Skip to main content

Overview

This guide provides IT administrators with the necessary steps to ensure Cluely’s automatic updates work properly on managed work computers. Cluely uses secure, signed updates to deliver new features and security patches to ensure optimal performance and security.

”An Update Is Ready To Start”

If you are getting a native macOS Update Helper request every 5- 15 minutes, **please note that these are not Update Requests. **Cluely only releases every 2 days. You are using Cluely on a laptop that is strictly IT or MDM managed. Cluely requests system access every 5 minutes to refresh for calendar events, audio changes, and update checking. This is not something we can disable, but you can intro your IT team to our sales team to get Cluely approved system wide. In the meantime, please use Cluely on a non-work laptop.

Common Issues

Update Helper: Admin Password

Seeing a request to enter MacOS password to approve an update? This is a sign you have a corporate managed device and an IT Admin did not approve or install Cluely. The root of the problem is that these apps were installed system-wide (and thus triggering the work level approval), instead of local user storage.
  1. **Local Applications Fix: **
    The immediate workaround is to copy Cluely to a place where your current user has write access: killall Slack && rsync -av --delete /Applications/Slack.app/ ~/Applications/Slack.app/ && open ~/Applications/Slack.app     (if you prefer the Finder, drag and drop instead).

    Now when the Cluely application’s built-in update mechanism tries to write to its files, it can. No more annoying pop-up windows!
  2. Delete the Cluely.dmg and Have an IT Admin Install Cluely Instead

Network Requirements

Required Domain Whitelisting

To allow Cluely auto-updates, whitelist the following domains in your firewall, proxy, and network security settings: Core Cluely Services:
  • platform.cluely.com
  • service.transcribe.cluely.com
  • app.cluely.com
  • desktop.cluely.com
  • desktop.app.cluely.com
  • flags.cluely.com
  • img.cluely.com
Update-Specific Endpoints:
  • updates.cluely.com (primary update server)
  • downloads.cluely.com (update package downloads)
  • api.cluely.com (update check API)

Network Protocol Requirements

Ensure the following protocols are allowed:
  • HTTPS (443) - For secure update downloads and API communication
  • WebSocket Secure (WSS) - For real-time update notifications
  • HTTP/2 - For efficient update package delivery

Corporate Network Considerations

If your organization uses:
  • Corporate Proxy: Configure proxy settings to allow Cluely update traffic
  • SSL Inspection: Add Cluely domains to SSL inspection bypass list
  • Content Filtering: Whitelist Cluely domains to prevent update blocking

Code Signing Certificate Management

Cluely signs all update packages with digital certificates to ensure authenticity and integrity. You must recognize and trust these certificates on managed devices.
  • macOS
  • Windows

1. Retrieve Cluely’s Code-Signing Certificate

Download the latest Cluely application from cluely.com/downloads and extract the certificate information:
# Navigate to the downloaded Cluely.app
cd /Applications/Cluely.app

# Display code-signing information
codesign -dv --verbose=4 /Applications/Cluely.app

# Get certificate details
codesign -d --extract-certificates /Applications/Cluely.app
Look for the Authority field in the output, which shows the certificate’s Common Name (CN).

2. Configure Application Whitelisting

For Google Santa:
# Whitelist by certificate SHA-256 hash
sudo santactl rule --whitelist --certificate --sha256 <SHA-256_HASH>

# Whitelist by team identifier
sudo santactl rule --whitelist --teamid <TEAM_ID>
For Jamf Pro:
  1. Navigate to Configuration Profiles
  2. Create new profile for Application & Custom Settings
  3. Add Cluely’s team identifier to allowed applications
  4. Deploy to managed devices
For Microsoft Intune:
  1. Go to Device Configuration > macOS > Configuration Profiles
  2. Create new profile with “Application & Custom Settings”
  3. Add Cluely’s bundle identifier and team ID
  4. Assign to device groups

3. Gatekeeper Configuration

Ensure Gatekeeper allows Cluely updates:
# Check current Gatekeeper status
spctl --status

# Allow Cluely specifically (if needed)
sudo spctl --add /Applications/Cluely.app

4. Notarization Trust

Cluely updates are notarized by Apple. Ensure your devices trust notarized applications:
# Verify notarization
spctl --assess --verbose /Applications/Cluely.app

Update Mechanism Configuration

Automatic Update Settings

Cluely checks for updates automatically. Ensure these settings are configured: macOS:
  • System Preferences > Software Update (ensure automatic updates are enabled)
  • Allow Cluely to run background processes for update checks
Windows:
  • Windows Update settings should allow automatic updates
  • Ensure Windows Defender doesn’t block Cluely update processes

Update Frequency

Cluely typically checks for updates:
  • On application startup
  • Every 24 hours when running
  • When manually triggered by user

Monitoring and Troubleshooting

Update Status Monitoring

Monitor update success through: macOS: 
# Check Cluely version
/Applications/Cluely.app/Contents/MacOS/Cluely --version

# View update logs
log show --predicate 'process == "Cluely"' --last 1h
Windows: 
# Check Cluely version
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | Where-Object {$_.DisplayName -like "*Cluely*"}

# View Windows Event Logs
Get-WinEvent -FilterHashtable @{LogName='Application'; ID=1000} | Where-Object {$_.Message -like "*Cluely*"}

Common Issues and Solutions

Updates Blocked by Antivirus:
  • Add Cluely update directories to antivirus exclusions
  • Whitelist Cluely processes in real-time protection
Network Connectivity Issues:
  • Verify all required domains are whitelisted
  • Test connectivity to update servers
  • Check proxy configuration
Certificate Trust Issues:
  • Re-import Cluely’s certificate
  • Verify certificate hasn’t expired
  • Check certificate chain validation

Security Considerations

Certificate Validation

  • Regularly verify Cluely’s certificates haven’t been revoked
  • Monitor for certificate expiration dates
  • Subscribe to Cluely security notifications

Update Integrity

  • All updates are cryptographically signed
  • Verify update packages before deployment
  • Monitor for any security advisories from Cluely

Network Security

  • Use HTTPS for all update communications
  • Implement proper firewall rules
  • Monitor update traffic for anomalies

Best Practices

  1. Test Updates: Deploy updates to a test group before organization-wide rollout
  2. Monitor Performance: Track update success rates and user experience
  3. Document Changes: Keep records of certificate updates and policy changes
  4. Regular Reviews: Periodically review and update whitelist and certificate configurations
  5. User Communication: Inform users about update schedules and expected behavior

Support and Resources

For additional support with Cluely auto-updates on managed devices:
  • Technical Support: Contact Cluely support with your organization’s details
  • Certificate Updates: Monitor cluely.com/downloads for certificate changes
  • Security Advisories: Subscribe to Cluely security notifications
  • Documentation: Refer to Cluely’s enterprise documentation for additional configuration options

Compliance and Audit

Maintain compliance with your organization’s security policies by:
  • Documenting all certificate installations
  • Recording network whitelist configurations
  • Auditing update success rates
  • Maintaining logs of update activities
  • Following your organization’s change management procedures
I