Question

High CPU usage from com.jamf.protect.security-extenstion

Forum|Forum|3 years ago
November 17, 2022
28 replies
682 views

tk39_2
New Contributor

We're using Jamf Now with Jamf Protect enabled and periodically seeing CPU spikes (with the process hanging and eating up resources indefinitely) caused by the com.jamf.protect.security-extenstion. This is actually causing the OS to get unresponsive and overheat, eating up all available CPU. The simple solution is to kill the process, but eventually the problem comes back.

Some basic debug information from the pid on a machine from when the problem occurred:

sudo dtruss -p 337
dtrace: system integrity protection is on, some features will not be available

SYSCALL(args) 		 = return
sigreturn(0x700008F16550, 0x1E, 0x1F99DBCB69B66C71)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x2EECB3AAFCC39E5E)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x5ECF2791121B465B)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xDCFC18327AB19367)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x131DCCD7A886722F)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xA6420414AE3C2D83)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x774160C6BC097B03)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x9CF5D78ADB397C7C)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xC695A61C98B23746)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x2E174C7243C6C3C)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x8475397DD123F821)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xB86A855D5C6D5582)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x33D38C31FCA52252)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x837887A519FD4360)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x57F08AB2F4CE5C4C)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x1452E243428B300B)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x512AD858951CCC8)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xCB123E6E890BB73)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xA74E8C22E5DAB37D)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xE1337532B76B5F4)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xF3D49E3526C825B5)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x9B382C79A3AF143C)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xE3478EE01738A3FB)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x3E9B48F4D3586447)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xE6B16B5E42609B19)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x694937F7D31E87DB)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xEC47F2F19874D6A3)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xF0EF461A890F4794)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x1AD3BBBA94BF6683)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xE59DCD0E9A8C787B)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xBC7110328B3402B7)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xB0D724F06D5A9148)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x2F59C457FDE2291F)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xCB4DF9599A7246A7)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xD7413C2FCF9AED4F)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xBAF1DA1780A03DD)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x3097FF42B964EBFB)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x7401D005F7749F02)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x3E46AF12BE3ACC53)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x27D8CDC1C73788B1)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x4A74F06CB1103776)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x64D67AB482C2EB9E)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x9314F366DD84EC76)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x7E08A312D1A28009)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xB813024A3C5BDB1A)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x1B1F8EBC893B4B0D)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x5A978B423CC387E7)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xEBADEF2959CFF180)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x5C3FAA00D61FB987)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x15CE2C94340BEA3D)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xC98EA9F9E8C84028)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x2010E19527E30C37)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xC6E313CF4AB76641)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x8785416CD1E73DD8)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xEF942E90885B70AC)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xC0841954B7EACEB9)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x32E5D4C3597F97A9)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x3A39DA7639F1D250)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x1D5A71745EBD3E41)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x961C032FCF13926D)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x15B6281324252B5E)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xD2887F5320CB2577)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x90A9473C0A0D6D54)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x901A97CA0EDD0FC8)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xAB2B5CC4850C8064)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x90F4F40655AE2218)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x78B563E2556A909F)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x2AFC246BCC17EC72)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x6AEDB40B20473B94)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x2D4E8E78AF86ABE5)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x71265E2E561FE22)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x505CDD59A51F9DBE)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xD57DAEE899531CB3)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x64D7000B1A3DE68B)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x45A55A7C80C360FE)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xE9867906907587C3)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x65CDD0610F2595A8)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0xE20D2E98FDB18D65)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x3BF047FFF91D0D41)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x925FDE3A4E3B0D69)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xC62ADDD766062425)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x640DC2D247C9E970)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x1530C30DAC96B81)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x76764F51FA9E3348)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0xF13700255B850A65)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x4A36C8B169315FA3)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x463519A381052379)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x8F919933BE986993)		 = 0 -2
sigreturn(0x70000909F568, 0x1E, 0x162C92B5694B0805)		 = 0 -2
sigreturn(0x700008F16550, 0x1E, 0x17C641DD12F93664)		 = 0 -2
dtrace: 238154 dynamic variable drops with non-empty dirty list

> sudo lsof -p 337
Password:
COMMAND   PID USER   FD      TYPE             DEVICE SIZE/OFF                NODE NAME
com.jamf. 337 root  cwd       DIR                1,4      640                   2 /
com.jamf. 337 root  txt       REG                1,4 12433296            28362867 /Library/SystemExtensions/1276F63E-603C-4E34-B5CD-2FA3DE9F5D01/com.jamf.protect.security-extension.systemextension/Contents/MacOS/com.jamf.protect.security-extension
com.jamf. 337 root  txt       REG                1,4    46944            30534913 /Library/Preferences/Logging/.plist-cache.T66NLeyt
com.jamf. 337 root  txt       REG                1,4    32768             7146411 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite-shm
com.jamf. 337 root  txt       REG                1,4    56384            29063318 /private/var/db/nsurlstoraged/dafsaData.bin
com.jamf. 337 root  txt       REG                1,4   443920 1152921500312329445 /System/Library/Frameworks/Security.framework/Versions/A/PlugIns/csparser.bundle/Contents/MacOS/csparser
com.jamf. 337 root  txt       REG                1,4   234080            28717902 /private/var/db/timezone/tz/2022f.1.0/icutz/icutz44l.dat
com.jamf. 337 root  txt       REG                1,4   120549            30535436 /private/var/db/analyticsd/events.allowlist
com.jamf. 337 root  txt       REG                1,4    32768            30534938 /private/var/db/mds/messages/se_SecurityMessages
com.jamf. 337 root  txt       REG                1,4 14762160            28362877 /Library/SystemExtensions/1276F63E-603C-4E34-B5CD-2FA3DE9F5D01/com.jamf.protect.security-extension.systemextension/Contents/Frameworks/ObjectiveRocks.framework/Versions/A/ObjectiveRocks
com.jamf. 337 root  txt       REG                1,4 30399984 1152921500312794842 /usr/share/icu/icudt70l.dat
com.jamf. 337 root  txt       REG                1,4  2177216 1152921500312782999 /usr/lib/dyld
com.jamf. 337 root    0r      CHR                3,2      0t0                 317 /dev/null
com.jamf. 337 root    1u      CHR                3,2      0t0                 317 /dev/null
com.jamf. 337 root    2u      CHR                3,2      0t0                 317 /dev/null
com.jamf. 337 root    3      PIPE 0x72cc79a3fe975f22    65536
com.jamf. 337 root    4w      REG                1,4    15802            30535355 /Library/Application Support/JamfProtect/db/LOG
com.jamf. 337 root    5r      DIR                1,4      608             7146258 /Library/Application Support/JamfProtect/db
com.jamf. 337 root    6      PIPE 0x71a00588162061ef    16384
com.jamf. 337 root    7u      REG                1,4        0             7146338 /Library/Application Support/JamfProtect/db/LOCK
com.jamf. 337 root    8w      REG                1,4       62            30535356 /Library/Application Support/JamfProtect/db/MANIFEST-000611
com.jamf. 337 root    9w      REG                1,4        0            30535358 /Library/Application Support/JamfProtect/db/000612.log
com.jamf. 337 root   10u      REG                1,4     4096             7146407 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite
com.jamf. 337 root   11u      REG                1,4   852872             7146410 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite-wal
com.jamf. 337 root   12u      REG                1,4    32768             7146411 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite-shm
com.jamf. 337 root   13   NPOLICY
com.jamf. 337 root   14u     unix 0xa9584682f9389fdf      0t0                     ->0xa9584682f9387a5f
com.jamf. 337 root   15u    systm 0xa958467e2dac6897      0t0                     [ctl com.apple.netsrc id 6 unit 3]
com.jamf. 337 root   16      CHAN             flowsw                              60EA3EE6-3AE3-4378-A931-5372928353F0[2] user-packet-pool

Show first post

Forum|pagination.label 2 / 2

nb91_2
New Contributor
Forum|Forum|2 years ago
November 6, 2023

Hey guys. We use JamfNow in our organisation and we have the option to enable malware protection on our Blueprints.

I've taken a screenshot here of the option in question. To confirm, when enabling this option, our macOS profile is updated and I can see the com.jamf.protect.security-extension process in the Activity Monitor.

I was wondering if anyone knew whether or not JamfNow would automatically update itself if this option is enabled? It would save me from manually having to update all our machines.

I was reading the documentation and it doesn't mention whether or not updates to Jamf Protect would be automatically updated on target machines in JamfNow if this option is enabled.

Any help would be greatly appreciated.

Thanks

+13

MattT
Employee
Forum|Forum|2 years ago
November 6, 2023

Hey guys. We use JamfNow in our organisation and we have the option to enable malware protection on our Blueprints.

I was wondering if anyone knew whether or not JamfNow would automatically update itself if this option is enabled? It would save me from manually having to update all our machines.

I was reading the documentation and it doesn't mention whether or not updates to Jamf Protect would be automatically updated on target machines in JamfNow if this option is enabled.

Any help would be greatly appreciated.

Thanks

Hey @nb91_2 customers using the Jamf Now feature you've mentioned will indeed see the Jamf Protect agent deployed update automatically once released. So, in this case, your devices should already be running the latest version containing the fix.

steve.jones
New Contributor
Forum|Forum|5 months ago
July 19, 2025

This extension is absolutely MELTING my work MacBook Pro M3 - and I don’t have the permissions to force it to quit.

CPU usage varies between 140% and 260% - restarts do not help.

What is the problem?

Forum|pagination.label 2 / 2

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded