Xfence and MacOS Mojave - reported crashes
Hi XFence devs, I'm running XFence 1.8.88 and MacOS Mojave 18A391 and noticed a repeated amount of OS crashes since 2 days ago (approx 10-15+ crashes). Here is a sample panic report if it can provide any help. Thank you!
Anonymous UUID: 7730D407-C530-DAA4-2233-37169AA8E92B
Wed Oct 3 22:05:31 2018
*** Panic Report ***
panic(cpu 1 caller 0xffffff800d8d87bd): Kernel trap at 0xffffff800d7c071a, type 14=page fault, registers:
CR0: 0x000000008001003b, CR2: 0x00000000011f0000, CR3: 0x00000001f8c7e17d, CR4: 0x00000000003626e0
RAX: 0x0000000000000007, RBX: 0x0000000000000000, RCX: 0x0000000000000020, RDX: 0xffffff7f8e267b39
RSP: 0xffffff811034b9e0, RBP: 0xffffff811034bab0, RSI: 0x000000000000000a, RDI: 0x0000000000000073
R8: 0x0000000000000000, R9: 0x00000000011f0000, R10: 0x0000000000000000, R11: 0x0000000000000000
R12: 0x000000007fffffff, R13: 0x0000000000000000, R14: 0x0000000000000007, R15: 0x0000000000000000
RFL: 0x0000000000010246, RIP: 0xffffff800d7c071a, CS: 0x0000000000000008, SS: 0x0000000000000000
Fault CR2: 0x00000000011f0000, Error code: 0x0000000000000000, Fault CPU: 0x1, PL: 0, VF: 1
Backtrace (CPU 1), Frame : Return Address
0xffffff811034b4b0 : 0xffffff800d7aca1d
0xffffff811034b500 : 0xffffff800d8e6b13
0xffffff811034b540 : 0xffffff800d8d859a
0xffffff811034b5b0 : 0xffffff800d759ca0
0xffffff811034b5d0 : 0xffffff800d7ac437
0xffffff811034b6f0 : 0xffffff800d7ac283
0xffffff811034b760 : 0xffffff800d8d87bd
0xffffff811034b8d0 : 0xffffff800d759ca0
0xffffff811034b8f0 : 0xffffff800d7c071a
0xffffff811034bab0 : 0xffffff800dcec5bb
0xffffff811034bb20 : 0xffffff7f8e25fa6f
0xffffff811034bf50 : 0xffffff800dee662d
0xffffff811034bf80 : 0xffffff800d7d567e
0xffffff811034bfa0 : 0xffffff800d7590ce
Kernel Extensions in backtrace:
com.fsecure.XFENCE(1.8.88)[83DEF05D-E416-322C-871A-55308708CB27]@0xffffff7f8e25e000->0xffffff7f8e269fff
BSD process name corresponding to current thread: sed
Mac OS version:
18A391
Kernel version:
Darwin Kernel Version 18.0.0: Wed Aug 22 20:13:40 PDT 2018; root:xnu-4903.201.2~1/RELEASE_X86_64
Kernel UUID: DF83AD37-501E-3B4F-B1F0-04F3AC90FE35
Kernel slide: 0x000000000d400000
Kernel text base: 0xffffff800d600000
__HIB text base: 0xffffff800d500000
System model name: MacBookPro12,1 (Mac-E43C1C25D4880AD6)
System uptime in nanoseconds: 1470115917100
last loaded kext at 1413753318874: com.apple.driver.AppleUSBAudio 314.28 (addr 0xffffff7f90f67000, size 413696)
last unloaded kext at 396500468921: com.apple.driver.AppleIntelLpssI2C 3.0.60 (addr 0xffffff7f8eb68000, size 40960)
loaded kexts:
com.github.kbfuse.filesystems.kbfuse 3.8.2
com.sophos.kext.oas 9.7.0
com.sophos.nke.swi 9.7.0
com.intel.driver.EnergyDriver 2.0
at.obdev.nke.LittleSnitch 5204
com.fsecure.XFENCE 1.8.88
com.apple.driver.AudioAUUC 1.70
com.apple.fileutil 1
com.apple.driver.AppleHWSensor 1.9.5d0
com.apple.filesystems.autofs 3.0
com.apple.driver.AppleUpstreamUserClient 3.6.5
com.apple.driver.AppleHDA 282.10
com.apple.driver.AGPM 110.23.41
com.apple.driver.ApplePlatformEnabler 2.7.0d0
com.apple.driver.X86PlatformShim 1.0.0
com.apple.driver.AppleGraphicsDevicePolicy 3.22.18
com.apple.AGDCPluginDisplayMetrics 3.22.9
com.apple.driver.AppleHV 1
com.apple.iokit.IOUserEthernet 1.0.1
com.apple.driver.AppleIntelBDWGraphics 12.0.0
com.apple.iokit.IOBluetoothSerialManager 6.0.8f6
com.apple.driver.pmtelemetry 1
com.apple.Dont_Steal_Mac_OS_X 7.0.0
com.apple.driver.AppleIntelBDWGraphicsFramebuffer 12.0.0
com.apple.driver.AppleIntelSlowAdaptiveClocking 4.0.0
com.apple.driver.eficheck 1
com.apple.driver.AppleThunderboltIP 3.1.2
com.apple.iokit.BroadcomBluetooth20703USBTransport 6.0.8f6
com.apple.driver.AppleLPC 3.1
com.apple.driver.AppleOSXWatchdog 1
com.apple.driver.AppleSMCLMU 212
com.apple.driver.AppleCameraInterface 6.7.0
com.apple.driver.AppleBacklight 170.12.11
com.apple.driver.AppleMCCSControl 1.5.7
com.apple.driver.AppleUSBCardReader 456.200.8
com.apple.filesystems.hfs.kext 407.200.4
com.apple.AppleFSCompression.AppleFSCompressionTypeDataless 1.0.0d1
com.apple.BootCache 40
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0
com.apple.AppleSystemPolicy 1.0
com.apple.filesystems.apfs 945.200.129
com.apple.driver.AppleAHCIPort 329.200.2
com.apple.driver.AppleTopCaseHIDEventDriver 138
com.apple.driver.AirPort.BrcmNIC 1400.1.1
com.apple.driver.AppleSmartBatteryManager 161.0.0
com.apple.driver.AppleRTC 2.0
com.apple.driver.AppleACPIButtons 6.1
com.apple.driver.AppleHPET 1.8
com.apple.driver.AppleSMBIOS 2.1
com.apple.driver.AppleACPIEC 6.1
com.apple.driver.AppleAPIC 1.7
com.apple.nke.applicationfirewall 190
com.apple.security.TMSafetyNet 8
com.apple.driver.AppleUSBAudio 314.28
com.apple.driver.usb.IOUSBHostHIDDevice 1.2
com.apple.driver.usb.cdc 5.0.0
com.apple.driver.usb.AppleUSBHostCompositeDevice 1.2
com.apple.kext.triggers 1.0
com.apple.driver.DspFuncLib 282.10
com.apple.kext.OSvKernDSPLib 527
com.apple.driver.AppleGraphicsControl 3.22.18
com.apple.iokit.IOAVBFamily 700.6
com.apple.plugin.IOgPTPPlugin 700.7
com.apple.iokit.IOEthernetAVBController 1.1.0
com.apple.driver.AppleSSE 1.0
com.apple.iokit.IOSerialFamily 11
com.apple.AppleGPUWrangler 3.22.9
com.apple.iokit.IOAcceleratorFamily2 400.24
com.apple.iokit.IOSurface 255.1
com.apple.iokit.IOSlowAdaptiveClockingFamily 1.0.0
com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport 6.0.8f6
com.apple.iokit.IOBluetoothHostControllerUSBTransport 6.0.8f6
com.apple.iokit.IOBluetoothHostControllerTransport 6.0.8f6
com.apple.driver.AppleHDAController 282.10
com.apple.iokit.IOHDAFamily 282.10
com.apple.driver.X86PlatformPlugin 1.0.0
com.apple.driver.IOPlatformPluginFamily 6.0.0d8
com.apple.AppleGraphicsDeviceControl 3.22.18
com.apple.driver.AppleBacklightExpert 1.1.0
com.apple.iokit.IONDRVSupport 530
com.apple.driver.AppleSMBusController 1.0.18d1
com.apple.iokit.IOGraphicsFamily 530.9
com.apple.iokit.IOAudioFamily 206.5
com.apple.vecLib.kext 1.2.0
com.apple.driver.usb.networking 5.0.0
com.apple.filesystems.hfs.encodings.kext 1
com.apple.iokit.IOAHCIBlockStorage 301.200.2
com.apple.driver.AppleThunderboltDPInAdapter 5.5.7
com.apple.driver.AppleThunderboltDPAdapterFamily 5.5.7
com.apple.driver.AppleThunderboltPCIDownAdapter 2.1.4
com.apple.iokit.IOAHCIFamily 288
com.apple.driver.AppleActuatorDriver 2400.15
com.apple.driver.AppleHIDKeyboard 208
com.apple.driver.AppleHSBluetoothDriver 138
com.apple.driver.IOBluetoothHIDDriver 6.0.8f6
com.apple.iokit.IOBluetoothFamily 6.0.8f6
com.apple.driver.AppleMultitouchDriver 2400.15
com.apple.driver.AppleInputDeviceSupport 2400.7
com.apple.driver.AppleHSSPIHIDDriver 55
com.apple.driver.AppleThunderboltNHI 4.7.5
com.apple.iokit.IOThunderboltFamily 6.8.1
com.apple.iokit.IO80211Family 1200.12.2
com.apple.driver.mDNSOffloadUserClient 1.0.1b8
com.apple.driver.corecapture 1.0.4
com.apple.driver.AppleHSSPISupport 55
com.apple.driver.AppleIntelLpssSpiController 3.0.60
com.apple.driver.AppleIntelLpssGspi 3.0.60
com.apple.driver.AppleIntelLpssDmac 3.0.60
com.apple.driver.usb.AppleUSBXHCIPCI 1.2
com.apple.driver.usb.AppleUSBXHCI 1.2
com.apple.driver.usb.AppleUSBHostPacketFilter 1.0
com.apple.iokit.IOUSBFamily 900.4.2
com.apple.driver.AppleUSBHostMergeProperties 1.2
com.apple.driver.AppleEFINVRAM 2.1
com.apple.driver.AppleEFIRuntime 2.1
com.apple.iokit.IOSMBusFamily 1.1
com.apple.iokit.IOHIDFamily 2.0.0
com.apple.security.quarantine 3
com.apple.security.sandbox 300.0
com.apple.kext.AppleMatch 1.0.0d1
com.apple.driver.DiskImages 493.0.0
com.apple.driver.AppleFDEKeyStore 28.30
com.apple.driver.AppleEffaceableStorage 1.0
com.apple.driver.AppleKeyStore 2
com.apple.driver.AppleUSBTDM 456.200.8
com.apple.driver.AppleMobileFileIntegrity 1.0.5
com.apple.kext.CoreTrust 1
com.apple.iokit.IOUSBMassStorageDriver 145.200.2
com.apple.iokit.IOSCSIBlockCommandsDevice 408.200.1
com.apple.iokit.IOSCSIArchitectureModelFamily 408.200.1
com.apple.iokit.IOStorageFamily 2.1
com.apple.driver.AppleCredentialManager 1.0
com.apple.driver.KernelRelayHost 1
com.apple.iokit.IOUSBHostFamily 1.2
com.apple.driver.usb.AppleUSBCommon 1.0
com.apple.driver.AppleBusPowerController 1.0
com.apple.driver.AppleSEPManager 1.0.1
com.apple.driver.IOSlaveProcessor 1
com.apple.iokit.IOReportFamily 47
com.apple.iokit.IOTimeSyncFamily 700.7
com.apple.iokit.IONetworkingFamily 3.4
com.apple.driver.AppleACPIPlatform 6.1
com.apple.driver.AppleSMC 3.1.9
com.apple.iokit.IOPCIFamily 2.9
com.apple.iokit.IOACPIFamily 1.4
com.apple.kec.pthread 1
com.apple.kec.corecrypto 1.0
com.apple.kec.Libm 1
EOF
Model: MacBookPro12,1, BootROM MBP121.0177.B00, 2 processors, Intel Core i5, 2,7 GHz, 8 GB, SMC 2.28f7
Graphics: Intel Iris Graphics 6100, Intel Iris Graphics 6100, Built-In
Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1867 MHz, 0x80CE, 0x4B3445364533303445452D45474346000000
Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1867 MHz, 0x80CE, 0x4B3445364533303445452D45474346000000
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x133), Broadcom BCM43xx 1.0 (7.77.61.1 AirPortDriverBrcmNIC-1305.2)
Bluetooth: Version 6.0.8f6, 3 services, 27 devices, 1 incoming serial ports
Serial ATA Device: APPLE SSD SM0128G, 121,33 GB
USB Device: USB 3.0 Bus
USB Device: Bluetooth USB Host Controller
Thunderbolt Bus: MacBook Pro, Apple Inc., 27.1 Comments
-
-
I have yet to do this (very busy and juggling with a ton of things) but wonder if it can't be related to how Mojave handles disk permissions. Backblaze for example asked users to do a mandatory upgrade and to explicitly grant full disk access permissions to their app: https://help.backblaze.com/hc/en-us/articles/360009644134-Upgrading-to-Mojave-Read-This-First-
-
-
I've also reported it as bug/critical incompatibility a couple of days ago.
However, I strongly believe that XFence is dead as Mr. Zdziarski is now working at Apple and regardles of the fact that F-Secure bought it from him to gain access to it's technologies to be able to implement them into their endpoint sec. products, Apple is "replaceing" XFence's features balanced with usability (and of course, because of that with significant limitations) built into the latest v. of macOS.
-
I came to the same conclusion as you and @matijak. I did report the bug, but there has been no new version released, and seeing the implementation of a function (albeit still very basic) in iOS Mojave about permissions for full disk access, combined with the hiring of the original Little Flocker dev, is a sign of things to come.
The crashes have continued unabashed; even when disabling XFence I had some reboots where it was enabled again. I ultimately had to remove XFence as this was starting to hurt my productivity in a bad way. I'm concerned I don't have this protection layer anymore, but I've got work to do.
-
Apple has indeed implemented features with (limited) user control accessible under Settings>Privacy.
They’ve implemented app protecting features available to developers as well. F-Secure has to consider using it instead of relaing on their own technologies to avoid such incompatibility issues afer upgrades have been made in production environments.
-
-
-
-
-
I have same issue - but my MacBook pro will crash *every time* after system start-up.
On my case, the issue started with me enabling the XFENCE on Computer Protection for Mac version 17.2. On macOS 10.13 High Sierra.
As I was unable to use my computer, I restored the system from Time Machine backup.
Then shortly afterwards, a notification of update for Computer Protection for Mac started to pop up.
Once I installed the update, the crash returned - without me enabling the XFENCE! (The crashes were accompanied with multiple XFENCE dialogs where various [apparently] system components requested access to various system files.)
The same issue persisted after updating the macOS to 10.14 Mojave, as well as the latest OS update 10.14.1.
A support case has been created. I was instructed by F-Secure support specialist to remove the XFENCE.kext in Single User Mode, after updating the Computer Protection.
I did that, but it DID NOT clear this problem. Computer Protection for Mac updated from version 17.2 to the current one, with XFENCE.kext deleted from /Library/Extensions, still causes my Mac to crash right after start-up, before login.
Full system restore from Time Machine, restoring the Computer Protection to version 17.2, is the only way out. -
Integrated into the latest macOS? Only a small subset, to be sure. I really want to have XFence back up and running. Without it, I lose a ton of security.
I wish they'd release a supported version of it already. I'm happy to plunk down cold hard cash to keep this running on my machine.
-
And to reply myself: I found a solution. It is presented in my post under another topic .
I'll repeat it here for your convenience:
===
I have found a tested and working solution for those, who cannot remove XFENCE.kext from /Library/StagedExtensions/Library/Extensions/ - even via Single User mode:
Delete the actual kext from /Library/Extensions/ first, then run "KextWizard" (downloadable at https://mac.softpedia.com/get/Utilities/Kext-Wizard.shtml) and enable both checkmarks under "System/Library/Extension, i.e. "Repair permission" and Rebuild cache" - then click "Execute".
This removes the stubborn XFENCE.kext from the cache (that /Library/StagedExtensions/Library/Extensions/ actually is) and keeps it from being activated over and over again.
=== -
I strongly believe that XFence is dead as Mr. Zdziarski is now working at Apple and regardless of the fact that F-Secure bought it from him to gain access to its technologies to be able to implement them into their endpoint sec. products, Apple is "replacing" XFence's features balanced with usability (and of course, because of that with significant limitations) built into the latest v. of macOS.
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!