Xfence and MacOS Mojave - reported crashes
Hi XFence devs, I'm running XFence 1.8.88 and MacOS Mojave 18A391 and noticed a repeated amount of OS crashes since 2 days ago (approx 10-15+ crashes). Here is a sample panic report if it can provide any help. Thank you!
Anonymous UUID: 7730D407-C530-DAA4-2233-37169AA8E92B Wed Oct 3 22:05:31 2018 *** Panic Report *** panic(cpu 1 caller 0xffffff800d8d87bd): Kernel trap at 0xffffff800d7c071a, type 14=page fault, registers: CR0: 0x000000008001003b, CR2: 0x00000000011f0000, CR3: 0x00000001f8c7e17d, CR4: 0x00000000003626e0 RAX: 0x0000000000000007, RBX: 0x0000000000000000, RCX: 0x0000000000000020, RDX: 0xffffff7f8e267b39 RSP: 0xffffff811034b9e0, RBP: 0xffffff811034bab0, RSI: 0x000000000000000a, RDI: 0x0000000000000073 R8: 0x0000000000000000, R9: 0x00000000011f0000, R10: 0x0000000000000000, R11: 0x0000000000000000 R12: 0x000000007fffffff, R13: 0x0000000000000000, R14: 0x0000000000000007, R15: 0x0000000000000000 RFL: 0x0000000000010246, RIP: 0xffffff800d7c071a, CS: 0x0000000000000008, SS: 0x0000000000000000 Fault CR2: 0x00000000011f0000, Error code: 0x0000000000000000, Fault CPU: 0x1, PL: 0, VF: 1 Backtrace (CPU 1), Frame : Return Address 0xffffff811034b4b0 : 0xffffff800d7aca1d 0xffffff811034b500 : 0xffffff800d8e6b13 0xffffff811034b540 : 0xffffff800d8d859a 0xffffff811034b5b0 : 0xffffff800d759ca0 0xffffff811034b5d0 : 0xffffff800d7ac437 0xffffff811034b6f0 : 0xffffff800d7ac283 0xffffff811034b760 : 0xffffff800d8d87bd 0xffffff811034b8d0 : 0xffffff800d759ca0 0xffffff811034b8f0 : 0xffffff800d7c071a 0xffffff811034bab0 : 0xffffff800dcec5bb 0xffffff811034bb20 : 0xffffff7f8e25fa6f 0xffffff811034bf50 : 0xffffff800dee662d 0xffffff811034bf80 : 0xffffff800d7d567e 0xffffff811034bfa0 : 0xffffff800d7590ce Kernel Extensions in backtrace: com.fsecure.XFENCE(1.8.88)[83DEF05D-E416-322C-871A-55308708CB27]@0xffffff7f8e25e000->0xffffff7f8e269fff BSD process name corresponding to current thread: sed Mac OS version: 18A391 Kernel version: Darwin Kernel Version 18.0.0: Wed Aug 22 20:13:40 PDT 2018; root:xnu-4903.201.2~1/RELEASE_X86_64 Kernel UUID: DF83AD37-501E-3B4F-B1F0-04F3AC90FE35 Kernel slide: 0x000000000d400000 Kernel text base: 0xffffff800d600000 __HIB text base: 0xffffff800d500000 System model name: MacBookPro12,1 (Mac-E43C1C25D4880AD6) System uptime in nanoseconds: 1470115917100 last loaded kext at 1413753318874: com.apple.driver.AppleUSBAudio 314.28 (addr 0xffffff7f90f67000, size 413696) last unloaded kext at 396500468921: com.apple.driver.AppleIntelLpssI2C 3.0.60 (addr 0xffffff7f8eb68000, size 40960) loaded kexts: com.github.kbfuse.filesystems.kbfuse 3.8.2 com.sophos.kext.oas 9.7.0 com.sophos.nke.swi 9.7.0 com.intel.driver.EnergyDriver 2.0 at.obdev.nke.LittleSnitch 5204 com.fsecure.XFENCE 1.8.88 com.apple.driver.AudioAUUC 1.70 com.apple.fileutil 1 com.apple.driver.AppleHWSensor 1.9.5d0 com.apple.filesystems.autofs 3.0 com.apple.driver.AppleUpstreamUserClient 3.6.5 com.apple.driver.AppleHDA 282.10 com.apple.driver.AGPM 110.23.41 com.apple.driver.ApplePlatformEnabler 2.7.0d0 com.apple.driver.X86PlatformShim 1.0.0 com.apple.driver.AppleGraphicsDevicePolicy 3.22.18 com.apple.AGDCPluginDisplayMetrics 3.22.9 com.apple.driver.AppleHV 1 com.apple.iokit.IOUserEthernet 1.0.1 com.apple.driver.AppleIntelBDWGraphics 12.0.0 com.apple.iokit.IOBluetoothSerialManager 6.0.8f6 com.apple.driver.pmtelemetry 1 com.apple.Dont_Steal_Mac_OS_X 7.0.0 com.apple.driver.AppleIntelBDWGraphicsFramebuffer 12.0.0 com.apple.driver.AppleIntelSlowAdaptiveClocking 4.0.0 com.apple.driver.eficheck 1 com.apple.driver.AppleThunderboltIP 3.1.2 com.apple.iokit.BroadcomBluetooth20703USBTransport 6.0.8f6 com.apple.driver.AppleLPC 3.1 com.apple.driver.AppleOSXWatchdog 1 com.apple.driver.AppleSMCLMU 212 com.apple.driver.AppleCameraInterface 6.7.0 com.apple.driver.AppleBacklight 170.12.11 com.apple.driver.AppleMCCSControl 1.5.7 com.apple.driver.AppleUSBCardReader 456.200.8 com.apple.filesystems.hfs.kext 407.200.4 com.apple.AppleFSCompression.AppleFSCompressionTypeDataless 1.0.0d1 com.apple.BootCache 40 com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0 com.apple.AppleSystemPolicy 1.0 com.apple.filesystems.apfs 945.200.129 com.apple.driver.AppleAHCIPort 329.200.2 com.apple.driver.AppleTopCaseHIDEventDriver 138 com.apple.driver.AirPort.BrcmNIC 1400.1.1 com.apple.driver.AppleSmartBatteryManager 161.0.0 com.apple.driver.AppleRTC 2.0 com.apple.driver.AppleACPIButtons 6.1 com.apple.driver.AppleHPET 1.8 com.apple.driver.AppleSMBIOS 2.1 com.apple.driver.AppleACPIEC 6.1 com.apple.driver.AppleAPIC 1.7 com.apple.nke.applicationfirewall 190 com.apple.security.TMSafetyNet 8 com.apple.driver.AppleUSBAudio 314.28 com.apple.driver.usb.IOUSBHostHIDDevice 1.2 com.apple.driver.usb.cdc 5.0.0 com.apple.driver.usb.AppleUSBHostCompositeDevice 1.2 com.apple.kext.triggers 1.0 com.apple.driver.DspFuncLib 282.10 com.apple.kext.OSvKernDSPLib 527 com.apple.driver.AppleGraphicsControl 3.22.18 com.apple.iokit.IOAVBFamily 700.6 com.apple.plugin.IOgPTPPlugin 700.7 com.apple.iokit.IOEthernetAVBController 1.1.0 com.apple.driver.AppleSSE 1.0 com.apple.iokit.IOSerialFamily 11 com.apple.AppleGPUWrangler 3.22.9 com.apple.iokit.IOAcceleratorFamily2 400.24 com.apple.iokit.IOSurface 255.1 com.apple.iokit.IOSlowAdaptiveClockingFamily 1.0.0 com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport 6.0.8f6 com.apple.iokit.IOBluetoothHostControllerUSBTransport 6.0.8f6 com.apple.iokit.IOBluetoothHostControllerTransport 6.0.8f6 com.apple.driver.AppleHDAController 282.10 com.apple.iokit.IOHDAFamily 282.10 com.apple.driver.X86PlatformPlugin 1.0.0 com.apple.driver.IOPlatformPluginFamily 6.0.0d8 com.apple.AppleGraphicsDeviceControl 3.22.18 com.apple.driver.AppleBacklightExpert 1.1.0 com.apple.iokit.IONDRVSupport 530 com.apple.driver.AppleSMBusController 1.0.18d1 com.apple.iokit.IOGraphicsFamily 530.9 com.apple.iokit.IOAudioFamily 206.5 com.apple.vecLib.kext 1.2.0 com.apple.driver.usb.networking 5.0.0 com.apple.filesystems.hfs.encodings.kext 1 com.apple.iokit.IOAHCIBlockStorage 301.200.2 com.apple.driver.AppleThunderboltDPInAdapter 5.5.7 com.apple.driver.AppleThunderboltDPAdapterFamily 5.5.7 com.apple.driver.AppleThunderboltPCIDownAdapter 2.1.4 com.apple.iokit.IOAHCIFamily 288 com.apple.driver.AppleActuatorDriver 2400.15 com.apple.driver.AppleHIDKeyboard 208 com.apple.driver.AppleHSBluetoothDriver 138 com.apple.driver.IOBluetoothHIDDriver 6.0.8f6 com.apple.iokit.IOBluetoothFamily 6.0.8f6 com.apple.driver.AppleMultitouchDriver 2400.15 com.apple.driver.AppleInputDeviceSupport 2400.7 com.apple.driver.AppleHSSPIHIDDriver 55 com.apple.driver.AppleThunderboltNHI 4.7.5 com.apple.iokit.IOThunderboltFamily 6.8.1 com.apple.iokit.IO80211Family 1200.12.2 com.apple.driver.mDNSOffloadUserClient 1.0.1b8 com.apple.driver.corecapture 1.0.4 com.apple.driver.AppleHSSPISupport 55 com.apple.driver.AppleIntelLpssSpiController 3.0.60 com.apple.driver.AppleIntelLpssGspi 3.0.60 com.apple.driver.AppleIntelLpssDmac 3.0.60 com.apple.driver.usb.AppleUSBXHCIPCI 1.2 com.apple.driver.usb.AppleUSBXHCI 1.2 com.apple.driver.usb.AppleUSBHostPacketFilter 1.0 com.apple.iokit.IOUSBFamily 900.4.2 com.apple.driver.AppleUSBHostMergeProperties 1.2 com.apple.driver.AppleEFINVRAM 2.1 com.apple.driver.AppleEFIRuntime 2.1 com.apple.iokit.IOSMBusFamily 1.1 com.apple.iokit.IOHIDFamily 2.0.0 com.apple.security.quarantine 3 com.apple.security.sandbox 300.0 com.apple.kext.AppleMatch 1.0.0d1 com.apple.driver.DiskImages 493.0.0 com.apple.driver.AppleFDEKeyStore 28.30 com.apple.driver.AppleEffaceableStorage 1.0 com.apple.driver.AppleKeyStore 2 com.apple.driver.AppleUSBTDM 456.200.8 com.apple.driver.AppleMobileFileIntegrity 1.0.5 com.apple.kext.CoreTrust 1 com.apple.iokit.IOUSBMassStorageDriver 145.200.2 com.apple.iokit.IOSCSIBlockCommandsDevice 408.200.1 com.apple.iokit.IOSCSIArchitectureModelFamily 408.200.1 com.apple.iokit.IOStorageFamily 2.1 com.apple.driver.AppleCredentialManager 1.0 com.apple.driver.KernelRelayHost 1 com.apple.iokit.IOUSBHostFamily 1.2 com.apple.driver.usb.AppleUSBCommon 1.0 com.apple.driver.AppleBusPowerController 1.0 com.apple.driver.AppleSEPManager 1.0.1 com.apple.driver.IOSlaveProcessor 1 com.apple.iokit.IOReportFamily 47 com.apple.iokit.IOTimeSyncFamily 700.7 com.apple.iokit.IONetworkingFamily 3.4 com.apple.driver.AppleACPIPlatform 6.1 com.apple.driver.AppleSMC 3.1.9 com.apple.iokit.IOPCIFamily 2.9 com.apple.iokit.IOACPIFamily 1.4 com.apple.kec.pthread 1 com.apple.kec.corecrypto 1.0 com.apple.kec.Libm 1 EOF Model: MacBookPro12,1, BootROM MBP121.0177.B00, 2 processors, Intel Core i5, 2,7 GHz, 8 GB, SMC 2.28f7 Graphics: Intel Iris Graphics 6100, Intel Iris Graphics 6100, Built-In Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1867 MHz, 0x80CE, 0x4B3445364533303445452D45474346000000 Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1867 MHz, 0x80CE, 0x4B3445364533303445452D45474346000000 AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x133), Broadcom BCM43xx 1.0 (7.77.61.1 AirPortDriverBrcmNIC-1305.2) Bluetooth: Version 6.0.8f6, 3 services, 27 devices, 1 incoming serial ports Serial ATA Device: APPLE SSD SM0128G, 121,33 GB USB Device: USB 3.0 Bus USB Device: Bluetooth USB Host Controller Thunderbolt Bus: MacBook Pro, Apple Inc., 27.1
Comments
-
-
I have yet to do this (very busy and juggling with a ton of things) but wonder if it can't be related to how Mojave handles disk permissions. Backblaze for example asked users to do a mandatory upgrade and to explicitly grant full disk access permissions to their app: https://help.backblaze.com/hc/en-us/articles/360009644134-Upgrading-to-Mojave-Read-This-First-
-
-
I've also reported it as bug/critical incompatibility a couple of days ago.
However, I strongly believe that XFence is dead as Mr. Zdziarski is now working at Apple and regardles of the fact that F-Secure bought it from him to gain access to it's technologies to be able to implement them into their endpoint sec. products, Apple is "replaceing" XFence's features balanced with usability (and of course, because of that with significant limitations) built into the latest v. of macOS.
-
I came to the same conclusion as you and @matijak. I did report the bug, but there has been no new version released, and seeing the implementation of a function (albeit still very basic) in iOS Mojave about permissions for full disk access, combined with the hiring of the original Little Flocker dev, is a sign of things to come.
The crashes have continued unabashed; even when disabling XFence I had some reboots where it was enabled again. I ultimately had to remove XFence as this was starting to hurt my productivity in a bad way. I'm concerned I don't have this protection layer anymore, but I've got work to do.
-
Apple has indeed implemented features with (limited) user control accessible under Settings>Privacy.
They’ve implemented app protecting features available to developers as well. F-Secure has to consider using it instead of relaing on their own technologies to avoid such incompatibility issues afer upgrades have been made in production environments.
-
-
-
-
-
I have same issue - but my MacBook pro will crash *every time* after system start-up.
On my case, the issue started with me enabling the XFENCE on Computer Protection for Mac version 17.2. On macOS 10.13 High Sierra.
As I was unable to use my computer, I restored the system from Time Machine backup.
Then shortly afterwards, a notification of update for Computer Protection for Mac started to pop up.
Once I installed the update, the crash returned - without me enabling the XFENCE! (The crashes were accompanied with multiple XFENCE dialogs where various [apparently] system components requested access to various system files.)
The same issue persisted after updating the macOS to 10.14 Mojave, as well as the latest OS update 10.14.1.
A support case has been created. I was instructed by F-Secure support specialist to remove the XFENCE.kext in Single User Mode, after updating the Computer Protection.
I did that, but it DID NOT clear this problem. Computer Protection for Mac updated from version 17.2 to the current one, with XFENCE.kext deleted from /Library/Extensions, still causes my Mac to crash right after start-up, before login.
Full system restore from Time Machine, restoring the Computer Protection to version 17.2, is the only way out. -
Integrated into the latest macOS? Only a small subset, to be sure. I really want to have XFence back up and running. Without it, I lose a ton of security.
I wish they'd release a supported version of it already. I'm happy to plunk down cold hard cash to keep this running on my machine.
-
And to reply myself: I found a solution. It is presented in my post under another topic .
I'll repeat it here for your convenience:
===
I have found a tested and working solution for those, who cannot remove XFENCE.kext from /Library/StagedExtensions/Library/Extensions/ - even via Single User mode:
Delete the actual kext from /Library/Extensions/ first, then run "KextWizard" (downloadable at https://mac.softpedia.com/get/Utilities/Kext-Wizard.shtml) and enable both checkmarks under "System/Library/Extension, i.e. "Repair permission" and Rebuild cache" - then click "Execute".
This removes the stubborn XFENCE.kext from the cache (that /Library/StagedExtensions/Library/Extensions/ actually is) and keeps it from being activated over and over again.
=== -
I strongly believe that XFence is dead as Mr. Zdziarski is now working at Apple and regardless of the fact that F-Secure bought it from him to gain access to its technologies to be able to implement them into their endpoint sec. products, Apple is "replacing" XFence's features balanced with usability (and of course, because of that with significant limitations) built into the latest v. of macOS.