Previous 1 2 Next 22 Replies Latest reply: Jul 2, 2013 12:27 AM by Rhys.Perrin
Rhys.Perrin Level 1 (0 points)

I'm running Mountain Lion on a mid-2012 MBP. I'm finding that Disk Utility will open and work fine for a period just after a reboot, but then it will stop responding for no apparent reason. It happens consistently every time. Has anybody heard of this? Please help! Many thanks.

MacBook Pro (15-inch, Mid 2012), OS X Mountain Lion (10.8.3)
  • mmollo22 Level 1 (115 points)

    Run disk Utility from the R partition on launch.


    Repair Disk and Repair Permission.


  • jayv. Level 4 (1,285 points)

    Hi Rhys.Perrin,


    When you say 'work fine for a period' does that mean you have Disk Utility open and are using it for various tasks? Or do you open it once in a while to see how long it takes for it to stop responding?

  • Rhys.Perrin Level 1 (0 points)

    Hi mmollo22.


    This certainly helped me, thank you, but I get this impression this merely sidesteps the issue and is not actually a fix.. I'm about to respond to jayv (below) with a more thorough description of what's been happening. Perhaps you could cast your eye over this and let me know any thoughts you may have as to why it's happening as I doubt I'll be able to go into the R-partition every time.


    Many thanks in advance!

  • Rhys.Perrin Level 1 (0 points)

    Hi jayv.


    Essentially, if I access the Disk Utility after the MBP has been running for some time, the Disk Utility will stop responding (ie the "neverending pinwheel of death") during the process of trying to gather the HDD information. If, however, I reboot the MBP and immediately open Disk Utility, Disk Utility will find all HDD information without any fuss and I can do whatever I need to do... to a point. I found last night, for example, that I could verify the disk permissions, but I only got half-way through the repair process before it stopped responding again. Better luck the second time around and I actually succeeded in repairing the permissions, but it stopped responding again part-way through a secure erase (I actually succeeded in executing the secure erase thanks to mmollo22's suggestion above). Each time it stops it appears to be for no apparent reason, and given I work a lot with DVD format via Disk Utility, I'm concerned mmollo2's suggestion is not really a fix, but just a sidestep to do some maintenance. Perhaps there's a fix you're aware of, jayv or mmollo22 (or anyone else!!)? Any help greatly appreciated!



  • Linc Davis Level 10 (192,201 points)

    The next time you have the problem, note the exact time: hour, minute, second.


    If you have more than one user account, these instructions must be carried out as an administrator.


    Launch the Console application in any of the following ways:


    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)


    ☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.


    ☞ Open LaunchPad. Click Utilities, then Console in the icon grid.


    Make sure the title of the Console window is All Messages. If it isn't, select All Messages from the SYSTEM LOG QUERIES menu on the left. If you don't see that menu, select

    View Show Log List

    from the menu bar.

    Scroll back in the log to the time you noted above. Select any messages timestamped from then until the end of the episode, or until they start to repeat. Copy them to the Clipboard (command-C). Paste into a reply to this message (command-V).


    When posting a log extract, be selective. In most cases, a few dozen lines are more than enough.

    Please do not indiscriminately dump thousands of lines from the log into this discussion.


    Important: Some private information, such as your name, may appear in the log. Anonymize before posting.

  • Rhys.Perrin Level 1 (0 points)

    Hi Linc.


    Please find log information pertaining to the most recent instance below.  Not many lines, I'm afraid, but perhaps it means something to you?  Very keen to hear your thoughts!  Many thanks in advance for your assistance.




    30/06/13 12:47:59.000 AM kernel[0]: TMCCFS 2229 MSG execveHook skip scan the file(/usr/lib/dyld)

    30/06/13 12:47:59.000 AM kernel[0]: TMCCFS 2230 MSG execveHook skip scan the file(/usr/lib/dyld)

    30/06/13 12:48:00.000 AM kernel[0]: TMCCFS 2231 MSG fileOpScopeListener exec file:/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Me tadata.framework/Versions/A/Support/mdworker:1

    30/06/13 12:48:00.000 AM kernel[0]: TMCCFS 656 MSG handlePutExceptionPids in with 10 apps & 11 pids

  • Linc Davis Level 10 (192,201 points)

    Uninstall the Trend Micro product by following the instructions on whichever of the pages linked below is applicable:

    Removing Trend Micro Titanium Internet Security

    Uninstalling Trend Micro Smart Surfing

    Reboot. Back up all data before making any changes.

  • Rhys.Perrin Level 1 (0 points)

    Hi Linc.


    I haven't done what you suggest yet, but I will.  Before I do, however, I just wanted to ask a question... Are you suggesting Trend Micro (in my case Trend Micro Titanium Internet Security) is the culprit, or are you thinking that its presence is simply preventing a proper diagnosis of the problem? I'm intrigued!



  • Linc Davis Level 10 (192,201 points)

    Are you suggesting Trend Micro (in my case Trend Micro Titanium Internet Security) is the culprit


    I'm suggest two things: that it might be the culprit, and that even if it isn't, you're still a lot better off without it, since it's completely useless for any purpose other than slowing down and destabilizing your computer. It does nothing to protect you from any real security threat. As long as it's installed, your system is unmaintainable. If you're determined to keep it despite all that, you can easily reinstall it.

  • Rhys.Perrin Level 1 (0 points)

    Hi Linc.


    I've removed Trend Micro Titanium Internet Security now, but alas, this has not rectified the issue. Please see the log below (there may be a line or two in the below that doesn't relate, but I couldn't be sure so I selected all the lines for roughly the time in question [4:16:00 - 4:16:40).


    30/06/13 4:16:00.739 PM AddressBookManager[918]: Validate metadata timed out, cancelling

    30/06/13 4:16:01.216 PM mdwrite[922]: [ERROR] [0.000s] UBItemStatusNotification.c:805 _do_UBItemStatusNotificationRegisterURLs() can't find realpath for "/Users/rhys1/Library/Mobile Documents/com~apple~system~spotlight/mdlabels", was blocked at "/Users/rhys1/Library/Mobile Documents": 2 (No such file or directory)

    30/06/13 4:16:01.216 PM mdwrite[922]: [ERROR] [0.001s] UBItemStatusNotification.c:805 _do_UBItemStatusNotificationRegisterURLs() can't find realpath for "/Users/rhys1/Library/Mobile Documents/com~apple~system~spotlight/mdlabels", was blocked at "/Users/rhys1/Library/Mobile Documents": 2 (No such file or directory)

    30/06/13 4:16:35.000 PM kernel[0]: Sandbox: sandboxd(932) deny mach-lookup

    30/06/13 4:16:37.899 PM sandboxd[932]: ([931]) mdworker(931) deny file-write-owner /Users/rhys1/Library/Containers/ edata-wal (import fstype:hfs fsflag:480D000 flags:240000005F diag:0 plugin:/Library/Spotlight/Notes.mdimporter - find suspect file using: sudo mdutil -t 33796554)

    30/06/13 4:16:38.561 PM sandboxd[932]: ([931]) mdworker(931) deny file-write-owner /Users/rhys1/Library/Containers/ edata-shm (import fstype:hfs fsflag:480D000 flags:240000005F diag:0 plugin:/Library/Spotlight/Notes.mdimporter - find suspect file using: sudo mdutil -t 33796554)


    Any thoughts greatly appreciated.


    Perhaps you also have some thoughts on appropriate anti-virus measures too?  I suspect your advice may be to be vigilant rather than become complacent by relying on third party apps, which I also suspect to be largely useless?



  • thomas_r. Level 7 (30,700 points)

    Perhaps you also have some thoughts on appropriate anti-virus measures too?


    Mac Malware Guide

  • Linc Davis Level 10 (192,201 points)

    Please read this whole message before doing anything.

    This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

    The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, or by a peripheral device.


    Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a software RAID, you can’t do this. Ask for further instructions.
    Safe mode is much slower to boot and run than normal, and some things won’t work at all, including sound output andWi-Fi on certain iMacs. The next normal boot may also be somewhat slow.

    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.


    Test while in safe mode. Same problem?


    After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

  • Linc Davis Level 10 (192,201 points)

    1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
    If you find this comment too long or too technical, read only sections 5, 6, and 10.
    OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.

    2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
    The following caveats apply to XProtect:
    • It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
    • It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
    3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
    Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
    • It can easily be disabled or overridden by the user.
    • A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
    • An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
    For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
    4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
    5. XProtect, Gatekeeper, and MRT reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
    That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
    • Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
    • A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
    • Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
    • Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
    • Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are in this category, though not all are necessarily harmful.
    • Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
    • Even signed applications, no matter what the source, should not be trusted if they do something unexpected, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
    6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
    Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
    Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable itnot JavaScript — in your browsers.
    Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.

    Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.

    7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use the free software  ClamXav— nothing else.
    Why shouldn't you use commercial "anti-virus" products?
    • Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
    • In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
    • By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
    8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
    ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
    A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
    ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
    9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
    10. As a Mac user you don't have to live in fear that your computer is going to catch some terrible disease every time you install an application, read email, or visit a web page. But neither should you have a false sense of safety. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then also feel free to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.

  • Rhys.Perrin Level 1 (0 points)

    Hi Linc.


    I carried out the safe boot procedure as you suggested and appeared to have no issues in the 45-odd minutes I was in this mode.  I also carried out a process of resetting PRAM.  I then rebooted into normal mode.  For the bulk of the past 24-hours there has been no issue... Until now.  I have just tried to launch Disk Utilities again, and the issue has returned.  This time, the Console log reads as follows:


    1/07/13 10:38:05.172 PM WindowServer[154]: CGXDisableUpdate: UI updates were forcibly disabled by application "Disk Utility" for over 1.00 seconds. Server has re-enabled them.

    1/07/13 10:38:05.313 PM WindowServer[154]: reenable_update_for_connection: UI updates were finally reenabled by application "Disk Utility" after 1.14 seconds (server forcibly re-enabled them after 1.00 seconds)


    Given the reference to Windows Server in the above, I should also highlight out a couple of other points at this stage:

    1. The Windows Server has been on the network since before the MBP was purchased and has never given any grief other than (maybe) a slow initial connection to the Server via Finder.
    2. As part of the reboot into normal mode, I elected not to launch the Windows Server Launchpad, so this was NOT running at the time of the latest hang.
    3. Time Machine has been conducting an excruciatingly long backup since rebooting back into normal mode (looks like it's doing a full backup). Time Machine DOES NOT, however, back up to the Windows Server, but rather to its own dedicated backup drive, which, again, has never presented any issues.
    4. Since the latest Disk Utility hang, I have noticed a slowing of overall performance (eg opening Safari takes a little longer).  This is not to the point of "crazy slow", but rather slower than it has been running all day.  I should also say that this slowing of performance is more akin to what I have been used to for some time, and I have to admit I had put the faster performance I've enjoyed for most of the day down to the removal of Trend Micro Titanium Internet Security. Sadly, however, it seems I may have been mistaken on this point.


    Linc, once again, any thoughts are greatly appreciated.



Previous 1 2 Next