Constant high CPU after Security Update today

Updates are tested before release. If you are having problems after applying one, chances are very high that they are due to an unnoticed preexisting problem on your system like file corruption. This is why the advice to reinstall the OS is given so often in this situation.

If you have removed the files that launch any part of the anti-malware features of the update, you are not protected.

Understand about the protection, but my system was close to unusable without preventing MRT from starting... I'll keep looking for an updated patch from Apple to address this and take my chances...

Thanks Alex for the suggestion... worked as advertised...

Apple won't issue a patch for a problem caused by file corruption in your system. If that is the source of your problems, it will only get worse & the next update will most likely cause you still more problems.

Hello all:

Just for information, I installed the subject software update this morning (using software update). No change in CPU utilization.

I am not suggesting that others have not had problems, but when a thread like this is started, I believe perspective is important.

Barry

Not sure about system corruption and the need for a complete re-install...

Note that Linc was not recommending a complete reinstall as most people understand it. The Snow Leopard installer will allow you to install directly on top of an existing system, replacing files with new copies. Install, update everything again and you'll be right back where you are fairly quickly, but with fresh copies of all system files. Of course, it should go without saying that you should have good backups before trying this, in case something goes wrong... but many people don't do that so it does need to be said.

This sort of problem occurs for some people with each and every update, and invariably there will be the same old tired and ridiculous statements about how Apple should test the updates, blah, blah, blah. It's important to understand that it is actually very rare that serious bugs make it into an update. Most reported problems like this are caused by underlying issues on a system that become big issues when large numbers of files are modified by an update. It's just like a house that may have undetected structural defects that are not discovered until a second floor addition is added, causing the house to collapse... it wasn't the addition, per se, that caused the collapse.

Hi everyone,

I'm kind of new to mac, so I'd like to know what leads you to conclude to a file system corruption? The error message seems more related to a permission issue. I don't like the fact that the daemon does not stop on error and continues polling the system (leaving it unusable), even so the return code is clearly indicating an error. This is bad testing in my sense, and it was not specifically a rant against Apple, more of a mood message.

I'm am not left unprotected, since I know of the threat I am avoiding. I also have an antivirus, for what that counts these days...

Once again, from a security perspective, I don't like the Apple approach of silently installing a daemon to protect against a specific attack, and I don't think this security model can old for long.

I will follow your advice and install over my system. Hope this does not happen too often, it has only been 6 months since I have my Mac.

Cheers

There is something strange about this update. The installer package includes a new Core Services application called "MRTAgent.app," which from the contents seems to be the malware-removal tool (MRT). It also includes a LaunchDaemon and a LaunchAgent to run the MRT. I ran the updater, and it didn't install those components. No errors were logged, and I could find nothing in the scripts to indicate why the components weren't installed. Tried it again, same result. Now I don't really care about the MRT, but I don't know why it didn't install on my system (which admittedly is somewhat modified) and I can't say there isn't a bug in the package.

I think it's normal.

The cpu usage on this macbook sometimes is ~3%, soon after skyrocks to near ~200% and the thing is eating more than 500MB of ram.

On the iMac by my side, I can't even find the process, maybe it is something like 'one time scan'.

And since I can't find the edit button, the process is gone for me now and I don't even have the com.apple.mrt.plist file in my launch daemons folder.

dahtah wrote:

I'm kind of new to mac, so I'd like to know what leads you to conclude to a file system corruption?

There have been reports of problems after every single OS update Apple has ever released for OS X, including whatever ones you have had no problems with. For those that do notice problems immediately after applying an update, it is understandably tempting to conclude from that alone that the update itself must be the cause of the problems, that the update was not adequately tested, & so on. However, that is based on a shaky premise known as the post hoc fallacy, or "after this; therefore because of this."

So when there are relatively few reports it is reasonable to assume that the cause of the problems is probably not the update itself, but may actually be something else. Historically, the most common cause in this situation is a problem in the files already installed on the Mac. For example, there are many thousands of files in the OS, & some are used rarely, for example when the OS is changed during an update. If one of these files is corrupted, then a perfectly good update may be installed incorrectly. Or it may be that the file system is corrupted, causing the downloaded update file to be damaged as it is saved to the hard drive.

Reinstalling Snow Leopard usually fixes these problems, in part because it installs fresh copies of all the system level files, & in part because it runs a check of the file system on the startup drive before doing so. If nothing else, it provides a known good starting point for troubleshooting what other issues may be involved.

I don't like the fact that the daemon does not stop on error and continues polling the system (leaving it unusable) ...

The daemon's job is to restart stalled processes. Ideally, the process itself should deal with errors it creates. But regardless, if something in the OS is damaged, one can't assume bad design is the cause of the behavior.

Once again, from a security perspective, I don't like the Apple approach of silently installing a daemon to protect against a specific attack, and I don't think this security model can old for long.

The anti-malware in Snow Leopard isn't just a daemon but a number of interrelated processes. And it isn't just for a specific attack, it provides a mechanism for updates to protect against emerging threats that is very similar to the one used in commercial anti-malware products. (See http://support.apple.com/kb/HT4657 & http://support.apple.com/kb/HT3662 among others for the details.)

Same thing here. Didn't notice until this morning when I started to investigate why my machine never went to sleep last night. Found MRT taking 100% and console log full of the errors as reported above. Looked at my other 2 addtional machines that had the same update installed and didn't have the process or the PLIST files either. Futher investigation I looked at the install logs and they looked the same when compared. So not sure why 1 machine had the problem and the other 2 didn't but I removed the PLIST files rebooted problem solved for me. Now if my other 2 machines both had the processes and PLIST files I would be more hestitant to have removed them, but since they both didn't all I can assume is at this point it was a one time/first time scan operation that from some reason is hanging. I even downloaded the patch installed it again. On the problem machine PLIST files recreated and process 100% CPU again, non problem machine no PLIST files or processes.

Would be nice if there was some logging that could be looked at for MRT. Might be able to figure out exactly what it's doing.

Just wondering because I don't know or really understand much of this. Can I not assume then if software update says the newest update was installed successfully (and it shows up as having been installed in software update in system preferences) that it was installed successfully? Or am I supposed to be checking if all these other files etc are there? Until I read this thread I didn't really think about it. Don't check cpus and things like that. When things eem to be working fine I like to just trust my mac.

thanks,

laverne's mom

If Software Update says an update has been installed successfully then you can assume that is true. Only if you have problems after an update do you need to look for the cause.

For this last security update, if you want additional confirmation that it has been installed, you can go to System Preferences > Security & look for the "Automatically update safe downloads list" item. If it is there, then the update has been installed. (It should be checked by default so you don't need to do anything unless for some reason you don't want it to do a daily check for new malware definitions, which is not recommended.)

Thank you. Yes, it is there and absolutely checked.

laverne's mom

🙂

NASA MODIS Reprojection Tool Capabilities Platforms

MRT is highly portable software available for four platforms, and has been tested on the following systems.

Windows NT+ 32-bit Linux 32-bit Linux 64-bit Macintosh OS X 32-bit

https://lpdaac.usgs.gov/lpdaac/content/download/4831/22895/file/mrt41_usermanual _032811.pdf

Likely nothing to do with anything, cause for speculation. Perhaps someone accidentially installed this and it's causing a conflict?

No? Then nevermind. 😀

I have no MRT process, could the people who have Apple's MRT only be for 32 bit systems?

Supposedly 64 bit systems have a little more protection than 32 bit.