What is the Process "-I" with LaunchD as the parent process?

I’m glad you like it!

However, I have to follow up on my earlier reply. I was unable to reproduce this bug. I thought it could have been caused by launching a process incorrectly. But when I attempted that on purpose, the system seemed to handle it with no problem. I inspected the MalwareBytes installer and I think I have found the cause of the problem - and may not be MalwareBytes.

You seem to have had at least two other antivirus apps installed: ESET and BitDefender. EtreCheck is supposed to emit a major issue when it detects more than a single antivirus app installed. EtreCheck entirely missed the ESET kernel extension. That extension is not in EtreCheck list of AV files. I will add it for the next update. But EtreCheck also doesn’t consider App Store antivirus apps to be “real” security apps and does not include them in its list of AV files. My theory was that since the App Store is so restrictive, such apps couldn’t possibly be effective. Many App Store antivirus apps are just scams anyway. BitDefender is a legitimate product. Although it certainly can’t provide true antivirus protection from the Mac App Store, it does seem to have enough privileges to interfere with your other apps.

I think that is what happened in this case. BitDefender may have interfered with a MalwareBytes installation or update. That “A8FC6184-C8B2-4BF8-823C-69FD85CB8D6B.pkg” parameter is supposed to be the path to the MalwareBytes installer package. Why that is, I don’t know. The MalwareBytes installer doesn’t create its files with the “-i Malwarebytes-Mac-3.6.21.2055.pkg” arguments initially. Those are added in its postinstall phase. Apparently it was being fed a file with a random, unique ID instead of the expected installer package. That file may have been quarantined by BitDefender or otherwise moved or deleted. That is likely what caused MalwareBytes to go off into the deep end.

I’m not sure what caused this problem. It could have been interference from another app like BitDefender. It could have also been caused by an error in MalwareBytes itself. MalwareBytes may have quarantined its own update. I am unable to determine which was the ultimate cause. Both MalwareBytes and BitDefender seem to have been updated on December 7th. You installed the BitDefender update after a couple of days of nagging by the App Store app. I don’t know about MalwareBytes’ update schedule.

I still need to update EtreCheck to handle a missing or invalid process name. I just won’t be able to test that.

I may also need to add App Store antivirus apps to EtreCheck’s AV list to warn about multiple antivirus apps installed. Even if I’m not 100% sure of interference, your experience gives me a good excuse to do that. People generally don’t like it when EtreCheck emits that warning, but I think I’m on solid ground with that advice. My hope is that they will ask about it here on Apple Support Communities and people can identify legitimate apps like MalwareBytes or BitDefender and warn them about the scams or the identity thieves. Due to liability issues, I have to be careful to avoid naming names like that. They may be scams and criminals, but they have better lawyers than I do.

I can’t make a recommendation regarding MalwareBytes or BitDefender. MalwareBytes has generally been proven to be very effective and relatively trouble-free. As expected, it started to cause more problems when they added the privileged helpers and then the kernel extension. But even then it is sill relatively trouble-free.

BitDefender would be very limited when distributed via the Mac App Store. The only thing it could do is quarantine downloaded files. And there could be race conditions where Safari or other apps could go ahead and launch the installer anyway. This could be what happened in your case. So while I can’t prove that MalwareBytes caused this problem itself, it is clear that MalwareBytes is doing something funky with that installer file. It it hadn’t been for that problem, it should have installed and run without incident. But then, actual malware could have done that too. That’s why I can’t recommend antivirus distributed via the Mac App Store.

Sorry for the long-winded explanation. That’s the problem with security apps. They get complicated real fast. But I think your experience will help improve EtreCheck and help people who have been swayed by the fear mongers into installing every security app under the sun.

In the tiny gear icon next to the i icon, does Sample Process give any more clues?

Sounds like something is failing & retrying, maybe this would help?

EtreCheck is a simple little app to display the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to help people help you with your Mac.

http://www.etresoft.com/etrecheck

Can you list the Launch Daemons, Startupitems & such?

Thanks for the reply. I'm a huge fan of EtreCheck and have a Pro account, but it found nothing.

Well that’s not good.

Can you run the following Terminal command for me and post the results?

ps uww -p 60

Because this is such a low-numbered process, running as root, it has got to be an Apple process. It also doesn’t have a tab for “Open files and ports”. That suggests it is running under System Integrity Protection.

I would also really appreciate it if you could run this command too:

top -l 2 -pid 60 -stats 'pid,cpu,rsize,power,command'

I would like to know why it isn’t showing up in EtreCheck and fix that.

Thanks for the follow-up! I will have to double-check how EtreCheck handles these processes. That “-i” which Activity Monitor is considering the executable is probably also confusing EtreCheck and causing it to be omitted from the list. I will try to fix this in the next update.