EtreCheckPro version: 6.6.1 (66021) Report generated: 2022-07-27 17:57:41 Download EtreCheckPro from https://etrecheck.com Runtime: 3:34 Performance: Excellent Problem: Computer is restarting Description: WindowsServer will crash when MacBook is connected to an external moni tor Major Issues: Anything that appears on this list needs immediate attention. Proxies - Network proxies detected. This could be evidence of malware. Unsigned files - There are unsigned software files installed that could be malicious and should be reviewed. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. No Time Machine backup - Time Machine backup not found. Configuration profiles found - This computer may have configuration profiles installed. These are sometimes used by malware. Heavy RAM usage - Apps are using a large amount of RAM. Apps crashing - There have been numerous app crashes. Unsigned files - There are unsigned software files installed. These files could be old, incompatible, and cause problems. They should be reviewed. System modifications - There are a large number of system modifications running in the background. x86-only Apps - This computer has x86-only apps might not work on future versions of the operating system. Limited drive access - More information may be available with Full Drive Access. Kernel extensions present - This computer has kernel extensions that may not work in the future. Sharing enabled - This computer has sharing services enabled that could be a security risk. Hardware Information: MacBook Pro (16-inch, 2019) MacBook Pro Model: MacBookPro16,1 2.4 GHz 8-Core Intel Core i9 (i9-9980HK) CPU: 8-core 32 GB RAM - Not upgradeable BANK 0/ChannelA-DIMM0 - 16 GB DDR4 2667 BANK 2/ChannelB-DIMM0 - 16 GB DDR4 2667 Battery: Health = Normal - Cycle count = 46 Video Information: Intel UHD Graphics 630 - VRAM: 1536 MB AMD Radeon Pro 5500M - VRAM: 8 GB Color LCD (built-in) 3584 x 2240 BenQ EW3270U 3840 x 2160 Drives: disk0 - APPLE SSD AP1024N 1.00 TB (Solid State - TRIM: Yes) Internal PCI-Express 8.0 GT/s x4 NVM Express disk0s1 - EFI [EFI] 315 MB disk0s2 [APFS Container] 1.00 TB disk1 [APFS Virtual drive] 1.00 TB (Shared by 6 volumes) disk1s1 (APFS) [APFS Container] (Shared - 15.42 GB used) disk1s1s1 - Macintosh HD (APFS) [APFS Snapshot] (Shared - 15.42 GB used) disk1s2 - Macintosh HD - Data (APFS) [APFS Virtual drive] (Shared - 115.07 GB used) disk1s3 - Preboot (APFS) [APFS Preboot] (Shared - 749 MB used) disk1s4 - Recovery (APFS) [Recovery] (Shared - 1.12 GB used) disk1s5 - VM (APFS) [APFS VM] (Shared - 20 KB used) disk1s6 - Update (APFS) (Shared - 4 MB used) Mounted Volumes: disk1s1s1 - Macintosh HD [APFS Snapshot] 1.00 TB (Shared - 15.42 GB used, 872.31 GB available, 867.67 GB free) APFS Mount point: / Read-only: Yes disk1s2 - Macintosh HD - Data [APFS Virtual drive] 1.00 TB (Shared - 115.07 GB used, 872.31 GB available, 867.67 GB free) APFS Mount point: /System/Volumes/Data Encrypted disk1s3 - Preboot [APFS Preboot] 1.00 TB (Shared - 749 MB used, 867.67 GB free) APFS Mount point: /System/Volumes/Preboot disk1s5 - VM [APFS VM] 1.00 TB (Shared - 20 KB used, 867.67 GB free) APFS Mount point: /System/Volumes/VM disk1s6 - Update 1.00 TB (Shared - 4 MB used, 867.67 GB free) APFS Mount point: /System/Volumes/Update Network: Interface en6: USB 10/100 LAN Interface en0: Wi-Fi 802.11 a/b/g/n/ac Proxies: HTTPS Interface bridge0: Thunderbolt Bridge Remote login: Enabled System Software: macOS Monterey 12.5 (21G72) Time since boot: About an hour Configuration Files: /etc/hosts - Count: 6 Configuration Profiles: com.apple.notificationsettings - NotificationSettings com.microsoft.autoupdate2 - HowToCheck com.microsoft.autoupdate2 - EnableCheckForUpdatesButton com.microsoft.autoupdate2 - SendAllTelemetryEnabled com.microsoft.autoupdate2 - DisableInsiderCheckbox com.microsoft.autoupdate2 - ChannelName com.apple.system-extension-policy - PayloadEnabled com.apple.system-extension-policy - PayloadDisplayName com.apple.system-extension-policy - PayloadScope com.apple.system-extension-policy - PayloadType com.apple.system-extension-policy - PayloadRemovalDisallowed com.apple.system-extension-policy - PayloadIdentifier com.apple.system-extension-policy - PayloadContent com.apple.system-extension-policy - PayloadDescription com.apple.system-extension-policy - PayloadOrganization com.apple.system-extension-policy - PayloadVersion com.apple.system-extension-policy - PayloadUUID com.microsoft.wdav - antivirusEngine com.microsoft.wdav.atp - PayloadEnabled com.microsoft.wdav.atp - PayloadDisplayName com.microsoft.wdav.atp - PayloadScope com.microsoft.wdav.atp - PayloadType com.microsoft.wdav.atp - PayloadRemovalDisallowed com.microsoft.wdav.atp - PayloadIdentifier com.microsoft.wdav.atp - PayloadContent com.microsoft.wdav.atp - PayloadDescription com.microsoft.wdav.atp - PayloadOrganization com.microsoft.wdav.atp - PayloadVersion com.microsoft.wdav.atp - PayloadUUID com.apple.webcontent-filter - PayloadEnabled com.apple.webcontent-filter - PayloadDisplayName com.apple.webcontent-filter - PayloadScope com.apple.webcontent-filter - PayloadType com.apple.webcontent-filter - PayloadRemovalDisallowed com.apple.webcontent-filter - PayloadIdentifier com.apple.webcontent-filter - PayloadContent com.apple.webcontent-filter - PayloadDescription com.apple.webcontent-filter - PayloadOrganization com.apple.webcontent-filter - PayloadVersion com.apple.webcontent-filter - PayloadUUID Notifications: Slack.app 100 notifications Security: Gatekeeper: App Store and identified developers System Integrity Protection: Enabled Antivirus software: Apple Remote login: Enabled Unsigned Files: Launchd: /Library/LaunchDaemons/com.microsoft.fresno.uninstall.plist Executable: /Library/Application Support/Microsoft/Defender/uninstall/uninstall --post-uninstall-hook Launchd: /Library/LaunchDaemons/com.microsoft.dlp.install_monitor.plist Executable: /Library/Application Support/Microsoft/DLP/scripts/install_monitor Apps: 1 Old Applications: 8 x86-only apps System Extensions: [Running] Agent - version 6.42 (CrowdStrike Inc. - 2022-07-21) Application: /Applications/Falcon.app - version 6.42 (CrowdStrike Inc. - 2022-07-21) Description: CrowdStrike Falcon sensor requires the use of a SystemExtension [Running] Microsoft Defender Endpoint Security Extension - version 101.73.77 (Microsoft Corporation - 2022-07-01) Application: /Applications/Microsoft Defender.app - version 101.73.77 (Microsoft Corporation - 2022-07-27) Description: MdAtp Endpoint Security extension [Not Loaded] PulseSecureFirewallSysExt - version 4.0 (Pulse Secure LLC - 2021-07-28) Application: /Applications/Pulse Secure.app - version 9.1.12 (Pulse Secure LLC - 2022-07-27) [Running] Microsoft Defender Network Extension - version 101.73.77 (Microsoft Corporation - 2022-07-01) Application: /Applications/Microsoft Defender.app - version 101.73.77 (Microsoft Corporation - 2022-07-27) Description: MdAtp Network Filter extension Kernel Extensions: /Applications/Falcon.app [Not Loaded] Agent.kext - com.crowdstrike.sensor (6.42 - SDK 10.17) /Applications/Microsoft Defender.app [Not Loaded] wdavkext.kext - com.microsoft.wdavkext (101.73.77) System Launch Daemons: [Not Loaded] 36 Apple tasks [Loaded] 193 Apple tasks [Running] 151 Apple tasks [Other] One Apple task System Launch Agents: [Not Loaded] 16 Apple tasks [Loaded] 206 Apple tasks [Running] 134 Apple tasks Launch Daemons: [Running] com.belarc.belmonitord.plist (Belarc, Inc. - installed 2021-11-05) [Loaded] com.google.keystone.daemon.plist (Google LLC - installed 2022-04-14) [Running] com.jamf.management.daemon.plist (JAMF Software - installed 2022-06-24) [Loaded] com.jamfsoftware.task.1.plist (JAMF Software - installed 2022-06-27) [Running] com.microsoft.OneDriveStandaloneUpdaterDaemon.plist (Microsoft Corporation - installed 2021-11-05) [Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (Microsoft Corporation - installed 2021-11-05) [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2022-07-14) [Loaded] com.microsoft.dlp.install_monitor.plist (Not signed - installed 2022-07-22) [Running] com.microsoft.fresno.plist (Microsoft Corporation - installed 2022-07-22) [Loaded] com.microsoft.fresno.uninstall.plist (Not signed - installed 2022-07-22) [Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2022-05-30) [Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (Microsoft Corporation - installed 2022-05-26) [Running] net.pulsesecure.AccessService.plist (Pulse Secure LLC - installed 2022-03-08) [Loaded] net.pulsesecure.PulseOpswatServiceAgentbased.plist (Pulse Secure LLC - installed 2022-03-08) [Loaded] net.pulsesecure.PulseOpswatServiceAgentbased_x86_64.plist (Pulse Secure LLC - installed 2022-03-08) [Loaded] net.pulsesecure.UninstallPulse.plist (Pulse Secure LLC - installed 2022-03-08) [Loaded] us.zoom.ZoomDaemon.plist (Zoom Video Communications, Inc. - installed 2022-07-12) Launch Agents: [Loaded] com.belarc.belnotifylogin.plist (Belarc, Inc. - installed 2021-11-05) [Running] com.crowdstrike.falcon.UserAgent.plist (CrowdStrike Inc. - installed 2022-06-29) [Loaded] com.google.keystone.agent.plist (Google LLC - installed 2022-04-14) [Loaded] com.google.keystone.xpcservice.plist (Google LLC - installed 2022-04-14) [Loaded] com.jamf.management.agent.plist (JAMF Software - installed 2022-06-27) [Loaded] com.microsoft.OneDriveStandaloneUpdater.plist (Microsoft Corporation - installed 2021-11-05) [Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2022-07-14) [Running] com.microsoft.wdav.tray.plist (Microsoft Corporation - installed 2022-07-22) [Running] net.pulsesecure.pulsetray.plist (Pulse Secure LLC - installed 2022-03-08) User Launch Agents: [Loaded] net.pulsesecure.SetupClient.plist (Pulse Secure LLC - installed 2022-02-15) User Login Items: [Not Loaded] Launcher Disabler (Microsoft Corporation - installed 2021-11-05) Modern Login Item /Applications/OneDrive.app/Contents/Library/LoginItems/Launcher Disabler.app [Not Loaded] OneDrive Launcher (Microsoft Corporation - installed 2021-11-05) Modern Login Item /Applications/OneDrive.app/Contents/Library/LoginItems/OneDrive Launcher.app [Running] 5A4RE8SF68.com.tencent.xinWeChat.IPCHelper (App Store - installed 2022-07-26) Modern Login Item /Applications/WeChat.app/Contents/Library/LoginItems/5A4RE8SF68.com.tencent.xinWeChat.IPCHelper.app Audio Plug-ins: ZoomAudioDevice: 1.0 (Zoom Video Communications, Inc. - installed 2021-11-05) Backup: Time Machine Not Configured! One other local snapshot Performance: System Load: 1.55 (1 min ago) 1.57 (5 min ago) 1.71 (15 min ago) Nominal I/O usage: 0.47 MB/s File system: 35.96 seconds Write speed: 2957 MB/s Read speed: 3035 MB/s CPU Usage Snapshot: Type Overall System: 1 % User: 2 % Idle: 97 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) EtreCheckPro 17.76 % (Etresoft, Inc.) WindowServer 11.80 % (Apple) CoreSpotlightService 3.20 % (Apple) com.crowdstrike.falcon.Agent 2.48 % (CrowdStrike Inc.) kernel_task 1.98 % (Apple) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) Google Chrome Helper (Renderer) (50) 6.51 GB (Google LLC) com.crowdstrike.falcon.Agent 921 MB (CrowdStrike Inc.) EtreCheckPro 828 MB (Etresoft, Inc.) Slack Helper (Renderer) 493 MB (Slack Technologies, Inc.) Google Chrome 409 MB (Google LLC) Top Processes Snapshot by Network Use: Process (count) Input / Output (Source - Location) corespeechd 2 KB / 9 MB (Apple) com.crowdstrike.falcon.Agent 329 KB / 2 MB (CrowdStrike Inc.) ssh 2 MB / 38 KB (Apple) mDNSResponder 567 KB / 426 KB (Apple) remoted 36 KB / 45 KB (Apple) Top Processes Snapshot by Energy Use: Process (count) Energy (0-100) (Source - Location) WindowServer 5 (Apple) com.crowdstrike.falcon.Agent 0 (CrowdStrike Inc.) epsext 0 (Microsoft Corporation) Slack Helper (Renderer) 0 (Slack Technologies, Inc.) PerfPowerServices 0 (Apple) Virtual Memory Information: Physical RAM: 32 GB Free RAM: 6.43 GB Used RAM: 14.92 GB Cached files: 10.65 GB Available RAM: 17.08 GB Swap Used: 0 B Software Installs (past 60 days): Install Date Name (Version) 2022-05-30 Microsoft Office Licensing Helper (0) 2022-06-22 Keynote (12.1) 2022-06-22 Pages (12.1) 2022-06-22 Numbers (12.1) 2022-07-01 XProtectPlistConfigData (2161) 2022-07-12 Zoom (5.11.1.8356) 2022-07-14 Microsoft AutoUpdate (4.49.22070801) 2022-07-18 Microsoft Excel (16.63.22071301) 2022-07-18 Microsoft OneNote (16.63.22071301) 2022-07-18 Microsoft Outlook (16.63.22070801) 2022-07-18 Microsoft PowerPoint (16.63.22071401) 2022-07-18 Microsoft Word (16.63.22071301) 2022-07-19 DaVinci Resolve Panels Installer v2.0.1 2022-07-19 DaVinci Keyboards Installer v2.0.1 2022-07-19 Fairlight Panels Installer v2.0.1 2022-07-19 BlackmagicRaw_common 2022-07-21 CrowdStrike Falcon Sensor (6.42.15503.0) 2022-07-22 XProtectPayloads (67) 2022-07-22 Microsoft Defender (101.73.77) 2022-07-25 macOS 12.5 (12.5) 2022-07-26 微信 (3.5.0) 2022-07-26 DaVinci Resolve (18.0.0) Diagnostics Information (past 7-30 days): 2022-07-27 17:06:07 WindowServer Crash (22 times) Executable: /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer 2022-07-27 16:54:36 talagent Crash Executable: /System/Library/CoreServices/talagent 2022-07-27 16:29:30 ControlCenter Crash (2 times) Executable: /System/Library/CoreServices/ControlCenter.app 2022-07-27 11:41:30 sharingd High CPU Use Executable: /usr/libexec/sharingd 2022-07-27 10:07:08 chrome_crashpad_handler Crash Executable: /Applications/Slack.app 2022-07-26 08:44:20 /Library/Logs/DiagnosticReports/ProxiedDevice-Bridge/Retired/ResetCounter-2022-07-26-084420.ips Crash 2022-07-25 13:22:25 Finder Crash Executable: /System/Library/CoreServices/Finder.app 2022-07-25 07:38:24 loginwindow Crash Executable: /System/Library/CoreServices/loginwindow.app 2022-07-25 05:18:08 /Library/Logs/DiagnosticReports/ProxiedDevice-Bridge/Retired/ResetCounter-2022-07-25-051808.ips Crash End of report