I not too long ago up to date my 2017 MBP to Ventura. Ever since, my system has been working very poorly
I’ve famous that 90% of the time, when it’s performing up, there may be an XProtectRemediatorSnowBeagle course of taking on 2.01 GB of RAM – persistently. It doesn’t go away, and force-quitting solely works perhaps half the time. Attempting to kill it from terminal typically fails as properly, with some variant of “Operation Not Permitted”
It is normally a root-owned course of. A minimum of as soon as, there’s been a second copy of it, taking on one other 2.01 GB of RAM, owned by the energetic consumer account
Different remediators, like XProtectRemediatorAdload, appear to run usually – they rise up to one thing like 1.5 GB of RAM, after which end what they’re doing and stop. This one does not. It simply sticks round in RAM
Sampling it in Exercise Monitor exhibits a name graph held on a _dispatch_group_wait_slow -> _dlock_wait -> __ulock_wait. I am unable to discover any suspicious recordsdata open with lsof
I have not tried a recent set up but. I am hoping to keep away from it, because it’s at all times a nightmare to get the whole lot configured how I need it once more. I would actually desire to diagnose what’s inflicting it to hold, and eliminate that… or reinstall XProtect, if that is a factor… or simply disable it altogether, tbh, as I am fairly assured in my skill to keep away from malware by myself – however I am unable to determine the best way to do any of that
Any concepts? I’ve tried an SMC reset, NVRAM / PRAM reset, disabling csrutil… no cube.
Uncooked logs under
dtruss:
SYSCALL(args) = return
bsdthread_ctl(0x100, 0x800004FF, 0xFFFFFFFF) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310B) = 0 0
kevent_id(0x7FCF9BF68EF0, 0x700000F3F338, 0x1) = 0 0
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x700000F3F5B0, 0x1) = 0 0
thread_selfid(0x0, 0x0, 0x0) = 233467 0
bsdthread_ctl(0x100, 0x0, 0x310B) = 0 0
workq_kernreturn(0x100, 0x700000DB6B80, 0x1) = 0 Err#-2
bsdthread_ctl(0x100, 0x800004FF, 0xFFFFFFFF) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
workq_kernreturn(0x20, 0x0, 0x1) = 0 0
workq_kernreturn(0x40, 0x700000F3FB80, 0x0) = 0 Err#-2
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x700000DB66A0, 0x1) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
kevent_id(0x7FCF9BF66FC0, 0x700000F3F918, 0x1) = 0 0
workq_kernreturn(0x40, 0x700000DB6B80, 0x0) = 0 Err#-2
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
madvise(0x7FD056009000, 0x1000, 0x7) = 0 0
psynch_cvbroad(0x7FD055008F68, 0xC0000000D00, 0xC0000000100) = 257 0
psynch_cvwait(0x7FD055008F68, 0xC0100000D00, 0xC00) = 0 0
ulock_wake(0x1000002, 0x102867E00, 0x0) = 0 0
ulock_wait(0x1050002, 0x102867E00, 0x3312) = 0 0
workq_kernreturn(0x100, 0x700000DB6B80, 0x1) = 0 Err#-2
__disable_threadsignal(0x1, 0x0, 0x0) = 0 0
madvise(0x7FD05600B000, 0x1000, 0x7) = 0 0
workq_kernreturn(0x4, 0x0, 0x0) = 0 Err#-2
Exercise Monitor Pattern:
Evaluation of sampling XProtectRemediatorSnowBeagle (pid 4878) each 1 millisecond
Course of: XProtectRemediatorSnowBeagle [4878]
Path: /Library/Apple/*/XProtect.app/Contents/MacOS/XProtectRemediatorSnowBeagle
Load Handle: 0x10271a000
Identifier: XProtectRemediatorSnowBeagle
Model: 126
Code Sort: X86-64
Platform: macOS
Dad or mum Course of: XProtectPluginService [395]
Date/Time: 2024-02-21 18:35:09.954 -0500
Launch Time: 2024-02-21 18:11:30.241 -0500
OS Model: macOS 13.6.4 (22G513)
Report Model: 7
Evaluation Software: /usr/bin/pattern
Bodily footprint: 2.0G
Bodily footprint (peak): 2.4G
Idle exit: untracked
----
Name graph:
2519 Thread_204892 DispatchQueue_1: com.apple.main-thread (serial)
+ 2519 begin (in dyld) + 1903 [0x7ff8186fd41f]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x2fda [0x10271cfda]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x68fdc [0x102782fdc]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x68c00 [0x102782c00]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x7d531 [0x102797531]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x53783 [0x10276d783]
+ 2519 _dispatch_group_wait_slow (in libdispatch.dylib) + 43 [0x7ff8188b6aef]
+ 2519 _dlock_wait (in libdispatch.dylib) + 45 [0x7ff8188b6849]
+ 2519 __ulock_wait (in libsystem_kernel.dylib) + 10 [0x7ff818a19cce]
2519 Thread_205926
2519 start_wqthread (in libsystem_pthread.dylib) + 15 [0x7ff818a52bbf]
2519 _pthread_wqthread (in libsystem_pthread.dylib) + 427 [0x7ff818a53cb9]
2519 __workq_kernreturn (in libsystem_kernel.dylib) + 10 [0x7ff818a19c3e]
Whole quantity in stack (recursive counted a number of, when >=5):
Type by high of stack, identical collapsed (when >= 5):
__ulock_wait (in libsystem_kernel.dylib) 2519
__workq_kernreturn (in libsystem_kernel.dylib) 2519
Extra of the pattern right here
