I get this pop-up and would like to find out if it is some part of the latest OS-Sonoma.
MacBook Air (M1, 2020)
Why not just answer the simple question of if this is a Somoma process or not?
Why not just answer the simple question of if this is a Somoma process or not?
Hi! Former Apple dev here. Here's a brief on `chronod`: It's a LaunchAgent, not a LaunchDaemon, which means it's a per-user agent in macOS. It's specifically designed to manage widget-related tasks and is user-session dependent. To troubleshoot, I used several `launchctl` commands in Terminal to inspect and manage the `chronod` service. For those facing similar issues, here are the steps:
1. Check if chronod is Running:
launchctl print gui/501/com.apple.chronod
Replace `501` with your user ID (can be found with `id -u`). This command checks if `chronod` is active in your user session.
2. Restart chronod if Necessary:
launchctl kickstart -kp gui/501/com.apple.chronod
3. Ensure Network Access:
Make sure `chronod` has the necessary network access, especially if you're using a firewall or network monitoring tools.
It seems `chronod` plays a crucial role in widget functionality on macOS. My issues, in particular, were related to the Tesla widget. While a restart would have likely solved any issues related to this, I wanted to dive a bit deeper to help the next guy understand more about `chronod`. Hope this helps anyone struggling with widget issues!
I'm not a high-level person here, but my research indicates chronod is related to Widgets in macOS Sonoma. I got a popup from macOS firewall asking if I wanted to allow incoming connections to chronod. I found some Reddit posts that say it has to do with Widgets (apparently in iOS and macOS).
I checked the that chronod is properly signed by Apple, so it's certainly part of the system.
If the built-in macOS Firwall is active, you can check in System Settings > Network > Firewall > Options
and see if chronod is allowed to accept incoming connections. You could turn this off, but it might cause some Widgets not to work. Doesn't seem like a lot of risk to me though.
The best procedure is to not use Norton at all. In fact Norton support has a document on how to resolve its false flagging. And yes, chronod is part of the chronocore framework of macOS Sonoma.
https://support.norton.com/sp/en/us/home/current/solutions/v20231108114911853
Best advice to be given is to stop using any anti-virus software. They are unnecessary and cause exactly the issue described here.
Do as jd2020 suggested.
Locate the file by clicking the "Details" next time the Norton alert appears.
Check and verify the file in question is signed by Apple.
If it is signed by Apple, you can permanently allow access.
If it is not, do not Allow access because it's most likely malware used to intercept browser credentials. Malicious programs often use common system program names to trick users into granting access.
Thanks for trying to clear up the confusion @MusicGenereDeleted.
The bottom line is: this is a macOS process; you can safely allow chrond connections in any firewall you're running on your Mac. You can dis-allow chrond, but it will likely break some functions related to widgets (and probably some other things).
MusicGenreDeleted wrote:
I, we, have already done everything you suggested. What would be good is if you read the entire string so you would know that. It's getting a little bothersome dealing with people entering advice that has already been followed but they don't know that because they respond to the oldest comment in the string. We're now months past that.
Your suggestion for removing the software is well taken but do you mind if the rest of us get on with trying a less radical solution? It's antivirus software, not some fidget spinning, novelty app. Taking it out of my defense strategy is not acceptable, or at least not acceptable at this time.
Using the built-in anti-malware* isn’t something I would consider radical.
Nor is contacting the vendor support for the add-on app reporting the false.
Particularly an add-on that’s been reporting this false positive for months, un-remediated.
Lately, the better sources for macOS malware have been cracked apps, and obviously-sketchy downloads. The biggest mess lately has been some persistent adware that the built-in anti-malware is blocking, but is not yet removing. (details)
As for add-on anti-malware: One of the better-known add-on anti-malware packages (Avast) was caught selling personally-identified web browsing and web purchasing data. (details) I’d be surprised if various other add-on security apps and add-on VPNs and such weren’t also collecting and reselling metadata. Here’s another false positive (details) where the built-in anti-malware prevented the add-on anti-malware from deleting part of macOS. F-Secure has had falses. (details) Here’s the Symantec (Norton) VP (2014) saying anti-malware is failing badly and getting worse. (details). Add-on anti-malware is itself a target, and more than a little has been hilariously poorly written, and Tavis and Google Project Zero has found some egregious implementations. (details)
Reading: Effective defenses against malware and ot… - Apple Community
TL;DR: This is a third-party app reporting this. For assistance or concerns with this, contact the third-party app support. Or remove the add-on anti-malware.
*XProtect, XProtect Remediator, the app store, Gatekeeper, the read-only boot system volume, etc. (details)
I’d expect false positives and connection notifications in add-on anti-malware are likely both inevitable and intentional, because this noise can effectively also serve as advertising for the product.
The bad news here is that chronod is part of macOS. Why is this bad news? Because this pop-up should never even show; the add-on security app should already recognize this daemon as part of macOS.
For assistance with third-party apps and particularly third-party add-on security apps, contact the third-party provider.
There have been previous cases with these add-on security apps where the app mis-detected and tried to delete parts of macOS itself. The built-in macOS anti-malware then detected and blocked these (erroneous) deletion attempts. The add-on security vendor eventually pushed out a fix for that false positive.
In this particular case, here is the Norton 360 work-around:
https://support.norton.com/sp/en/us/home/current/solutions/v20231108114911853
I would consider this chronod report to be a documented bug in this particular add-on security app.
I typically use the built-in anti-malware; Apple Gatekeeper, XProtect, and XProtect Remediator, absent some requirement for end-point security or similar. Why? One of the better-known add-on security apps was caught selling data, and I’d expect other add-ons might either be selling, or leaking.
cmwinnc wrote:
"I typically use the built-in anti-malware; Apple Gatekeeper, XProtect, and XProtect Remediator"
Exactly how do you "use" those three programs/features? How do I adjust settings.
Gatekeeper, XProtect, and XProtect Remediator are built in, automatic, and available by default.
From the Apple Platform Security Guide:
… Protecting against malware in macOS - Apple Support
The Guide:
… https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf
Don't "Allow" a program/daemon access unless you know with certitude exactly what it is. Err on the side of caution because you can always "Allow" permissions to a legitimate program after the fact which is much easier and less painful than canceling your credit card for fraud or filing a police report for identify theft.
Bad actors often create malicious programs that use legitimate and common program names to trick users into granting access. What's more difficult to fake are security signatures for legit publishers so programs such as Norton check and block programs that aren't signed. For instance "chronod" is often used by bad actors aka hackers to intercept browser data, e.g. credentials, while connected to a public wifi or hotel network that's outside of your corporate or home networks.
JM2C
Safe Computing
wwwXpert wrote:
Do as jd2020 suggested.
Locate the file by clicking the "Details" next time the Norton alert appears.
Check and verify the file in question is signed by Apple.
If it is signed by Apple, you can permanently allow access.
If it is not, do not Allow access because it's most likely malware used to intercept browser credentials. Malicious programs often use common system program names to trick users into granting access.
Easier and more probably reliable to remove Norton, and use the built-in anti-malware.
removal of Norton means this unnecessary and distracting noise goes away, certainly.
Norton has been unnecessarily flagging this Apple app for months, based on postings.
I want to endorse what @MrHoffman and @Ikrupp suggest: don't use 3rd party anti-virus on macOS.
Today's modern macOS and even Windows include powerful built-in anti-malware capabilities. Unless you are a high-profile target for bad-actors like government security services, or you frequent very sketchy websites, you don't need any 3rd party applications. If you must have one, Malwarebytes is probably the best option, and it's designed for most people (not tech experts).
Trying to make sense of what is happening on a modern computer, iPhone, or your network takes expertise and knowledge that most people simply don't have. In this case, Norton is showing you info that you have no way to understand and make an informed decision about--that's why many people ended up here. I suspect this is part of their marketing strategy. The best advice is "get rid of 3rd party AV, and just let macOS do it's thing."
And yes chrond is part of macOS; it can't be removed or stopped. If you block it, you are breaking macOS. It is possible for malware to pretend to be chrond, but this is VERY unlikely. But you can check the program's signature and verify it is signed by Apple.
That’s a longstanding bug in the add-on anti-malware you’re using, Norton.
That connection is an utterly benign part of macOS—widgets, specifically.
That add-on anti-malware haw been mis-flagging that for months, as has been acknowledged on the Norton website.
Remove Norton, use the built-in anti-malware, and that message will go away.
If you have concerns or issues with that add-on anti-malware, contact Norton support.
Add-on anti-malware tends to be noisy about non-issues, unfortunately.
Add-on anti-malware can also introduce security vulnerabilities as the designs of some has historically been hilariously bad, and too much of the add-on anti-malware has introduced privacy breaches. One of the better-known macOS anti-malware add-ons recently got what I’d consider a token 16 million dollar fine for reselling personally-identified browsing and web purchasing data, for instance. That other add-on “security” apps might also be selling that or other data would not surprise.
Blocking network connections can cause problems too, depending on what gets blocked.
I never said that. I’m not sure how you got that from my response.
People worried about chronod would do well to not worry about it.
Glad my answer was helpful to so many others.
> How do we make it stop?
Uninstall Norton. If that does not, help, do a clean install without Norton.
What is chronod, is it a part of Sonoma?
