Author: GC (at)sysin.org, homepage: www.sysin.org

Please visit the original link: sysin.org/article/dis… To view the latest version. Original works, reproduced please retain the source.

With the release of macOS Big Sur 11.3, the reliability and performance of macOS 11 have been greatly improved, and the next version 11.4 is considered to be directly blocked. By November 11, Big Sur’s mission to renew was almost complete. It’s time to block automatic updates!

Tip:

The following steps are not entirely necessary, but performing all of them will ensure that the update notification horn appears to resolve stubborn problems.

This article is for macOS Big Sur, with limited availability in lower versions.

If it is a new installation, do not connect to the Internet for the time being to make sure that updates are perfectly blocked.

1. Disable the automatic update option

Please go to  > System Preferences and click Software Update.

Uncheck: “Automatically keep my Mac Up to date”

See also: Changing software Update preferences on a Mac

2. How does macOS Big Sur automatically update

Path: Detection > Notification > Download

  • Detection: process/usr/libexec/nsurlsessiond access Apple related detection software update URL;

  • Notice: process /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Versions/A/Resources/SoftwareUpdateNotificationManager.app/Co Ntents MacOS/SoftwareUpdateNotificationManager responsible for notifying, produce the system update tag (red dots);

  • Download: process/System/Library/PrivateFrameworks/MobileSoftwareUpdate framework/Support/softwareupdated responsible for downloading the software updates.

So to block automatic updates and update flags, the solution is as follows:

Detect (Block network access) > Notify (Cancel execution permission) > Download (Block network access).

3. Block network access

3.1 Edit the hosts file and add the following content

Manual editing: Open the terminal and run sudo vi /etc/hosts to add the following items.

127.0.0.1 swscan.apple.com
127.0.0.1 swcdn.apple.com
127.0.0.1 swdist.apple.com
Copy the code

SwitchHosts! Is recommended. (Free software).

This step is usually used to take effect. Automatic updates have been masked.

3.2 Or (or both) use firewall software

Recommend Little Snitch, a commercial app

  • New rule 1: Prohibit downloading and updating data

    Process Name: / usr/libexec/nsurlsessiond

    Deny Outgoing Connections

    To: Any Server

  • New rule 2: Prohibit network access for Big Sur download process

    Process Name: / System/Library/PrivateFrameworks/MobileSoftwareUpdate framework/Support/softwareupdated

    Deny Outgoing Connections

    To: Any Server

Note: in the macOS Catalina process/System/Library/CoreServices/Software Update. App/Contents/Resources/softwareupdated responsible for downloading Software updates.

4. Clear the system update mark (red dot 1)

4.1 Temporarily clear the system update flag

If an update has been detected, you can temporarily remove the update notification flag using the following method.

Open Terminal and run the following command:

defaults write com.apple.systempreferences AttentionPrefBundleIDs 0
Killall Dock
Copy the code

4.2 Modifying Permissions (Generally Ignored)

In macOS Big Sur, system integrity protection is further enhanced compared to previous versions, and the following file permissions cannot be changed in “Recovery mode”. The following steps are for reference only.

  1. To ensure that FileVault is disabled (by default), go to  >> System Preferences… >> Security and Privacy >> File Safe.

  2. Switch to recoveryOS, open the terminal, and run the following command:

    See: About macOS Recovery: Restart your computer and enter Recovery mode by holding Command + R while the screen is black (you can hold Command + R until the Apple logo screen appears). Then click the menu bar, “Utilities >> Terminal”.

    csrutil authenticated-root disable
    Copy the code
  3. Restart to macOS as normal.

  4. Find the device to be mounted by running the mount command (defined here as

    ) :

    $ mount
    /dev/disk1s5s1 on / (apfs, sealed, local, read-only, journaled)
    Copy the code

    Note: /dev/disk1s5s1 indicates /dev/disk1s5, and s1 indicates Snapshot 1.

  5. Create a new directory for mounting (defined here as <MOUNT_PATH>) :

    For example: ~ / mount

    mkdir -p -m777 ~/mount
    Copy the code
  6. Perform mount:

    sudo mount -o nobrowse -t apfs <DISK_PATH> <MOUNT_PATH>
    Copy the code

    For example, use the value above:

    sudo mount -o nobrowse -t apfs /dev/disk1s5 ~/mount
    Copy the code
  7. Modify the file under <MOUNT_PATH>.

    Such as:

    cd~/mount sudo chmod 644 System/Library/PrivateFrameworks/SoftwareUpdate.framework/Versions/A/Resources/SoftwareUpdateNotificationManager.app/Con tents/MacOS/SoftwareUpdateNotificationManagerCopy the code
  8. Executing sudo bless – folder < MOUNT_PATH > / System/Library/CoreServices – bootefi – create – the snapshot.

  9. Restarting the system takes effect.

Note: In macOS Catalina, you only need to operate recoveryOS. The operations are as follows:

  1. Enter recovery mode (starting to recoveryOS) :

    Restart the computer and press Command + R while the screen is black to enter recovery mode (you can hold Command + R until the Apple logo screen appears).

    See: About macOS recovery features

  2. Open Utilities -> Terminal:

    # switch to the volume where the system is located, default name is "Macintosh HD"
    cd /Volumes/Macintosh\ HD
    If the system volume name is Mac
    cd /Volumes/Mac
    Copy the code
  3. Cancel SoftwareUpdateNotificationManager executable permissions (the default access is 751) :

    The process is running when detecting system updates, and even if network access is blocked, a notification flag may still appear, so modify its executable permissions to disable it.

    chmod 644 System/Library/PrivateFrameworks/SoftwareUpdate.framework/Versions/A/Resources/SoftwareUpdateNotificationManager.app/Con tents/MacOS/SoftwareUpdateNotificationManagerCopy the code
  4. Exit terminal, restart computer, complete operation.

5. Update if necessary

Patch Installation is not recommended. You can use the complete software package to upgrade or install the patch.

  • Download this macOS image and complete the installation. MacOS Big Sur

  • Or unblock section 3 above, visit the App Store and download the complete macOS software package. After downloading, it will be automatically saved under “Applications” and you can install it directly.

6. Disable App Store updates

6.1 Ensuring App Store > Preferences… Uncheck “Automatic Update” (default)

6.2 Clearing update Markers (Digital Corner Markers)

If updates have been detected and red dots appear on the App Store icon, open the terminal and run the following command to clear them:

defaults write com.apple.appstored.plist BadgeCount 0
Killall Dock
Copy the code

Reference: developer.apple.com/documentati…

6.3 Disabling global App updates

Edit the hosts file and add the following information:

Manual editing: Open the terminal and run sudo vi /etc/hosts to add the following items.

127.0.0.1 gsp64-ssl.ls.apple.com
Copy the code

Note: The address may be different due to network environment differences. If the address is invalid, please feedback. Using a firewall to block processes solves this problem once and for all.

SwitchHosts! Is recommended. (Free software).

Or (or both) using firewall software:

Recommend Little Snitch, a commercial app

  • New rule 1: Prohibit downloading and updating data

    Process Name: / usr/libexec/nsurlsessiond

    Deny Outgoing Connections

6.4 Disabling an App Update

Open Finder, browse to the Applications sidebar, find the App that doesn’t need to be updated, right click “Show package contents”, and you’ll see the Content folder. Expand it and you’ll see the _MASReceipt folder underneath. To disable automatic detection of App Store software updates, simply delete the _MASReceipt folder.