About the "Install system data files and security updates" checkbox in App Store prefs

Check your settings in the App Store System Preference Pane. By default Install macOS updates is not checked. If you checked it and now do not want the updates to install automatically, uncheck it.

Do not uncheck “Install system data files and security updates”, this should always be enabled.


Why do you state " Do not uncheck “Install system data files and security updates”, this should always be enabled"? As with any Mac update for the OS (“delta”/incremental or Combo), one can download such updates separately from the App store, and thus have much more control over the update process. That is what I have always done.

That’s to make sure you get things like Gatekeeper updates and the like. It doesn’t auto install any actual OS or application update, just the data files that Apple updates frequently to make sure that malware, viruses, and other bad stuff gets caught.

That’s the only thing I auto install. Everything else I just update manually…and I always get the the 10.x.x Combo Updater rather than let each individual machine down it’s particular needs for the update.

Yes, as Neil said, that checkbox does NOT control updates you can get in any other way at that point. It’s for things like XProtect updates, which Apple releases silently whenever they become necessary. You might get them when you do a macOS update, but that may take a while. I’ll bet @alvarnell can tell us exactly what’s in those updates.

That setting has nothing to do with OS updates, it’s about security updates. It should never be disabled.

NOT TRUE! As others have said, that’s for background updates that are not downloadable separately from the App Store. Those are security and other database updates that all users need to keep their Mac safe and sound.

I have downloaded security updates before.

Those are not the same thing at all. Rather, they are the periodic patches to older (usually the previous two) macOS / OS X versions. They are totally different and not related at all to the setting for “system data files and security updates” we are discussing here. None of those can be downloaded from MAS or Apple Support’s download site. Once a day there is a check for anything new and they automatically download and install in the background.

Here’s a tool from a colleague of mine that will show you most of them: https://sqwarq.com/critical-updates/


Again, I have downloaded OS-specific Security Updates before. But I went ahead and turned the option on. How will I be notified when such updates have occurred?

And thanks for that link.

Run the critical updates app. Here’s what mine shows. Note the distinction between the “security update” in the app store and the different stuff shown in the window.

I actually turned on the option in the System Preference, App Store. I also downloaded the app and ran it. So far, nothing shows up in red.

One annoyance: with the option turned on, I am getting “Notifications” about some updates being available. Wish I could turn that off.

Can you take a screenshot of one? I don’t think I’ve seen hardly any notifications from this setting, though it’s possible you’re getting them all at once from not having had it on.

I’m going to split this discussion out into its own topic now, since it’s strayed quite a bit from the original.

Of course those area available, but those are not what’s being discussed here.

You won’t be notified. At a random time every 24-hours, when your computer is awake and logged in, the OS will check to see if there are any new updates and download them in the background. The only way to know your up-to-date is to check manually with Critical Updates or in my case I have used an AppleScript and a shell script to check.


I just hope such “behind the scenes” updates are small, and will not cause any issues. I much rather have full control over any kind of update.

Actually the (valid) notifications are for 2 apps I had previously purchased from the app store. But ever since I downloaded (and had them installed) both of them earlier today (on both of my Macs)< I am no longer getting any kind of notifications.

They are all quite small and there is a much bigger potential for issues if you don’t enable them.

My guess is that they were already installed by the time you checked with Critical Updates and since CU compares what it saw the last time it was launched with what it sees now, since there wasn’t any “before” to compare it to, all the entries would be in black.

As long as it lists the following versions, you should be OK:

Protect 2099(1)

Gatekeeper 138(1)

Malware Removal Tool 1.30(1)

Most of the others depend on what version of macOS you are running.

Another way to tell if they installed is to launch System Information… from the Apple menu -key down, and under Software click on Installations. Then click twice on the date column to show the latest and you should see entries for each around the time you enabled them…