High CPU usage from com.jamf.protect.security-extenstion

We're using Jamf Now with Jamf Protect enabled and periodically seeing CPU spikes (with the process hanging and eating up resources indefinitely) caused by the com.jamf.protect.security-extenstion. This is actually causing the OS to get unresponsive and overheat, eating up all available CPU. The simple solution is to kill the process, but eventually the problem comes back.

Some basic debug information from the pid on a machine from when the problem occurred:

sudo dtruss -p 337

dtrace: system integrity protection is on, some features will not be available



SYSCALL(args) 		 = return

sigreturn(0x700008F16550, 0x1E, 0x1F99DBCB69B66C71)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x2EECB3AAFCC39E5E)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x5ECF2791121B465B)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xDCFC18327AB19367)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x131DCCD7A886722F)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xA6420414AE3C2D83)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x774160C6BC097B03)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x9CF5D78ADB397C7C)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xC695A61C98B23746)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x2E174C7243C6C3C)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x8475397DD123F821)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xB86A855D5C6D5582)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x33D38C31FCA52252)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x837887A519FD4360)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x57F08AB2F4CE5C4C)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x1452E243428B300B)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x512AD858951CCC8)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xCB123E6E890BB73)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xA74E8C22E5DAB37D)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xE1337532B76B5F4)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xF3D49E3526C825B5)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x9B382C79A3AF143C)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xE3478EE01738A3FB)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x3E9B48F4D3586447)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xE6B16B5E42609B19)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x694937F7D31E87DB)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xEC47F2F19874D6A3)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xF0EF461A890F4794)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x1AD3BBBA94BF6683)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xE59DCD0E9A8C787B)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xBC7110328B3402B7)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xB0D724F06D5A9148)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x2F59C457FDE2291F)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xCB4DF9599A7246A7)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xD7413C2FCF9AED4F)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xBAF1DA1780A03DD)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x3097FF42B964EBFB)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x7401D005F7749F02)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x3E46AF12BE3ACC53)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x27D8CDC1C73788B1)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x4A74F06CB1103776)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x64D67AB482C2EB9E)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x9314F366DD84EC76)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x7E08A312D1A28009)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xB813024A3C5BDB1A)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x1B1F8EBC893B4B0D)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x5A978B423CC387E7)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xEBADEF2959CFF180)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x5C3FAA00D61FB987)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x15CE2C94340BEA3D)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xC98EA9F9E8C84028)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x2010E19527E30C37)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xC6E313CF4AB76641)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x8785416CD1E73DD8)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xEF942E90885B70AC)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xC0841954B7EACEB9)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x32E5D4C3597F97A9)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x3A39DA7639F1D250)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x1D5A71745EBD3E41)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x961C032FCF13926D)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x15B6281324252B5E)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xD2887F5320CB2577)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x90A9473C0A0D6D54)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x901A97CA0EDD0FC8)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xAB2B5CC4850C8064)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x90F4F40655AE2218)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x78B563E2556A909F)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x2AFC246BCC17EC72)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x6AEDB40B20473B94)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x2D4E8E78AF86ABE5)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x71265E2E561FE22)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x505CDD59A51F9DBE)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xD57DAEE899531CB3)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x64D7000B1A3DE68B)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x45A55A7C80C360FE)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xE9867906907587C3)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x65CDD0610F2595A8)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0xE20D2E98FDB18D65)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x3BF047FFF91D0D41)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x925FDE3A4E3B0D69)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xC62ADDD766062425)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x640DC2D247C9E970)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x1530C30DAC96B81)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x76764F51FA9E3348)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0xF13700255B850A65)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x4A36C8B169315FA3)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x463519A381052379)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x8F919933BE986993)		 = 0 -2

sigreturn(0x70000909F568, 0x1E, 0x162C92B5694B0805)		 = 0 -2

sigreturn(0x700008F16550, 0x1E, 0x17C641DD12F93664)		 = 0 -2

dtrace: 238154 dynamic variable drops with non-empty dirty list

> sudo lsof -p 337

Password:

COMMAND   PID USER   FD      TYPE             DEVICE SIZE/OFF                NODE NAME

com.jamf. 337 root  cwd       DIR                1,4      640                   2 /

com.jamf. 337 root  txt       REG                1,4 12433296            28362867 /Library/SystemExtensions/1276F63E-603C-4E34-B5CD-2FA3DE9F5D01/com.jamf.protect.security-extension.systemextension/Contents/MacOS/com.jamf.protect.security-extension

com.jamf. 337 root  txt       REG                1,4    46944            30534913 /Library/Preferences/Logging/.plist-cache.T66NLeyt

com.jamf. 337 root  txt       REG                1,4    32768             7146411 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite-shm

com.jamf. 337 root  txt       REG                1,4    56384            29063318 /private/var/db/nsurlstoraged/dafsaData.bin

com.jamf. 337 root  txt       REG                1,4   443920 1152921500312329445 /System/Library/Frameworks/Security.framework/Versions/A/PlugIns/csparser.bundle/Contents/MacOS/csparser

com.jamf. 337 root  txt       REG                1,4   234080            28717902 /private/var/db/timezone/tz/2022f.1.0/icutz/icutz44l.dat

com.jamf. 337 root  txt       REG                1,4   120549            30535436 /private/var/db/analyticsd/events.allowlist

com.jamf. 337 root  txt       REG                1,4    32768            30534938 /private/var/db/mds/messages/se_SecurityMessages

com.jamf. 337 root  txt       REG                1,4 14762160            28362877 /Library/SystemExtensions/1276F63E-603C-4E34-B5CD-2FA3DE9F5D01/com.jamf.protect.security-extension.systemextension/Contents/Frameworks/ObjectiveRocks.framework/Versions/A/ObjectiveRocks

com.jamf. 337 root  txt       REG                1,4 30399984 1152921500312794842 /usr/share/icu/icudt70l.dat

com.jamf. 337 root  txt       REG                1,4  2177216 1152921500312782999 /usr/lib/dyld

com.jamf. 337 root    0r      CHR                3,2      0t0                 317 /dev/null

com.jamf. 337 root    1u      CHR                3,2      0t0                 317 /dev/null

com.jamf. 337 root    2u      CHR                3,2      0t0                 317 /dev/null

com.jamf. 337 root    3      PIPE 0x72cc79a3fe975f22    65536

com.jamf. 337 root    4w      REG                1,4    15802            30535355 /Library/Application Support/JamfProtect/db/LOG

com.jamf. 337 root    5r      DIR                1,4      608             7146258 /Library/Application Support/JamfProtect/db

com.jamf. 337 root    6      PIPE 0x71a00588162061ef    16384

com.jamf. 337 root    7u      REG                1,4        0             7146338 /Library/Application Support/JamfProtect/db/LOCK

com.jamf. 337 root    8w      REG                1,4       62            30535356 /Library/Application Support/JamfProtect/db/MANIFEST-000611

com.jamf. 337 root    9w      REG                1,4        0            30535358 /Library/Application Support/JamfProtect/db/000612.log

com.jamf. 337 root   10u      REG                1,4     4096             7146407 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite

com.jamf. 337 root   11u      REG                1,4   852872             7146410 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite-wal

com.jamf. 337 root   12u      REG                1,4    32768             7146411 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite-shm

com.jamf. 337 root   13   NPOLICY

com.jamf. 337 root   14u     unix 0xa9584682f9389fdf      0t0                     ->0xa9584682f9387a5f

com.jamf. 337 root   15u    systm 0xa958467e2dac6897      0t0                     [ctl com.apple.netsrc id 6 unit 3]

com.jamf. 337 root   16      CHAN             flowsw                              60EA3EE6-3AE3-4378-A931-5372928353F0[2] user-packet-pool

Page 2 / 2

Hey guys. We use JamfNow in our organisation and we have the option to enable malware protection on our Blueprints.

I've taken a screenshot here of the option in question. To confirm, when enabling this option, our macOS profile is updated and I can see the com.jamf.protect.security-extension process in the Activity Monitor.

I was wondering if anyone knew whether or not JamfNow would automatically update itself if this option is enabled? It would save me from manually having to update all our machines.

I was reading the documentation and it doesn't mention whether or not updates to Jamf Protect would be automatically updated on target machines in JamfNow if this option is enabled.

Any help would be greatly appreciated.

Thanks

Hey guys. We use JamfNow in our organisation and we have the option to enable malware protection on our Blueprints.

I've taken a screenshot here of the option in question. To confirm, when enabling this option, our macOS profile is updated and I can see the com.jamf.protect.security-extension process in the Activity Monitor.

I was wondering if anyone knew whether or not JamfNow would automatically update itself if this option is enabled? It would save me from manually having to update all our machines.

I was reading the documentation and it doesn't mention whether or not updates to Jamf Protect would be automatically updated on target machines in JamfNow if this option is enabled.

Any help would be greatly appreciated.

Thanks

Hey @nb91_2 customers using the Jamf Now feature you've mentioned will indeed see the Jamf Protect agent deployed update automatically once released. So, in this case, your devices should already be running the latest version containing the fix.

This extension is absolutely MELTING my work MacBook Pro M3 - and I don’t have the permissions to force it to quit.

CPU usage varies between 140% and 260% - restarts do not help.

What is the problem?

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded