I lately up to date my 2017 MBP to Ventura. Ever since, my system has been operating very poorly
I’ve famous that 90% of the time, when it’s performing up, there’s an XProtectRemediatorSnowBeagle course of taking over 2.01 GB of RAM – persistently. It doesn’t go away, and force-quitting solely works perhaps half the time. Making an attempt to kill it from terminal typically fails as nicely, with some variant of “Operation Not Permitted”
It is often a root-owned course of. A minimum of as soon as, there’s been a second copy of it, taking over one other 2.01 GB of RAM, owned by the energetic consumer account
Different remediators, like XProtectRemediatorAdload, appear to run usually – they rise up to one thing like 1.5 GB of RAM, after which end what they’re doing and stop. This one does not. It simply sticks round in RAM
Sampling it in Exercise Monitor exhibits a name graph held on a _dispatch_group_wait_slow -> _dlock_wait -> __ulock_wait. I am unable to discover any suspicious information open with lsof
I have never tried a recent set up but. I am hoping to keep away from it, because it’s all the time a nightmare to get every part configured how I need it once more. I would actually choose to diagnose what’s inflicting it to hold, and eliminate that… or reinstall XProtect, if that is a factor… or simply disable it altogether, tbh, as I am fairly assured in my capacity to keep away from malware by myself – however I am unable to determine how one can do any of that
Any concepts? I’ve tried an SMC reset, NVRAM / PRAM reset, disabling csrutil… no cube.
Uncooked logs beneath
dtruss:
SYSCALL(args) = return
bsdthread_ctl(0x100, 0x800004FF, 0xFFFFFFFF) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310B) = 0 0
kevent_id(0x7FCF9BF68EF0, 0x700000F3F338, 0x1) = 0 0
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x700000F3F5B0, 0x1) = 0 0
thread_selfid(0x0, 0x0, 0x0) = 233467 0
bsdthread_ctl(0x100, 0x0, 0x310B) = 0 0
workq_kernreturn(0x100, 0x700000DB6B80, 0x1) = 0 Err#-2
bsdthread_ctl(0x100, 0x800004FF, 0xFFFFFFFF) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
workq_kernreturn(0x20, 0x0, 0x1) = 0 0
workq_kernreturn(0x40, 0x700000F3FB80, 0x0) = 0 Err#-2
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x700000DB66A0, 0x1) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
kevent_id(0x7FCF9BF66FC0, 0x700000F3F918, 0x1) = 0 0
workq_kernreturn(0x40, 0x700000DB6B80, 0x0) = 0 Err#-2
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
madvise(0x7FD056009000, 0x1000, 0x7) = 0 0
psynch_cvbroad(0x7FD055008F68, 0xC0000000D00, 0xC0000000100) = 257 0
psynch_cvwait(0x7FD055008F68, 0xC0100000D00, 0xC00) = 0 0
ulock_wake(0x1000002, 0x102867E00, 0x0) = 0 0
ulock_wait(0x1050002, 0x102867E00, 0x3312) = 0 0
workq_kernreturn(0x100, 0x700000DB6B80, 0x1) = 0 Err#-2
__disable_threadsignal(0x1, 0x0, 0x0) = 0 0
madvise(0x7FD05600B000, 0x1000, 0x7) = 0 0
workq_kernreturn(0x4, 0x0, 0x0) = 0 Err#-2
Exercise Monitor Pattern:
Evaluation of sampling XProtectRemediatorSnowBeagle (pid 4878) each 1 millisecond
Course of: XProtectRemediatorSnowBeagle [4878]
Path: /Library/Apple/*/XProtect.app/Contents/MacOS/XProtectRemediatorSnowBeagle
Load Deal with: 0x10271a000
Identifier: XProtectRemediatorSnowBeagle
Model: 126
Code Kind: X86-64
Platform: macOS
Mother or father Course of: XProtectPluginService [395]
Date/Time: 2024-02-21 18:35:09.954 -0500
Launch Time: 2024-02-21 18:11:30.241 -0500
OS Model: macOS 13.6.4 (22G513)
Report Model: 7
Evaluation Software: /usr/bin/pattern
Bodily footprint: 2.0G
Bodily footprint (peak): 2.4G
Idle exit: untracked
----
Name graph:
2519 Thread_204892 DispatchQueue_1: com.apple.main-thread (serial)
+ 2519 begin (in dyld) + 1903 [0x7ff8186fd41f]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x2fda [0x10271cfda]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x68fdc [0x102782fdc]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x68c00 [0x102782c00]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x7d531 [0x102797531]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load tackle 0x10271a000 + 0x53783 [0x10276d783]
+ 2519 _dispatch_group_wait_slow (in libdispatch.dylib) + 43 [0x7ff8188b6aef]
+ 2519 _dlock_wait (in libdispatch.dylib) + 45 [0x7ff8188b6849]
+ 2519 __ulock_wait (in libsystem_kernel.dylib) + 10 [0x7ff818a19cce]
2519 Thread_205926
2519 start_wqthread (in libsystem_pthread.dylib) + 15 [0x7ff818a52bbf]
2519 _pthread_wqthread (in libsystem_pthread.dylib) + 427 [0x7ff818a53cb9]
2519 __workq_kernreturn (in libsystem_kernel.dylib) + 10 [0x7ff818a19c3e]
Complete quantity in stack (recursive counted a number of, when >=5):
Kind by high of stack, identical collapsed (when >= 5):
__ulock_wait (in libsystem_kernel.dylib) 2519
__workq_kernreturn (in libsystem_kernel.dylib) 2519
Extra of the pattern right here
