Until Sequoia, it was simply downloaded and installed as any other software update. Since then it has changed frequently and its behaviour can now confuse.
softwareupdate
Three XProtects, and one of them installed in two different locations. How they’re updated, and how you can ensure your Mac keeps up to date with them.
I had left my Mac running near midnight. Next morning it had shut down in the middle of an unwanted macOS update. Here’s how macOS went against my express settings.
iCloud is now used for key services including notarization checks. For XProtect updates, it should be quicker and simpler, so long as you mind the pinniped.
There are no changes for Sonoma and earlier macOS, and Sequoia 15.0-15.1.1 will also continue working as before. But 15.2 and later work differently, as explained here.
Does XProtect confuse you in Sequoia? Do you know why it could show as version 0, 5273 or 5274? Here’s a guide to what I think is going on.
There should be an update available, but you can’t find it, or it fails to install, or you have problems with a Content Caching Server. How to tackle these.
How SilentKnight can install macOS updates, up to a point, and how you can recover from an inadvertent download of a macOS update.
While other Macs had happily updated XProtect’s data in the normal way, my Sequoia beta system told me it was out of date, and refused to find an updater. Then I recalled an old tweet.
Extends checks on XProtect Remediator scans to cover the previous 36 hours, and is ready for use with macOS 15 when it arrives.
The Eclectic Light Company 