Xfence and MacOS Mojave - reported crashes

Hi XFence devs, I'm running XFence 1.8.88 and MacOS Mojave 18A391 and noticed a repeated amount of OS crashes since 2 days ago (approx 10-15+ crashes). Here is a sample panic report if it can provide any help. Thank you!

 

Anonymous UUID:       7730D407-C530-DAA4-2233-37169AA8E92B

Wed Oct  3 22:05:31 2018

*** Panic Report ***
panic(cpu 1 caller 0xffffff800d8d87bd): Kernel trap at 0xffffff800d7c071a, type 14=page fault, registers:
CR0: 0x000000008001003b, CR2: 0x00000000011f0000, CR3: 0x00000001f8c7e17d, CR4: 0x00000000003626e0
RAX: 0x0000000000000007, RBX: 0x0000000000000000, RCX: 0x0000000000000020, RDX: 0xffffff7f8e267b39
RSP: 0xffffff811034b9e0, RBP: 0xffffff811034bab0, RSI: 0x000000000000000a, RDI: 0x0000000000000073
R8:  0x0000000000000000, R9:  0x00000000011f0000, R10: 0x0000000000000000, R11: 0x0000000000000000
R12: 0x000000007fffffff, R13: 0x0000000000000000, R14: 0x0000000000000007, R15: 0x0000000000000000
RFL: 0x0000000000010246, RIP: 0xffffff800d7c071a, CS:  0x0000000000000008, SS:  0x0000000000000000
Fault CR2: 0x00000000011f0000, Error code: 0x0000000000000000, Fault CPU: 0x1, PL: 0, VF: 1

Backtrace (CPU 1), Frame : Return Address
0xffffff811034b4b0 : 0xffffff800d7aca1d 
0xffffff811034b500 : 0xffffff800d8e6b13 
0xffffff811034b540 : 0xffffff800d8d859a 
0xffffff811034b5b0 : 0xffffff800d759ca0 
0xffffff811034b5d0 : 0xffffff800d7ac437 
0xffffff811034b6f0 : 0xffffff800d7ac283 
0xffffff811034b760 : 0xffffff800d8d87bd 
0xffffff811034b8d0 : 0xffffff800d759ca0 
0xffffff811034b8f0 : 0xffffff800d7c071a 
0xffffff811034bab0 : 0xffffff800dcec5bb 
0xffffff811034bb20 : 0xffffff7f8e25fa6f 
0xffffff811034bf50 : 0xffffff800dee662d 
0xffffff811034bf80 : 0xffffff800d7d567e 
0xffffff811034bfa0 : 0xffffff800d7590ce 
      Kernel Extensions in backtrace:
         com.fsecure.XFENCE(1.8.88)[83DEF05D-E416-322C-871A-55308708CB27]@0xffffff7f8e25e000->0xffffff7f8e269fff

BSD process name corresponding to current thread: sed

Mac OS version:
18A391

Kernel version:
Darwin Kernel Version 18.0.0: Wed Aug 22 20:13:40 PDT 2018; root:xnu-4903.201.2~1/RELEASE_X86_64
Kernel UUID: DF83AD37-501E-3B4F-B1F0-04F3AC90FE35
Kernel slide:     0x000000000d400000
Kernel text base: 0xffffff800d600000
__HIB  text base: 0xffffff800d500000
System model name: MacBookPro12,1 (Mac-E43C1C25D4880AD6)

System uptime in nanoseconds: 1470115917100
last loaded kext at 1413753318874: com.apple.driver.AppleUSBAudio	314.28 (addr 0xffffff7f90f67000, size 413696)
last unloaded kext at 396500468921: com.apple.driver.AppleIntelLpssI2C	3.0.60 (addr 0xffffff7f8eb68000, size 40960)
loaded kexts:
com.github.kbfuse.filesystems.kbfuse	3.8.2
com.sophos.kext.oas	9.7.0
com.sophos.nke.swi	9.7.0
com.intel.driver.EnergyDriver	2.0
at.obdev.nke.LittleSnitch	5204
com.fsecure.XFENCE	1.8.88
com.apple.driver.AudioAUUC	1.70
com.apple.fileutil	1
com.apple.driver.AppleHWSensor	1.9.5d0
com.apple.filesystems.autofs	3.0
com.apple.driver.AppleUpstreamUserClient	3.6.5
com.apple.driver.AppleHDA	282.10
com.apple.driver.AGPM	110.23.41
com.apple.driver.ApplePlatformEnabler	2.7.0d0
com.apple.driver.X86PlatformShim	1.0.0
com.apple.driver.AppleGraphicsDevicePolicy	3.22.18
com.apple.AGDCPluginDisplayMetrics	3.22.9
com.apple.driver.AppleHV	1
com.apple.iokit.IOUserEthernet	1.0.1
com.apple.driver.AppleIntelBDWGraphics	12.0.0
com.apple.iokit.IOBluetoothSerialManager	6.0.8f6
com.apple.driver.pmtelemetry	1
com.apple.Dont_Steal_Mac_OS_X	7.0.0
com.apple.driver.AppleIntelBDWGraphicsFramebuffer	12.0.0
com.apple.driver.AppleIntelSlowAdaptiveClocking	4.0.0
com.apple.driver.eficheck	1
com.apple.driver.AppleThunderboltIP	3.1.2
com.apple.iokit.BroadcomBluetooth20703USBTransport	6.0.8f6
com.apple.driver.AppleLPC	3.1
com.apple.driver.AppleOSXWatchdog	1
com.apple.driver.AppleSMCLMU	212
com.apple.driver.AppleCameraInterface	6.7.0
com.apple.driver.AppleBacklight	170.12.11
com.apple.driver.AppleMCCSControl	1.5.7
com.apple.driver.AppleUSBCardReader	456.200.8
com.apple.filesystems.hfs.kext	407.200.4
com.apple.AppleFSCompression.AppleFSCompressionTypeDataless	1.0.0d1
com.apple.BootCache	40
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib	1.0.0
com.apple.AppleSystemPolicy	1.0
com.apple.filesystems.apfs	945.200.129
com.apple.driver.AppleAHCIPort	329.200.2
com.apple.driver.AppleTopCaseHIDEventDriver	138
com.apple.driver.AirPort.BrcmNIC	1400.1.1
com.apple.driver.AppleSmartBatteryManager	161.0.0
com.apple.driver.AppleRTC	2.0
com.apple.driver.AppleACPIButtons	6.1
com.apple.driver.AppleHPET	1.8
com.apple.driver.AppleSMBIOS	2.1
com.apple.driver.AppleACPIEC	6.1
com.apple.driver.AppleAPIC	1.7
com.apple.nke.applicationfirewall	190
com.apple.security.TMSafetyNet	8
com.apple.driver.AppleUSBAudio	314.28
com.apple.driver.usb.IOUSBHostHIDDevice	1.2
com.apple.driver.usb.cdc	5.0.0
com.apple.driver.usb.AppleUSBHostCompositeDevice	1.2
com.apple.kext.triggers	1.0
com.apple.driver.DspFuncLib	282.10
com.apple.kext.OSvKernDSPLib	527
com.apple.driver.AppleGraphicsControl	3.22.18
com.apple.iokit.IOAVBFamily	700.6
com.apple.plugin.IOgPTPPlugin	700.7
com.apple.iokit.IOEthernetAVBController	1.1.0
com.apple.driver.AppleSSE	1.0
com.apple.iokit.IOSerialFamily	11
com.apple.AppleGPUWrangler	3.22.9
com.apple.iokit.IOAcceleratorFamily2	400.24
com.apple.iokit.IOSurface	255.1
com.apple.iokit.IOSlowAdaptiveClockingFamily	1.0.0
com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport	6.0.8f6
com.apple.iokit.IOBluetoothHostControllerUSBTransport	6.0.8f6
com.apple.iokit.IOBluetoothHostControllerTransport	6.0.8f6
com.apple.driver.AppleHDAController	282.10
com.apple.iokit.IOHDAFamily	282.10
com.apple.driver.X86PlatformPlugin	1.0.0
com.apple.driver.IOPlatformPluginFamily	6.0.0d8
com.apple.AppleGraphicsDeviceControl	3.22.18
com.apple.driver.AppleBacklightExpert	1.1.0
com.apple.iokit.IONDRVSupport	530
com.apple.driver.AppleSMBusController	1.0.18d1
com.apple.iokit.IOGraphicsFamily	530.9
com.apple.iokit.IOAudioFamily	206.5
com.apple.vecLib.kext	1.2.0
com.apple.driver.usb.networking	5.0.0
com.apple.filesystems.hfs.encodings.kext	1
com.apple.iokit.IOAHCIBlockStorage	301.200.2
com.apple.driver.AppleThunderboltDPInAdapter	5.5.7
com.apple.driver.AppleThunderboltDPAdapterFamily	5.5.7
com.apple.driver.AppleThunderboltPCIDownAdapter	2.1.4
com.apple.iokit.IOAHCIFamily	288
com.apple.driver.AppleActuatorDriver	2400.15
com.apple.driver.AppleHIDKeyboard	208
com.apple.driver.AppleHSBluetoothDriver	138
com.apple.driver.IOBluetoothHIDDriver	6.0.8f6
com.apple.iokit.IOBluetoothFamily	6.0.8f6
com.apple.driver.AppleMultitouchDriver	2400.15
com.apple.driver.AppleInputDeviceSupport	2400.7
com.apple.driver.AppleHSSPIHIDDriver	55
com.apple.driver.AppleThunderboltNHI	4.7.5
com.apple.iokit.IOThunderboltFamily	6.8.1
com.apple.iokit.IO80211Family	1200.12.2
com.apple.driver.mDNSOffloadUserClient	1.0.1b8
com.apple.driver.corecapture	1.0.4
com.apple.driver.AppleHSSPISupport	55
com.apple.driver.AppleIntelLpssSpiController	3.0.60
com.apple.driver.AppleIntelLpssGspi	3.0.60
com.apple.driver.AppleIntelLpssDmac	3.0.60
com.apple.driver.usb.AppleUSBXHCIPCI	1.2
com.apple.driver.usb.AppleUSBXHCI	1.2
com.apple.driver.usb.AppleUSBHostPacketFilter	1.0
com.apple.iokit.IOUSBFamily	900.4.2
com.apple.driver.AppleUSBHostMergeProperties	1.2
com.apple.driver.AppleEFINVRAM	2.1
com.apple.driver.AppleEFIRuntime	2.1
com.apple.iokit.IOSMBusFamily	1.1
com.apple.iokit.IOHIDFamily	2.0.0
com.apple.security.quarantine	3
com.apple.security.sandbox	300.0
com.apple.kext.AppleMatch	1.0.0d1
com.apple.driver.DiskImages	493.0.0
com.apple.driver.AppleFDEKeyStore	28.30
com.apple.driver.AppleEffaceableStorage	1.0
com.apple.driver.AppleKeyStore	2
com.apple.driver.AppleUSBTDM	456.200.8
com.apple.driver.AppleMobileFileIntegrity	1.0.5
com.apple.kext.CoreTrust	1
com.apple.iokit.IOUSBMassStorageDriver	145.200.2
com.apple.iokit.IOSCSIBlockCommandsDevice	408.200.1
com.apple.iokit.IOSCSIArchitectureModelFamily	408.200.1
com.apple.iokit.IOStorageFamily	2.1
com.apple.driver.AppleCredentialManager	1.0
com.apple.driver.KernelRelayHost	1
com.apple.iokit.IOUSBHostFamily	1.2
com.apple.driver.usb.AppleUSBCommon	1.0
com.apple.driver.AppleBusPowerController	1.0
com.apple.driver.AppleSEPManager	1.0.1
com.apple.driver.IOSlaveProcessor	1
com.apple.iokit.IOReportFamily	47
com.apple.iokit.IOTimeSyncFamily	700.7
com.apple.iokit.IONetworkingFamily	3.4
com.apple.driver.AppleACPIPlatform	6.1
com.apple.driver.AppleSMC	3.1.9
com.apple.iokit.IOPCIFamily	2.9
com.apple.iokit.IOACPIFamily	1.4
com.apple.kec.pthread	1
com.apple.kec.corecrypto	1.0
com.apple.kec.Libm	1

EOF
Model: MacBookPro12,1, BootROM MBP121.0177.B00, 2 processors, Intel Core i5, 2,7 GHz, 8 GB, SMC 2.28f7
Graphics: Intel Iris Graphics 6100, Intel Iris Graphics 6100, Built-In
Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1867 MHz, 0x80CE, 0x4B3445364533303445452D45474346000000
Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1867 MHz, 0x80CE, 0x4B3445364533303445452D45474346000000
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x133), Broadcom BCM43xx 1.0 (7.77.61.1 AirPortDriverBrcmNIC-1305.2)
Bluetooth: Version 6.0.8f6, 3 services, 27 devices, 1 incoming serial ports
Serial ATA Device: APPLE SSD SM0128G, 121,33 GB
USB Device: USB 3.0 Bus
USB Device: Bluetooth USB Host Controller
Thunderbolt Bus: MacBook Pro, Apple Inc., 27.1

Comments

  • DevOpsAdmin
    DevOpsAdmin Posts: 18 Observer

    I reported this as a bug in the beta program. I recommend you do the same as well. I really want to see this fixed ASAP. Being without XFENCE after having it since the Flocker days makes me nervous now that I'm used to that layer of protection.

  • darkkavenger
    darkkavenger Posts: 4 New Member

    I have yet to do this (very busy and juggling with a ton of things) but wonder if it can't be related to how Mojave handles disk permissions. Backblaze for example asked users to do a mandatory upgrade and to explicitly grant full disk access permissions to their app: https://help.backblaze.com/hc/en-us/articles/360009644134-Upgrading-to-Mojave-Read-This-First-

     

  • darkkavenger
    darkkavenger Posts: 4 New Member

    Allright, reported as a bug.

  • matijak
    matijak Posts: 4 New Member

    I've also reported it as bug/critical incompatibility a couple of days ago.

     

    However, I strongly believe that XFence is dead as Mr. Zdziarski is now working at Apple and regardles of the fact that F-Secure bought it from him to gain access to it's technologies to be able to implement them into their endpoint sec. products, Apple is "replaceing" XFence's features balanced with usability (and of course, because of that with significant limitations) built into the latest v. of macOS.

  • Fab1an
    Fab1an Posts: 1 New Member

    Same crashes here. I've also submitted the bug report in the beta program but I also think this project is dead.

  • darkkavenger
    darkkavenger Posts: 4 New Member

    I came to the same conclusion as you and @matijak. I did report the bug, but there has been no new version released, and seeing the implementation of a function (albeit still very basic) in iOS Mojave about permissions for full disk access, combined with the hiring of the original Little Flocker dev, is a sign of things to come.

     

    The crashes have continued unabashed; even when disabling XFence I had some reboots where it was enabled again. I ultimately had to remove XFence as this was starting to hurt my productivity in a bad way. I'm concerned I don't have this protection layer anymore, but I've got work to do.

  • matijak
    matijak Posts: 4 New Member

    Apple has indeed implemented features with (limited) user control accessible under Settings>Privacy.

     

    They’ve implemented app protecting features available to developers as well. F-Secure has to consider using it instead of relaing on their own technologies to avoid such incompatibility issues afer upgrades have been made in production environments.

  • ckrueger99
    ckrueger99 Posts: 1 New Member

    I get similar crashes, but in my case it's invariably "BSD process name corresponding to current thread: xpcproxy"

  • matijak
    matijak Posts: 4 New Member

    I get it too.

  • ZV
    ZV Posts: 2 New Member
    Having the same problem here.
    - macOS 10.14 (18A391)
    - kernel: Darwin 18.0.0
    - XFence 1.8.88

    Whenever Mojave crashes it reports XFence Kernel extension in the backtrace section of the panic report.
  • scalefree
    scalefree Posts: 1 New Member
    Same problem. Upgraded to Mojave, repeated random crashes. Followed the breadcrumbs & figured out XFence was responsible, disabled it. No more crashes! Is XFence really an orphan?
  • Cale
    Cale Posts: 294 F-Secure Product Manager

    Sorry for the long quiet period on the Xfence front. We concentrated our team effort on the Mojave release and are currently working on a small maintenance release for SAFE MAC. After that we will take a look at the Xfence beta and hopefully solve the crash issues on it.

     

    -Cale

  • DevOpsAdmin
    DevOpsAdmin Posts: 18 Observer

    Cale,

     

    I'm really glad to hear XFENCE has not been forgotten. Are there any unofficial (and totally non-committal) ETAs on XFENCE getting some attention?


    Thanks!

  • KimArden
    KimArden Posts: 2 New Member

    +1 Crashing in a few seconds of logging in if XFence is enabled.

     

    XFence  1.8.88

    macos 10.14

     

    For whatever reason, my second Admin account on this mac does not crash. That's an account I only log in to  do high-level admin things, and that account seems to run fine.

  • Cale
    Cale Posts: 294 F-Secure Product Manager

    If the issues are solvable with reasonable effort, we plan to release a new version before end of year.

     

    -Cale

  • KimArden
    KimArden Posts: 2 New Member

    UPDATE: My seldom-used admin account also became effected, so I had to:

     

    - Restart in Safe Mode, then

    - Remove the kernel from Library/Extensions

     

    I'll await that update.

     

    Thanks.

  • matijak
    matijak Posts: 4 New Member

    Such unrealiable development cycle management and unresponsive support are determining project’s feature; I see no light at the end ... And on the other hand, Apple integrated  it’s functionalities into the latest macOS.

  • Toweri
    Toweri Posts: 20 Enthusiast

    I have same issue - but my MacBook pro will crash *every time* after system start-up.

    On my case, the issue started with me enabling the XFENCE on Computer Protection for Mac version 17.2. On macOS 10.13 High Sierra.
    As I was unable to use my computer, I restored the system from Time Machine backup.

    Then shortly afterwards, a notification of update for Computer Protection for Mac started to pop up.
    Once I installed the update, the crash returned - without me enabling the XFENCE! (The crashes were accompanied with multiple XFENCE dialogs where various [apparently] system components requested access to various system files.)

    The same issue persisted after updating the macOS to 10.14 Mojave, as well as the latest OS update 10.14.1.

    A support case has been created. I was instructed by F-Secure support specialist to remove the XFENCE.kext in Single User Mode, after updating the Computer Protection.

    I did that, but it DID NOT clear this problem. Computer Protection for Mac updated from version 17.2 to the current one, with XFENCE.kext deleted from /Library/Extensions, still causes my Mac to crash right after start-up, before login.
    Full system restore from Time Machine, restoring the Computer Protection to version 17.2, is the only way out.

  • XenoPhage
    XenoPhage Posts: 31 Contributor

    Integrated into the latest macOS?  Only a small subset, to be sure.  I really want to have XFence back up and running.  Without it, I lose a ton of security.

     

    I wish they'd release a supported version of it already.  I'm happy to plunk down cold hard cash to keep this running on my machine.

  • Toweri
    Toweri Posts: 20 Enthusiast

    And to reply myself: I found a solution. It is presented in my post under another topic .
    I'll repeat it here for your convenience:
    ===
    I have found a tested and working solution for those, who cannot remove XFENCE.kext from /Library/StagedExtensions/Library/Extensions/ - even via Single User mode:

    Delete the actual kext from /Library/Extensions/ first, then run "KextWizard" (downloadable at https://mac.softpedia.com/get/Utilities/Kext-Wizard.shtml) and enable both checkmarks under "System/Library/Extension, i.e. "Repair permission" and Rebuild cache" - then click "Execute".

    This removes the stubborn XFENCE.kext from the cache (that /Library/StagedExtensions/Library/Extensions/ actually is) and keeps it from being activated over and over again.
    ===

  • joanne3422
    joanne3422 Posts: 13 Explorer

    I strongly believe that XFence is dead as Mr. Zdziarski is now working at Apple and regardless of the fact that F-Secure bought it from him to gain access to its technologies to be able to implement them into their endpoint sec. products, Apple is "replacing" XFence's features balanced with usability (and of course, because of that with significant limitations) built into the latest v. of macOS.

This discussion has been closed.