We're using Jamf Now with Jamf Protect enabled and periodically seeing CPU spikes (with the process hanging and eating up resources indefinitely) caused by the com.jamf.protect.security-extenstion. This is actually causing the OS to get unresponsive and overheat, eating up all available CPU. The simple solution is to kill the process, but eventually the problem comes back.
Some basic debug information from the pid on a machine from when the problem occurred:
sudo dtruss -p 337 dtrace: system integrity protection is on, some features will not be available SYSCALL(args) = return sigreturn(0x700008F16550, 0x1E, 0x1F99DBCB69B66C71) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x2EECB3AAFCC39E5E) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x5ECF2791121B465B) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xDCFC18327AB19367) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x131DCCD7A886722F) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xA6420414AE3C2D83) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x774160C6BC097B03) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x9CF5D78ADB397C7C) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xC695A61C98B23746) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x2E174C7243C6C3C) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x8475397DD123F821) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xB86A855D5C6D5582) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x33D38C31FCA52252) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x837887A519FD4360) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x57F08AB2F4CE5C4C) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x1452E243428B300B) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x512AD858951CCC8) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xCB123E6E890BB73) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xA74E8C22E5DAB37D) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xE1337532B76B5F4) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xF3D49E3526C825B5) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x9B382C79A3AF143C) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xE3478EE01738A3FB) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x3E9B48F4D3586447) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xE6B16B5E42609B19) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x694937F7D31E87DB) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xEC47F2F19874D6A3) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xF0EF461A890F4794) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x1AD3BBBA94BF6683) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xE59DCD0E9A8C787B) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xBC7110328B3402B7) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xB0D724F06D5A9148) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x2F59C457FDE2291F) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xCB4DF9599A7246A7) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xD7413C2FCF9AED4F) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xBAF1DA1780A03DD) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x3097FF42B964EBFB) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x7401D005F7749F02) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x3E46AF12BE3ACC53) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x27D8CDC1C73788B1) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x4A74F06CB1103776) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x64D67AB482C2EB9E) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x9314F366DD84EC76) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x7E08A312D1A28009) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xB813024A3C5BDB1A) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x1B1F8EBC893B4B0D) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x5A978B423CC387E7) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xEBADEF2959CFF180) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x5C3FAA00D61FB987) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x15CE2C94340BEA3D) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xC98EA9F9E8C84028) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x2010E19527E30C37) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xC6E313CF4AB76641) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x8785416CD1E73DD8) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xEF942E90885B70AC) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xC0841954B7EACEB9) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x32E5D4C3597F97A9) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x3A39DA7639F1D250) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x1D5A71745EBD3E41) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x961C032FCF13926D) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x15B6281324252B5E) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xD2887F5320CB2577) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x90A9473C0A0D6D54) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x901A97CA0EDD0FC8) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xAB2B5CC4850C8064) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x90F4F40655AE2218) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x78B563E2556A909F) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x2AFC246BCC17EC72) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x6AEDB40B20473B94) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x2D4E8E78AF86ABE5) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x71265E2E561FE22) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x505CDD59A51F9DBE) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xD57DAEE899531CB3) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x64D7000B1A3DE68B) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x45A55A7C80C360FE) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xE9867906907587C3) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x65CDD0610F2595A8) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0xE20D2E98FDB18D65) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x3BF047FFF91D0D41) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x925FDE3A4E3B0D69) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xC62ADDD766062425) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x640DC2D247C9E970) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x1530C30DAC96B81) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x76764F51FA9E3348) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0xF13700255B850A65) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x4A36C8B169315FA3) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x463519A381052379) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x8F919933BE986993) = 0 -2 sigreturn(0x70000909F568, 0x1E, 0x162C92B5694B0805) = 0 -2 sigreturn(0x700008F16550, 0x1E, 0x17C641DD12F93664) = 0 -2 dtrace: 238154 dynamic variable drops with non-empty dirty list
> sudo lsof -p 337 Password: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME com.jamf. 337 root cwd DIR 1,4 640 2 / com.jamf. 337 root txt REG 1,4 12433296 28362867 /Library/SystemExtensions/1276F63E-603C-4E34-B5CD-2FA3DE9F5D01/com.jamf.protect.security-extension.systemextension/Contents/MacOS/com.jamf.protect.security-extension com.jamf. 337 root txt REG 1,4 46944 30534913 /Library/Preferences/Logging/.plist-cache.T66NLeyt com.jamf. 337 root txt REG 1,4 32768 7146411 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite-shm com.jamf. 337 root txt REG 1,4 56384 29063318 /private/var/db/nsurlstoraged/dafsaData.bin com.jamf. 337 root txt REG 1,4 443920 1152921500312329445 /System/Library/Frameworks/Security.framework/Versions/A/PlugIns/csparser.bundle/Contents/MacOS/csparser com.jamf. 337 root txt REG 1,4 234080 28717902 /private/var/db/timezone/tz/2022f.1.0/icutz/icutz44l.dat com.jamf. 337 root txt REG 1,4 120549 30535436 /private/var/db/analyticsd/events.allowlist com.jamf. 337 root txt REG 1,4 32768 30534938 /private/var/db/mds/messages/se_SecurityMessages com.jamf. 337 root txt REG 1,4 14762160 28362877 /Library/SystemExtensions/1276F63E-603C-4E34-B5CD-2FA3DE9F5D01/com.jamf.protect.security-extension.systemextension/Contents/Frameworks/ObjectiveRocks.framework/Versions/A/ObjectiveRocks com.jamf. 337 root txt REG 1,4 30399984 1152921500312794842 /usr/share/icu/icudt70l.dat com.jamf. 337 root txt REG 1,4 2177216 1152921500312782999 /usr/lib/dyld com.jamf. 337 root 0r CHR 3,2 0t0 317 /dev/null com.jamf. 337 root 1u CHR 3,2 0t0 317 /dev/null com.jamf. 337 root 2u CHR 3,2 0t0 317 /dev/null com.jamf. 337 root 3 PIPE 0x72cc79a3fe975f22 65536 com.jamf. 337 root 4w REG 1,4 15802 30535355 /Library/Application Support/JamfProtect/db/LOG com.jamf. 337 root 5r DIR 1,4 608 7146258 /Library/Application Support/JamfProtect/db com.jamf. 337 root 6 PIPE 0x71a00588162061ef 16384 com.jamf. 337 root 7u REG 1,4 0 7146338 /Library/Application Support/JamfProtect/db/LOCK com.jamf. 337 root 8w REG 1,4 62 30535356 /Library/Application Support/JamfProtect/db/MANIFEST-000611 com.jamf. 337 root 9w REG 1,4 0 30535358 /Library/Application Support/JamfProtect/db/000612.log com.jamf. 337 root 10u REG 1,4 4096 7146407 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite com.jamf. 337 root 11u REG 1,4 852872 7146410 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite-wal com.jamf. 337 root 12u REG 1,4 32768 7146411 /private/var/root/Library/HTTPStorages/com.jamf.protect.security-extension/httpstorages.sqlite-shm com.jamf. 337 root 13 NPOLICY com.jamf. 337 root 14u unix 0xa9584682f9389fdf 0t0 ->0xa9584682f9387a5f com.jamf. 337 root 15u systm 0xa958467e2dac6897 0t0 [ctl com.apple.netsrc id 6 unit 3] com.jamf. 337 root 16 CHAN flowsw 60EA3EE6-3AE3-4378-A931-5372928353F0[2] user-packet-pool