"BadGacha" warning on my Mac mini

XProtect has been giving me 3 warnings a day saying:


BadGacha ⚠️ FailedToRemediate time 0.0001501 {"caused_by":[],"status_message":"FailedToRemediate","status_code":24,"execution_duration":0.00015008449554443359}


This just began a little over 24 hours ago. Is this a serious issue or is it some result of the the Rapid Security Response that was recently installed? I'm using a Mac Mini M1, 8GB, with the latest Ventura and the Rapid Security Response installed as well.


[Re-titled by Moderator]

Mac mini, macOS 13.3

Posted on May 4, 2023 4:38 PM

Reply
Question marked as Best reply

Posted on Apr 17, 2024 9:48 AM

I am a little disappointed to read some of the swipes being taken at Howard Oakley. Howard and Etresoft are both authors of successful and very useful MacOS utilities. I also don't understand the use of the term "social media influence" as a pejorative. I would suggest taking five minutes to look over https://eclecticlight.co/category/macs/.

32 replies

Apr 17, 2024 12:22 PM in response to Frederick Karayan

Frederick Karayan wrote:

I am a little disappointed to read some of the swipes being taken at Howard Oakley.

What swipes? I said he's a social media influencer. I'll ask again, by what criteria is he not?

Howard and Etresoft are both authors of successful and very useful MacOS utilities.

You came here asking specific questions about specific words, and now you are throwing them around with reckless abandon. What is an "author"? Someone who writes books? What books has Oakley written? There's a reason we make distinctions between "authors" and "bloggers". Other than a few academic papers, I've written no books and no blogs, so I'm neither. Years ago, I was a software engineer, but that term is regulated in Canada. I'm now downgraded to software developer. I'm fine with that. Small price to pay for free healthcare. My US satellites are still in orbit and still working, after all.


What is "successful"? Oakley doesn't charge any money for apps, so money's no metric there. But lots of people run them and they seem to believe what the apps tell them. By social media standards, that's definitely success. Lots of people run EtreCheck, but I'm not sure if they understand what it says or believe it. In the economic wasteland that is Mac apps, EtreCheck has been a success. But in material terms, it doesn't generate a livable wage.


What is "useful"? I don't know. I can tell you that it's subjective. These social media influencer apps generate confusion and misinformation here in the forums. I wouldn't call that useful. But I won't deny they are useful engines of influence. Jury's still out on EtreCheck. It's been useful for attracting stalkers and other malicious people. Great fun, they are.

I also don't understand the use of the term "social media influence" as a pejorative.

You are the only one using it as a pejorative term. I believe I've pretty well defended my use of the "social media influencer" label. He's only one of several such social media influencers in the Apple internet world. But with any social media influencer, it is a good idea to be critical. They may be able to tell you about things you didn't already know about. That can be useful. But they may also tell you things that aren't true. How can you tell the difference? This applies to anything you see on the Internet, on TV, or in print. In that broader field of information, social media influencers do far less harm than reporters or journalists. They're the best of the worst. Is that pejorative?

Apr 25, 2024 8:51 AM in response to TTWO_Always

For assistance with third-party tools reporting undocumented and internal details of macOS, please contact the third party for details and assistance.


This app is from a class of tools — I’ll including Little Snitch here, as well as Apple and third-party logs and telemetry — that can be useful for some folks, and can be a source of needless worry and concern for others.

May 5, 2023 7:43 AM in response to Artiste212

Then have a few suggestions ;


1 - Get Support Choose a product and we’ll find you the best solution.Start now and open an Apple Support Ticket as they are Apple Employees to deal will these types of issues . 


2 - Product Feedback - Apple and make it known to Apple regarding this ongoing issue 


Actually, is this is malware ir would only effect the User Account and Not the Operating System itself


In macOS 11 Big Sur, macOS 12 Monterey and macOS 13 Ventura. 


The Operating System resides in a Sealed and Read Only Volume that can not be opened by the User nor by Third Party Applications.


The only Entity that can open and modify or alter this Volume is Apple.


That would occur when a update or UpGrade is performed.


The Built in Security


Should “ Certain & Specific Software “ referenced from above be installed - it will negatively impact macOS. It is suggested, download directly from the Developer , the application Malwarebytes for Mac


It is free or paid for added features. 

Apr 8, 2024 11:02 AM in response to Artiste212

I'm getting this (April 8 2024) on a MacMini M1 running 14.4.1:


(complaining about `rsync`)


2024-04-08 00:52:23.450  BadGacha      👉 no status_message report     time 0.0000000 {"process":{"name":"rsync","pid":930},"action":"report","status":null}
2024-04-08 00:52:23.453  BadGacha      ⚠️ ThreatDetected time 0.0000930 {"status_message":"ThreatDetected","caused_by":[],"execution_duration":9.298324584960938e-05,"status_code":21}


Jan 19, 2024 2:44 PM in response to Artiste212

I have the same warning, but mine includes references to 1Password. I have informed them. I can't recall what I was doing so it may not be much help.


I suspect it's a false alarm.


2024-01-18 18:01:33.285  BadGacha      👉 no status_message report     time 0.0000000 {"process":{"name":"1Password-Crash-Handler","pid":844},"status":null,"action":"report"}


2024-01-18 18:01:33.289  BadGacha      ⚠️ ThreatDetected time 0.0000380 {"caused_by":[],"execution_duration":3.802776336669922e-05,"status_code":21,"status_message":"ThreatDetected"}

Jan 31, 2024 8:07 AM in response to Artiste212

any update on this?



See here:


2024-01-31 10:58:06.154 BadGacha 👉 no status_message report time 0.0000000 {"process":{"pid":2001,"name":"1Password-Crash-Handler"},"status":null,"action":"report"}

2024-01-31 10:58:08.464 BadGacha ⚠️ ThreatDetected time 0.0000371 {"status_message":"ThreatDetected","execution_duration":3.707408905029297e-05,"caused_by":[],"status_code":21}

Mar 6, 2024 1:43 PM in response to JiFB

I excerpted just the BadGacha ones:


2024-03-05 07:03:47.964 BadGacha NoThreatDetected status_code 20 time 0.0003000

2024-03-05 07:04:09.784 BadGacha ⚠️ ThreatDetected time 0.0000269 {"execution_duration":2.6941299438476562e-05,"status_message":"ThreatDetected","caused_by":[],"status_code":21}

2024-03-05 16:02:17.202 BadGacha ⚠️ ThreatDetected time 0.0000200 {"status_message":"ThreatDetected","execution_duration":2.002716064453125e-05,"caused_by":[],"status_code":21}

2024-03-06 06:31:25.759 BadGacha ⚠️ ThreatDetected time 0.0000310 {"execution_duration":3.0994415283203125e-05,"status_code":21,"status_message":"ThreatDetected","caused_by":[]}

2024-03-06 07:22:00.996 BadGacha NoThreatDetected status_code 20 time 0.0001031

2024-03-05 07:03:47.964 BadGacha NoThreatDetected status_code 20 time 0.0003000

2024-03-05 07:04:09.784 BadGacha ⚠️ ThreatDetected time 0.0000269 {"execution_duration":2.6941299438476562e-05,"status_message":"ThreatDetected","caused_by":[],"status_code":21}

2024-03-05 16:02:17.202 BadGacha ⚠️ ThreatDetected time 0.0000200 {"status_message":"ThreatDetected","execution_duration":2.002716064453125e-05,"caused_by":[],"status_code":21}

2024-03-06 06:31:25.759 BadGacha ⚠️ ThreatDetected time 0.0000310 {"execution_duration":3.0994415283203125e-05,"status_code":21,"status_message":"ThreatDetected","caused_by":[]}

2024-03-06 07:22:00.996 BadGacha NoThreatDetected status_code 20 time 0.0001031


Mar 6, 2024 1:46 PM in response to mauvedeity

2024-03-05 07:03:47.964 BadGacha NoThreatDetected status_code 20 time 0.0003000

2024-03-05 07:04:09.784 BadGacha ⚠️ ThreatDetected time 0.0000269 {"execution_duration":2.6941299438476562e-05,"status_message":"ThreatDetected","caused_by":[],"status_code":21}

2024-03-05 16:02:17.202 BadGacha ⚠️ ThreatDetected time 0.0000200 {"status_message":"ThreatDetected","execution_duration":2.002716064453125e-05,"caused_by":[],"status_code":21}

2024-03-06 06:31:25.759 BadGacha ⚠️ ThreatDetected time 0.0000310 {"execution_duration":3.0994415283203125e-05,"status_code":21,"status_message":"ThreatDetected","caused_by":[]}

2024-03-06 07:22:00.996 BadGacha NoThreatDetected status_code 20 time 0.0001031

2024-03-05 07:03:47.964 BadGacha NoThreatDetected status_code 20 time 0.0003000

2024-03-05 07:04:09.784 BadGacha ⚠️ ThreatDetected time 0.0000269 {"execution_duration":2.6941299438476562e-05,"status_message":"ThreatDetected","caused_by":[],"status_code":21}

2024-03-05 16:02:17.202 BadGacha ⚠️ ThreatDetected time 0.0000200 {"status_message":"ThreatDetected","execution_duration":2.002716064453125e-05,"caused_by":[],"status_code":21}

2024-03-06 06:31:25.759 BadGacha ⚠️ ThreatDetected time 0.0000310 {"execution_duration":3.0994415283203125e-05,"status_code":21,"status_message":"ThreatDetected","caused_by":[]}

2024-03-06 07:22:00.996 BadGacha NoThreatDetected status_code 20 time 0.0001031


It's interesting that it sometimes detects it and sometimes doesn't, although now I look at those entries again, they're not sorted in date/time order.

Apr 25, 2024 1:48 PM in response to etresoft

What is an "author"? Someone who writes books? What books has Oakley written? There's a reason we make distinctions between "authors" and "bloggers". Other than a few academic papers, I've written no books and no blogs, so I'm neither. Years ago, I was a software engineer, but that term is regulated in Canada. I'm now downgraded to software developer. I'm fine with that. Small price to pay for free healthcare. My US satellites are still in orbit and still working, after all.


Dr. Oakley has been writing articles in computer magazines for many years. There's much interesting information published about him here:- https://www.macobserver.com/podcasts/background-mode-howard-oakley/


Would you care to share details about .... "My US satellites are still in orbit and still working, after all."

Just so that readers know that you are not "telling us things that aren't true"?


[Edited by Moderator]

"BadGacha" warning on my Mac mini

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.