I just lately up to date my 2017 MBP to Ventura. Ever since, my system has been working very poorly
I’ve famous that 90% of the time, when it’s appearing up, there’s an XProtectRemediatorSnowBeagle course of taking over 2.01 GB of RAM – persistently. It doesn’t go away, and force-quitting solely works perhaps half the time. Making an attempt to kill it from terminal typically fails as effectively, with some variant of “Operation Not Permitted”
It is often a root-owned course of. At the least as soon as, there’s been a second copy of it, taking over one other 2.01 GB of RAM, owned by the energetic consumer account
Different remediators, like XProtectRemediatorAdload, appear to run usually – they rise up to one thing like 1.5 GB of RAM, after which end what they’re doing and stop. This one would not. It simply sticks round in RAM
Sampling it in Exercise Monitor exhibits a name graph held on a _dispatch_group_wait_slow -> _dlock_wait -> __ulock_wait. I can not discover any suspicious information open with lsof
I have never tried a contemporary set up but. I am hoping to keep away from it, because it’s all the time a nightmare to get the whole lot configured how I would like it once more. I would actually favor to diagnose what’s inflicting it to hold, and eliminate that… or reinstall XProtect, if that is a factor… or simply disable it altogether, tbh, as I am fairly assured in my capacity to keep away from malware alone – however I can not determine find out how to do any of that
Any concepts? I’ve tried an SMC reset, NVRAM / PRAM reset, disabling csrutil… no cube.
Uncooked logs under
dtruss:
SYSCALL(args) = return
bsdthread_ctl(0x100, 0x800004FF, 0xFFFFFFFF) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310B) = 0 0
kevent_id(0x7FCF9BF68EF0, 0x700000F3F338, 0x1) = 0 0
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x700000F3F5B0, 0x1) = 0 0
thread_selfid(0x0, 0x0, 0x0) = 233467 0
bsdthread_ctl(0x100, 0x0, 0x310B) = 0 0
workq_kernreturn(0x100, 0x700000DB6B80, 0x1) = 0 Err#-2
bsdthread_ctl(0x100, 0x800004FF, 0xFFFFFFFF) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
workq_kernreturn(0x20, 0x0, 0x1) = 0 0
workq_kernreturn(0x40, 0x700000F3FB80, 0x0) = 0 Err#-2
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x700000DB66A0, 0x1) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
kevent_id(0x7FCF9BF66FC0, 0x700000F3F918, 0x1) = 0 0
workq_kernreturn(0x40, 0x700000DB6B80, 0x0) = 0 Err#-2
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
madvise(0x7FD056009000, 0x1000, 0x7) = 0 0
psynch_cvbroad(0x7FD055008F68, 0xC0000000D00, 0xC0000000100) = 257 0
psynch_cvwait(0x7FD055008F68, 0xC0100000D00, 0xC00) = 0 0
ulock_wake(0x1000002, 0x102867E00, 0x0) = 0 0
ulock_wait(0x1050002, 0x102867E00, 0x3312) = 0 0
workq_kernreturn(0x100, 0x700000DB6B80, 0x1) = 0 Err#-2
__disable_threadsignal(0x1, 0x0, 0x0) = 0 0
madvise(0x7FD05600B000, 0x1000, 0x7) = 0 0
workq_kernreturn(0x4, 0x0, 0x0) = 0 Err#-2
Exercise Monitor Pattern:
Evaluation of sampling XProtectRemediatorSnowBeagle (pid 4878) each 1 millisecond
Course of: XProtectRemediatorSnowBeagle [4878]
Path: /Library/Apple/*/XProtect.app/Contents/MacOS/XProtectRemediatorSnowBeagle
Load Handle: 0x10271a000
Identifier: XProtectRemediatorSnowBeagle
Model: 126
Code Sort: X86-64
Platform: macOS
Mum or dad Course of: XProtectPluginService [395]
Date/Time: 2024-02-21 18:35:09.954 -0500
Launch Time: 2024-02-21 18:11:30.241 -0500
OS Model: macOS 13.6.4 (22G513)
Report Model: 7
Evaluation Instrument: /usr/bin/pattern
Bodily footprint: 2.0G
Bodily footprint (peak): 2.4G
Idle exit: untracked
----
Name graph:
2519 Thread_204892 DispatchQueue_1: com.apple.main-thread (serial)
+ 2519 begin (in dyld) + 1903 [0x7ff8186fd41f]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x2fda [0x10271cfda]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x68fdc [0x102782fdc]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x68c00 [0x102782c00]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x7d531 [0x102797531]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x53783 [0x10276d783]
+ 2519 _dispatch_group_wait_slow (in libdispatch.dylib) + 43 [0x7ff8188b6aef]
+ 2519 _dlock_wait (in libdispatch.dylib) + 45 [0x7ff8188b6849]
+ 2519 __ulock_wait (in libsystem_kernel.dylib) + 10 [0x7ff818a19cce]
2519 Thread_205926
2519 start_wqthread (in libsystem_pthread.dylib) + 15 [0x7ff818a52bbf]
2519 _pthread_wqthread (in libsystem_pthread.dylib) + 427 [0x7ff818a53cb9]
2519 __workq_kernreturn (in libsystem_kernel.dylib) + 10 [0x7ff818a19c3e]
Whole quantity in stack (recursive counted a number of, when >=5):
Kind by high of stack, identical collapsed (when >= 5):
__ulock_wait (in libsystem_kernel.dylib) 2519
__workq_kernreturn (in libsystem_kernel.dylib) 2519
Extra of the pattern right here
