error.
  Even if that wasn’t true, there’s another problem. Once that/those installs had been completed, the list of items forming the menu has to be updated to allow for those installs. You can’t do that at all for download-only, so multiple downloads would have to be accepted. For installs, the only way to discover what is available after a partial update is to rebuild that menu from scratch, and that requires running softwareupdate again to discover what updates are now available. Although that normally only takes 10-20 seconds, it can on occasion take several minutes, during which that menu would be unavailable and the window unusable.
  What at first appears to be a simple answer becomes a real mess, putting the user at risk of being unable to use the feature while waiting for a response from Apple’s update servers.
  Finally, the primary purpose of SilentKnight is to help users keep their Macs up to date with the latest security updates, and that normally involves downloading and installing all available updates, not making elaborate arrangements to avoid installing some of them. That might be the primary purpose of another app, perhaps, but knowing the pain involved, I’m happy for someone else to write that.
  Howard.
  
  LikeLiked by 2 people
23

Max Anglad on April 1, 2023 at 1:42 pm

Thank you very much for all these valuable tools you are developing.

Yesterday I got tricked with the “Install all updates” button because in the list of possible updates there was the switch to Ventura (in fact, yesterday I had just done the Big Sur -> Monterey update, thanks to the mrmacintosh.com site, but I had no intention of switching to Ventura at all, preferring to wait for a version of macOS to be completely stable before switching to it).

I used to click on “Install all updates” without looking too much at the details, because in my mind SilentKnight only dealt with security updates (XPR, MRT, …) and not major updates like a new macOS major version.

It must be said (and it’s my fault) that I had never taken the time to properly read the SilentKnight user manual.

When I realized that I had triggered the update to Ventura, I interrupted the process in the “System Preferences / Software Update” but it was not without consequence…

Although everything seems normal in my session, I realized that I had “damaged” my recovery partition, because it had become impossible to boot on it by Command + R :-@

Finally I managed to repair my recovery partition by performing a second installation of Monterey (so on my already installed Monterey, again using the mrmacintosh.com installers, which most often are just links to Apple’s servers) and everything is back to normal because I can boot again, if I wish, on the recovery by Command + R.

I have now disabled the display of the “Install all updates” button and will proceed as recommended by File / Install Named Update…

However, perhaps it would be wise to display a large alert window when, when you click on “Install all updates”, there is also a major update in the list such as a macOS version change, which it is best done (I agree with you) via System Preferences…

LikeLiked by 1 person
- 24
  
  hoakley on April 1, 2023 at 8:50 pm
  
  I’m sorry to hear that, but happy that you found a way out.
  This issue has been discussed to exhaustion. Sadly, there’s no reliable way to tell the type of updates being offered. Any such mechanism would have false positives and false negatives, which would be even more troublesome. Besides, where would you draw the line? Currently, you can download and install Safari Tech Preview updates using SilentKnight. Would you want those banned? What about Rapid Security Responses (RSRs), which could be fairly substantial?
  If it were only clearer and more simple, I would have done this years ago. Instead you now have several ways to control this, including disabling the Install all updates button altogether if you wish. The side-effect of that is that a steady stream of users email me complaining that SilentKnight won’t offer to install the updates. So whatever I do is wrong for someone.
  Howard.
  
  LikeLike
  - 25
    
    Max Anglad on April 1, 2023 at 9:38 pm
    
    You’re right, I fully understand the problem of sorting updates whose criteria ultimately depend on each user.
    
    To avoid any hasty and ultimately unwanted updates, the simple solution is to no longer display the “Install all updates” button and go through the File / Install Named Update menu…
    
    SilentKgnigt is an invaluable tool, thank you again for your immense work and all these tools that you make available to us 🙂
    
    LikeLiked by 1 person
    - 26
      
      hoakley on April 2, 2023 at 8:01 am
      
      Thank you.
      Howard.
      
      LikeLike