Disable Content Caching

What the Content Caching Disabler does

This Automox Worklet™ disables Apple's Content Caching service on macOS endpoints. Content Caching allows a Mac to cache and serve Apple software updates, iCloud data, and App Store content to other Apple endpoints on the local network. When enabled, the endpoint operates as a local content server.

The Worklet checks the Activated status in the AssetCache preferences and uses the AssetCacheManagerUtil command to deactivate the service if it is currently enabled.

Why disable local content caching

Content caching in macOS stores software updates, app downloads, and iCloud data locally to serve other endpoints on the network. This feature consumes significant disk space and network bandwidth while creating a local cache that may contain sensitive data from other users. Endpoints acting as content cache servers become attractive targets for attackers seeking to access cached credentials, application data, or software packages.

Organizations with limited endpoint storage capacity cannot afford to dedicate disk space to content caching. macOS automatically allocates cache storage that grows over time, potentially filling the disk and causing system performance issues or application failures. Disabling content caching reclaims this storage for business-critical uses.

Network administrators who manage bandwidth allocation through dedicated cache servers or content delivery networks should disable endpoint-level caching. Redundant caching layers create unnecessary network complexity and make it harder to monitor and control software distribution across your organization.

How Content Caching management works

1. Evaluation phase: The Worklet reads the Activated value from /Library/Preferences/com.apple.AssetCache.plist. If the value is 0, Content Caching is disabled and the endpoint is compliant. If the value is 1 or the preference indicates activation, remediation is triggered.

2. Remediation phase: The Worklet executes AssetCacheManagerUtil deactivate to disable the Content Caching service. This built-in utility properly stops the service and updates the configuration to prevent automatic re-enabling.

Content Caching management requirements

• macOS endpoint (workstation or server)

• Administrative privileges for running AssetCacheManagerUtil

• macOS Sierra 10.12.4 or later (Content Caching was introduced in this version)

Expected caching behavior

After remediation, macOS endpoints stop caching content for network distribution. The endpoint no longer stores software updates, app downloads, or iCloud data for sharing with other endpoints. Disk space previously used for caching becomes available for user files and applications.

The Worklet confirms content caching is disabled through its evaluation phase. You can verify the setting by checking System Preferences under Sharing or reviewing Worklet execution results in the Automox console showing the cache service is stopped.

How to validate disable content caching changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for disable content caching.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit, else.

4. Validate remediation effects from script operations such as exit, else, AssetCacheManagerUtil, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for disable content caching. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as exit, else and remediation operations such as exit, else, AssetCacheManagerUtil. Use these indicators to verify that endpoint changes match intended policy outcomes.