I lately up to date my 2017 MBP to Ventura. Ever since, my system has been operating very poorly
I’ve famous that 90% of the time, when it’s appearing up, there’s an XProtectRemediatorSnowBeagle course of taking over 2.01 GB of RAM – persistently. It doesn’t go away, and force-quitting solely works possibly half the time. Making an attempt to kill it from terminal usually fails as properly, with some variant of “Operation Not Permitted”
It is normally a root-owned course of. Not less than as soon as, there’s been a second copy of it, taking over one other 2.01 GB of RAM, owned by the energetic consumer account
Different remediators, like XProtectRemediatorAdload, appear to run usually – they rise up to one thing like 1.5 GB of RAM, after which end what they’re doing and give up. This one would not. It simply sticks round in RAM
Sampling it in Exercise Monitor exhibits a name graph held on a _dispatch_group_wait_slow -> _dlock_wait -> __ulock_wait. I am unable to discover any suspicious recordsdata open with lsof
I have not tried a contemporary set up but. I am hoping to keep away from it, because it’s at all times a nightmare to get all the pieces configured how I would like it once more. I might actually want to diagnose what’s inflicting it to hold, and do away with that… or reinstall XProtect, if that is a factor… or simply disable it altogether, tbh, as I am fairly assured in my potential to keep away from malware alone – however I am unable to determine how you can do any of that
Any concepts? I’ve tried an SMC reset, NVRAM / PRAM reset, disabling csrutil… no cube.
Uncooked logs beneath
dtruss:
SYSCALL(args) = return
bsdthread_ctl(0x100, 0x800004FF, 0xFFFFFFFF) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310B) = 0 0
kevent_id(0x7FCF9BF68EF0, 0x700000F3F338, 0x1) = 0 0
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x700000F3F5B0, 0x1) = 0 0
thread_selfid(0x0, 0x0, 0x0) = 233467 0
bsdthread_ctl(0x100, 0x0, 0x310B) = 0 0
workq_kernreturn(0x100, 0x700000DB6B80, 0x1) = 0 Err#-2
bsdthread_ctl(0x100, 0x800004FF, 0xFFFFFFFF) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
workq_kernreturn(0x20, 0x0, 0x1) = 0 0
workq_kernreturn(0x40, 0x700000F3FB80, 0x0) = 0 Err#-2
kevent_qos(0xFFFFFFFFFFFFFFFF, 0x700000DB66A0, 0x1) = 0 0
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
kevent_id(0x7FCF9BF66FC0, 0x700000F3F918, 0x1) = 0 0
workq_kernreturn(0x40, 0x700000DB6B80, 0x0) = 0 Err#-2
bsdthread_ctl(0x100, 0x0, 0x310F) = 0 0
madvise(0x7FD056009000, 0x1000, 0x7) = 0 0
psynch_cvbroad(0x7FD055008F68, 0xC0000000D00, 0xC0000000100) = 257 0
psynch_cvwait(0x7FD055008F68, 0xC0100000D00, 0xC00) = 0 0
ulock_wake(0x1000002, 0x102867E00, 0x0) = 0 0
ulock_wait(0x1050002, 0x102867E00, 0x3312) = 0 0
workq_kernreturn(0x100, 0x700000DB6B80, 0x1) = 0 Err#-2
__disable_threadsignal(0x1, 0x0, 0x0) = 0 0
madvise(0x7FD05600B000, 0x1000, 0x7) = 0 0
workq_kernreturn(0x4, 0x0, 0x0) = 0 Err#-2
Exercise Monitor Pattern:
Evaluation of sampling XProtectRemediatorSnowBeagle (pid 4878) each 1 millisecond
Course of: XProtectRemediatorSnowBeagle [4878]
Path: /Library/Apple/*/XProtect.app/Contents/MacOS/XProtectRemediatorSnowBeagle
Load Tackle: 0x10271a000
Identifier: XProtectRemediatorSnowBeagle
Model: 126
Code Sort: X86-64
Platform: macOS
Guardian Course of: XProtectPluginService [395]
Date/Time: 2024-02-21 18:35:09.954 -0500
Launch Time: 2024-02-21 18:11:30.241 -0500
OS Model: macOS 13.6.4 (22G513)
Report Model: 7
Evaluation Instrument: /usr/bin/pattern
Bodily footprint: 2.0G
Bodily footprint (peak): 2.4G
Idle exit: untracked
----
Name graph:
2519 Thread_204892 DispatchQueue_1: com.apple.main-thread (serial)
+ 2519 begin (in dyld) + 1903 [0x7ff8186fd41f]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load handle 0x10271a000 + 0x2fda [0x10271cfda]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load handle 0x10271a000 + 0x68fdc [0x102782fdc]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load handle 0x10271a000 + 0x68c00 [0x102782c00]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load handle 0x10271a000 + 0x7d531 [0x102797531]
+ 2519 ??? (in XProtectRemediatorSnowBeagle) load handle 0x10271a000 + 0x53783 [0x10276d783]
+ 2519 _dispatch_group_wait_slow (in libdispatch.dylib) + 43 [0x7ff8188b6aef]
+ 2519 _dlock_wait (in libdispatch.dylib) + 45 [0x7ff8188b6849]
+ 2519 __ulock_wait (in libsystem_kernel.dylib) + 10 [0x7ff818a19cce]
2519 Thread_205926
2519 start_wqthread (in libsystem_pthread.dylib) + 15 [0x7ff818a52bbf]
2519 _pthread_wqthread (in libsystem_pthread.dylib) + 427 [0x7ff818a53cb9]
2519 __workq_kernreturn (in libsystem_kernel.dylib) + 10 [0x7ff818a19c3e]
Whole quantity in stack (recursive counted a number of, when >=5):
Kind by high of stack, similar collapsed (when >= 5):
__ulock_wait (in libsystem_kernel.dylib) 2519
__workq_kernreturn (in libsystem_kernel.dylib) 2519
Extra of the pattern right here