MacOS users, check xp.apple.com
If you're a MacOS user, check your logs for
xp.apple.comApple uses that host to update MacOS built-in security software called Xprotect.
That host is included in 1Hosts - Pro. It might be in others as well, I haven't looked any further than what caused it to be blocked in MY system. My own system had not updated Xprotect since April 2022
Check your logs and consider adding xp.apple.com to your allow list.
I discovered this issue while trying a third party tool called SilentKnight which can be found here: https://eclecticlight.co/lockrattler-systhist/
12 replies
-
FYI this domain is blocked on my side and no issue to update all my Apple OS devices (MBP, iPhone, iPad and AW). Then, I am confused when it is needed by Apple to update their OS. However there is no description in Apple table, so it makes me wondering about the real purpose of this query...
-
Pierre Cartier in my original post I said it prevents xprotect from updating. I didn’t have any other problems. I wouldn’t have known until using SilentKnight which checks for xprotect updates.
-
Calvin Hobbes Sorry I was also reacting on Gerd message. Anyway no issue on XProtect either. I just check again. See results below. Not sure XP.apple.com is the source of the issue.
-
Pierre Cartier hmm…interesting. Do your logs show xp.apple.com as being blocked?
On my system SilentKnight showed XProtect as being out of date, My logs showed xp.apple.com as being blocked so I added it to my allow list. Then I was able to update XProtect. The block was from one of the more aggressive lists (don’t recall which).
-
Calvin Hobbes
Hi. The blocking list is 1Hosts Pro see screen shot. Somehow my experience is the opposite of yours, strange indeed.
I will check this with Badmojr who is maintaining the list. I'll keep you posted.
-
Calvin Hobbes I had an extensive discussion with the list owner. He won't whitelist the domain as he considers it as a tracker even if it is for security updates. Strangely he doesn't block the other domains from Apple Security section to follow his way of thinking.
Nothing much we can do except whitelisting the domain.
-
Pierre Cartier that’s what I did. No point in arguing with the list maintainers
-
Calvin Hobbes
He sent me this video as a PoC.
You might also want smooth.apple.com in your allow list.
-
Calvin Hobbes
FYI
https://oisd.nl/excludes.php?w=xp.apple.com
Required for installing, restoring, and updating macOS, iOS, iPadOS, watchOS, and tvOS.
See https://support.apple.com/en-us/HT210060
*SMOOT.APPLE.COM - Needs to be allowed. design team complains Spotlight Search not working.
https://oisd.nl/excludes.php?w=smoot.apple.com
specifically: https://oisd.nl/excludes.php?w=api.smoot.apple.com
-
-
To conclude I still found strange that I am not still facing the XProtect issue you have.
-
I don’t have a problem. I added xp.Apple.com to allow list and all is good. I was merely trying to inform others that their XProtect might not be updating without realizing it. I was unaware until using the SilentKnight utility. That’s all.
Content aside
-
1
Likes
- 1 yr agoLast active
- 12Replies
- 1332Views
-
3
Following