cancel
Showing results for 
Search instead for 
Did you mean: 

Restarting XFENCEDaemon without rebooting the machine

Highlighted
Aspirant

Restarting XFENCEDaemon without rebooting the machine

I have XFENCE on a remote machine I can't reboot and  XFENCEDaemon was accidentally killed. How do I restart it properly to regain control over XFENCE? I cannot reboot the machine right now as it won't come up without a FileVault password

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure

Re: Restarting XFENCEDaemon without rebooting the machine

Hi,

 

as a security measure, the XFENCE kernel extension will not let XFENCEDaemon reconnect if it is killed. In theory you can unload the XFENCE kernel extension if XFENCE is disabled and no process has an active client session to the kernel session. Thus if XFENCE is disabled (or you manage to disable it from the UI) you may be able to do the following from a Terminal:

 

launchctl unload /Library/LaunchAgents/com.fsecure.XFENCEUserAgent.plist

sudo kextunload -b com.fsecure.XFENCE

 

The XFENCEDaemon should then restart within 10 seconds and re-load the kext. You can then reload the UI process by doing "launchctl load /Library/LaunchAgents/com.fsecure.XFENCEUserAgent.plist.

 

BUT here's the catch: even if you do manage to restart XFENCE this way, XFENCE does not work properly if it's not loaded immediately at system boot (it's designed to run before any processes are launched). In this state you can enable and disable XFENCE and change settings, but it will not be able to properly identify your processes, and as such most of your rules will probably not work. So I don't know how much help this is to you.

 

Your safest bet is to reboot to get XFENCE into a working state.

2 REPLIES 2
F-Secure

Re: Restarting XFENCEDaemon without rebooting the machine

Hi,

 

as a security measure, the XFENCE kernel extension will not let XFENCEDaemon reconnect if it is killed. In theory you can unload the XFENCE kernel extension if XFENCE is disabled and no process has an active client session to the kernel session. Thus if XFENCE is disabled (or you manage to disable it from the UI) you may be able to do the following from a Terminal:

 

launchctl unload /Library/LaunchAgents/com.fsecure.XFENCEUserAgent.plist

sudo kextunload -b com.fsecure.XFENCE

 

The XFENCEDaemon should then restart within 10 seconds and re-load the kext. You can then reload the UI process by doing "launchctl load /Library/LaunchAgents/com.fsecure.XFENCEUserAgent.plist.

 

BUT here's the catch: even if you do manage to restart XFENCE this way, XFENCE does not work properly if it's not loaded immediately at system boot (it's designed to run before any processes are launched). In this state you can enable and disable XFENCE and change settings, but it will not be able to properly identify your processes, and as such most of your rules will probably not work. So I don't know how much help this is to you.

 

Your safest bet is to reboot to get XFENCE into a working state.

Aspirant

Re: Restarting XFENCEDaemon without rebooting the machine

I see. Thanks for the info. I ended finding out a way to restart the machine remotely "sudo fdesetup authrestart"

 

Thanks for the detailed info though on how it works. I'm looking forward to seeing it start to get updates. (Especially since 10.14 is going to come soon)