Restarting XFENCEDaemon without rebooting the machine
I have XFENCE on a remote machine I can't reboot and XFENCEDaemon was accidentally killed. How do I restart it properly to regain control over XFENCE? I cannot reboot the machine right now as it won't come up without a FileVault password
pajp Posts: 93 F-Secure Employee
as a security measure, the XFENCE kernel extension will not let XFENCEDaemon reconnect if it is killed. In theory you can unload the XFENCE kernel extension if XFENCE is disabled and no process has an active client session to the kernel session. Thus if XFENCE is disabled (or you manage to disable it from the UI) you may be able to do the following from a Terminal:
launchctl unload /Library/LaunchAgents/com.fsecure.XFENCEUserAgent.plist
sudo kextunload -b com.fsecure.XFENCE
The XFENCEDaemon should then restart within 10 seconds and re-load the kext. You can then reload the UI process by doing "launchctl load /Library/LaunchAgents/com.fsecure.XFENCEUserAgent.plist.
BUT here's the catch: even if you do manage to restart XFENCE this way, XFENCE does not work properly if it's not loaded immediately at system boot (it's designed to run before any processes are launched). In this state you can enable and disable XFENCE and change settings, but it will not be able to properly identify your processes, and as such most of your rules will probably not work. So I don't know how much help this is to you.
Your safest bet is to reboot to get XFENCE into a working state.
F-Secure R&D, Mac Team6 1Like
I see. Thanks for the info. I ended finding out a way to restart the machine remotely "sudo fdesetup authrestart"
Thanks for the detailed info though on how it works. I'm looking forward to seeing it start to get updates. (Especially since 10.14 is going to come soon)0 Like