diff --git a/lib/check/all.sh b/lib/check/all.sh
index 0c12274..ac05e27 100644
--- a/lib/check/all.sh
+++ b/lib/check/all.sh
@@ -236,7 +236,7 @@ check_macos_update() {
     if [[ $(get_software_updates) == "Updates Available" ]]; then
         updates_available="true"
 
-        # Verify with softwareupdate -l (short timeout) to reduce false positives
+        # Verify with softwareupdate using --no-scan (fast) to reduce false positives
         local sw_output=""
         local sw_status=0
         local spinner_started=false
@@ -245,7 +245,9 @@ check_macos_update() {
             spinner_started=true
         fi
 
-        if ! sw_output=$(run_with_timeout 5 softwareupdate -l 2> /dev/null); then
+        if sw_output=$(run_with_timeout 10 softwareupdate -l --no-scan 2> /dev/null); then
+            sw_status=0
+        else
             sw_status=$?
         fi
 
@@ -253,10 +255,9 @@ check_macos_update() {
             stop_inline_spinner
         fi
 
-        # If command failed, timed out, or returned empty, treat as no updates to avoid false positives
-        if [[ $sw_status -ne 0 || -z "$sw_output" ]]; then
-            updates_available="false"
-        elif echo "$sw_output" | grep -q "No new software available"; then
+        # Prefer avoiding false negatives: if the system indicates updates are pending,
+        # only clear the flag when softwareupdate explicitly reports no updates.
+        if [[ $sw_status -eq 0 && -n "$sw_output" ]] && echo "$sw_output" | grep -q "No new software available"; then
             updates_available="false"
         fi
     fi
diff --git a/tests/system_maintenance.bats b/tests/system_maintenance.bats
index 0daf044..8c5e8a3 100644
--- a/tests/system_maintenance.bats
+++ b/tests/system_maintenance.bats
@@ -186,25 +186,38 @@ EOF
     [[ "$output" == *"COUNT=0"* ]]
 }
 
-@test "check_macos_update warns when update available" {
+@test "check_macos_update avoids slow softwareupdate scans" {
     run bash --noprofile --norc <<'EOF'
 set -euo pipefail
 source "$PROJECT_ROOT/lib/core/common.sh"
 source "$PROJECT_ROOT/lib/check/all.sh"
 
-softwareupdate() {
-    echo "* Label: macOS 99"
-    return 0
+defaults() { echo "1"; }
+
+run_with_timeout() {
+    shift
+    if [[ "${1:-}" == "softwareupdate" && "${2:-}" == "-l" && "${3:-}" == "--no-scan" ]]; then
+        cat <<'OUT'
+Software Update Tool
+
+Software Update found the following new or updated software:
+* Label: macOS 99
+OUT
+        return 0
+    fi
+    return 124
 }
 
 start_inline_spinner(){ :; }
 stop_inline_spinner(){ :; }
 
 check_macos_update
+echo "MACOS_UPDATE_AVAILABLE=$MACOS_UPDATE_AVAILABLE"
 EOF
 
     [ "$status" -eq 0 ]
-    [[ "$output" == *"macOS"* ]]
+    [[ "$output" == *"Update available"* ]]
+    [[ "$output" == *"MACOS_UPDATE_AVAILABLE=true"* ]]
 }
 
 @test "run_with_timeout succeeds without GNU timeout" {