iMac Freezing

Question

Level 1

12 points

iMac Freezing

About 6 months ago I purchased an iMac. It has worked quite well overall. It has a wireless keyboard and mouse as well. Recently it has been freezing and the only way to get out of that state is to use the power button to shut it down, then restart. There is one significant change that I made about six weeks ago and, excuse my memory, I can't remember whether freezing began before or after this change. Definitely it is increasing in frequency. I turned on Filevault 2 and encrypted my whole hard drive. Another change I have noticed since turning on Filevault 2 is that the iMac does not quickly recognize the wireless mouse or keyboard. Any suggestions, help would be appreciated. Although I am very good at saving work, freezes like this are very inconvenient. Also, I have not experienced such and intractable problem before on any of my Macs.

iMac (21.5-inch, Late 2015), OS X El Capitan (10.11.4), 8 GB Ram, 256 GB SSD

Posted on Apr 13, 2016 5:43 PM

Reply

Answer 1

Linc Davis

Level 10

209,547 points

Apr 13, 2016 6:13 PM in response to ECTimeLord

These instructions must be carried out as an administrator. If you have only one user account, you are the administrator.

Please launch the Console application in any one of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

Step 1

For this step, the title of the Console window should be All Messages. If it isn't, select

SYSTEM LOG QUERIES ▹ All Messages

from the log list on the left. If you don't see that list, select

View ▹ Show Log List

from the menu bar at the top of the screen.

In the top right corner of the Console window, there's a search box labeled Filter. Enter "BOOT_TIME" (without the quotes.)

Each message in the log begins with the date and time when it was entered. Select the BOOT_TIME log message that corresponds to the last boot time when you had the problem. Now clear the search box to reveal all messages. Select the ones logged before the boot, during the time something abnormal was happening. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.

For example, if the system was unresponsive or was failing to shut down for three minutes before you forced a restart, post the messages timestamped within three minutes before the boot time, not after. Please include the BOOT_TIME message at the end of the log extract—not at the beginning.

If there are long runs of repeated messages, please post only one example of each. Don’t post many repetitions of the same message.

When posting a log extract, be selective. A few dozen lines are almost always more than enough.

Some private information, such as your name, may appear in the log. Anonymize before posting.

Please don't indiscriminately dump thousands of lines from the log into this discussion.

Please don't post screenshots of log messages—post the text.

Step 2

In the Console window, select

DIAGNOSTIC AND USAGE INFORMATION ▹ System Diagnostic Reports

(not Diagnostic and Usage Messages) from the log list on the left. If you don't see that list, select

View ▹ Show Log List

from the menu bar.

There is a disclosure triangle to the left of the list item. If the triangle is pointing to the right, click it so that it points down. You'll see a list of reports. A crash report has a name that begins with the name of the crashed process and ends in ".crash". A panic report has a name that begins with "Kernel" and ends in ".panic". A shutdown stall report has a name that ends in ".shutdownstall". Select the most recent of each, if any. The contents of the report will appear on the right. Use copy and paste to post the entire contents—the text, not a screenshot. It's possible that none of these reports exists.

I know the report is long, maybe several hundred lines. Please post all of it anyway.

If you don't see any reports listed, but you know there was a crash or panic, you may have chosen Diagnostic and Usage Messages from the log list. Choose DIAGNOSTIC AND USAGE INFORMATION instead.

In the interest of privacy, I suggest that, before posting, you edit out the “Anonymous UUID,” a long string of letters, numbers, and dashes in the header of the report, if it’s present (it may not be.)

Please don’t post other kinds of diagnostic report—they're very long and rarely helpful.

When you post the log extract or the crash report, you might see an error message on the web page: "You have included content in your post that is not permitted," or "The message contains invalid characters." That's a bug in the forum software. Please post the text on Pastebin, then post a link here to the page you created.

If you have an account on Pastebin, please don't select Private from the Paste Exposure menu on the page, because then no one but you will be able to see it.

Reply

Answer 2

ECTimeLord Author

Level 1

12 points

Apr 14, 2016 1:32 PM in response to Linc Davis

First, I want to thank you for your detailed instructions. I have tried to follow them but may have failed. My apologies if there is too much information.

Okay: Step 1 System Log Queries

4/11/16 5:45:33.750 PM WindowServer[170]: device_generate_desktop_screenshot: authw 0x7fa5aaba2c00(2000), shield 0x7fa5a9a18c00(2001)

4/11/16 5:45:33.790 PM WindowServer[170]: device_generate_lock_screen_screenshot: authw 0x7fa5aaba2c00(2000)[0, 0, 1920, 1080] shield 0x7fa5a9a18c00(2001), dev [1920,1080]

4/11/16 5:45:39.000 PM kernel[0]: PM response took 8026 ms (409, AOUMonitor)

4/11/16 5:45:46.000 PM kernel[0]: ARPT: 14598.167291: wl0: setup_keepalive: interval 900, retry_interval 30, retry_count 10

4/11/16 5:45:46.000 PM kernel[0]: ARPT: 14598.167309: wl0: setup_keepalive: Local IP: 192.168.1.8

4/11/16 5:45:46.000 PM kernel[0]: ARPT: 14598.167312: wl0: setup_keepalive: Remote IP: 17.143.160.33

4/11/16 5:45:46.000 PM kernel[0]: ARPT: 14598.167315: wl0: setup_keepalive: Local port: 49159, Remote port: 5223

4/11/16 5:45:46.000 PM kernel[0]: ARPT: 14598.167319: wl0: setup_keepalive: Seq: 3443856674, Ack: 3834371734, Win size: 4096

4/11/16 5:45:46.000 PM kernel[0]: ARPT: 14598.167332: wl0: MDNS: IPV4 Addr: 192.168.1.8

4/11/16 5:45:46.000 PM kernel[0]: ARPT: 14598.167336: wl0: MDNS: IPV6 Addr: fe80:0:0:0:2af0:76ff:fe11:a05a

4/11/16 5:45:46.000 PM kernel[0]: ARPT: 14598.167339: wl0: MDNS: 0 SRV Recs, 0 TXT Recs

4/11/16 5:45:49.000 PM kernel[0]: PM response took 3116 ms (55, powerd)

4/11/16 5:45:49.000 PM kernel[0]: ARPT: 14601.274110: AirPort_Brcm43xx::powerChange: System Sleep

4/11/16 5:45:49.000 PM kernel[0]: kern_open_file_for_direct_io(0)

4/11/16 5:45:49.000 PM kernel[0]: kern_open_file_for_direct_io took 7 ms

4/11/16 5:45:49.000 PM kernel[0]: Opened file /var/log/SleepWakeStacks.bin, size 172032, extents 1, maxio 2000000 ssd 1

4/11/16 5:45:49.000 PM kernel[0]: polled file major 1, minor 0, blocksize 4096, pollers 5

4/11/16 5:45:50.000 PM kernel[0]: ARPT: 14601.775692: IOPMPowerSource Information: onSleep, SleepType: Normal Sleep,

4/11/16 6:25:11.000 PM kernel[0]: AppleThunderboltNHIType2::prePCIWake - power up complete - took 2 us

4/11/16 6:25:11.000 PM kernel[0]: AppleThunderboltGenericHAL::earlyWake - complete - took 0 milliseconds

Step 2:

Oddly, there were no reports with .crash, ,panic

Reply

Answer 3

Linc Davis

Level 10

209,547 points

Apr 14, 2016 1:49 PM in response to ECTimeLord

There is no BOOT_TIME message in that log extract, so I don't know whether it's related to a freeze.

Reply

Answer 4

ECTimeLord Author

Level 1

12 points

Apr 14, 2016 2:42 PM in response to Linc Davis

You are so right and I finally figured out how to maneuver. I think this might be better.

4/12/16 6:24:53.000 PM kernel[0]: ARPT: 21765.191462: AirPort_Brcm43xx::powerChange: System Wake - Full Wake/ Dark Wake / Maintenance wake

4/12/16 6:24:53.845 PM sharingd[328]: 18:24:53.845 : Discoverable mode changed to Contacts Only

4/12/16 6:24:53.846 PM sharingd[328]: 18:24:53.845 : BTLE scanning started

4/12/16 6:24:53.846 PM sharingd[328]: 18:24:53.845 : Scanning mode Contacts Only

4/12/16 6:24:53.846 PM sharingd[328]: 18:24:53.846 : BTLE scanner Powered On

4/12/16 6:24:54.000 PM kernel[0]: ARPT: 21765.692532: IOPMPowerSource Information: onWake, SleepType: Normal Sleep,

4/12/16 6:24:54.000 PM kernel[0]: ARPT: 21765.692655: AirPort_Brcm43xx::platformWoWEnable: WWEN[disable]

4/12/16 6:24:54.346 PM com.apple.cts[263]: com.apple.suggestions.harvest: scheduler returned false; however, this job is 1 seconds overdue. Running anyway.

4/12/16 6:24:54.353 PM sharingd[328]: 18:24:54.353 : Starting AirDrop server for user 502 on wake

4/12/16 6:24:54.354 PM sharingd[328]: 18:24:54.353 : Scanning mode Contacts Only

4/12/16 6:24:54.355 PM ClamXav Sentry[429]: Wakey wakey!

4/12/16 6:24:54.000 PM kernel[0]: [HID] [ATC] AppleDeviceManagementHIDEventService::processWakeReason Wake reason: Button (0x03)

4/12/16 6:24:54.000 PM kernel[0]: [HID] [ATC] AppleDeviceManagementHIDEventService::processWakeReason Wake reason: Host (0x01)

4/12/16 6:24:57.062 PM accountsd[294]: AIDA Notification plugin running

4/12/16 6:24:57.084 PM com.apple.AddressBook.InternetAccountsBridge[367]: Checking iCDP status for DSID 1603246997 (checkWithServer=0)

4/12/16 6:24:57.091 PM com.apple.AddressBook.InternetAccountsBridge[367]: XPC Error while checking if iCDP is enabled for DSID 1603246997: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}

4/12/16 6:24:57.092 PM com.apple.AddressBook.InternetAccountsBridge[367]: Daemon connection invalidated!

4/12/16 6:24:57.376 PM sandboxd[130]: ([367]) com.apple.Addres(367) deny mach-lookup com.apple.cdp.daemon

4/12/16 6:24:57.463 PM AddressBookSourceSync[3948]: [CardDAVPlugin-ERROR] Exception caught while running sync with server: Error Domain=CoreDAVErrorDomain Code=1 "(null)"

4/12/16 6:25:00.346 PM com.apple.CDScheduler[46]: *** LOG MESSAGE QUOTA EXCEEDED - SOME MESSAGES FROM THIS PROCESS HAVE BEEN DISCARDED ***

4/12/16 6:25:07.107 PM com.apple.AddressBook.ContactsAccountsService[290]: [Accounts] Current connection, <NSXPCConnection: 0x7fdeba525b30> connection from pid 398, doesn't have account access.

4/12/16 6:25:07.107 PM DataDetectorsDynamicData[398]: [Accounts] Failed to update account with identifier 1F38E97B-D9BD-4CC6-9469-BBC320E3F80E, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"

4/12/16 6:25:07.108 PM com.apple.AddressBook.ContactsAccountsService[290]: [Accounts] Current connection, <NSXPCConnection: 0x7fdeba506730> connection from pid 311, doesn't have account access.

4/12/16 6:25:07.108 PM com.apple.AddressBook.ContactsAccountsService[290]: [Accounts] Current connection, <NSXPCConnection: 0x7fdeba706460> connection from pid 328, doesn't have account access.

4/12/16 6:25:07.108 PM IMDPersistenceAgent[311]: [Accounts] Failed to update account with identifier 1F38E97B-D9BD-4CC6-9469-BBC320E3F80E, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"

4/12/16 6:25:07.108 PM sharingd[328]: [Accounts] Failed to update account with identifier 1F38E97B-D9BD-4CC6-9469-BBC320E3F80E, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"

4/12/16 6:25:07.113 PM com.apple.AddressBook.ContactsAccountsService[290]: [Accounts] Current connection, <NSXPCConnection: 0x7fdeba520020> connection from pid 310, doesn't have account access.

4/12/16 6:25:07.114 PM CalNCService[310]: [Accounts] Failed to update account with identifier 1F38E97B-D9BD-4CC6-9469-BBC320E3F80E, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"

4/12/16 6:25:21.672 PM Microsoft Word[3911]: Stream 0x796bf180 is sending an event before being opened

4/12/16 6:25:23.972 PM GoogleSoftwareUpdateAgent[3956]: 2016-04-12 18:25:23.954 GoogleSoftwareUpdateAgent[3956/0xa3946000] [lvl=2] -[KSAgentApp setupLoggerOutput] Agent settings: <KSAgentSettings:0x515600 bundleID=com.google.Keystone.Agent lastCheck=2016-04-12 18:47:59 +0000 checkInterval=18000.000000 uiDisplayInterval=604800.000000 sleepInterval=1800.000000 jitterInterval=900 maxRunInterval=0.000000 isConsoleUser=1 ticketStorePath=/Users/Work/Library/Google/GoogleSoftwareUpdate/TicketStore/Key stone.ticketstore runMode=3 daemonUpdateEngineBrokerServiceName=com.google.Keystone.Daemon.UpdateEngine daemonAdministrationServiceName=com.google.Keystone.Daemon.Administration logEverything=0 logBufferSize=2048 alwaysPromptForUpdates=0 productIDToUpdate=(null) lastUIDisplayed=(null) alwaysShowStatusItem=0 updateCheckTag=(null) printResults=NO userInitiated=NO>

4/12/16 6:25:30.980 PM CalendarAgent[282]: [com.apple.calendar.store.log.caldav.coredav] [Refusing to parse response to PROPPATCH because of content-type: [text/html; charset=UTF-8].]

4/12/16 6:25:31.035 PM CalendarAgent[282]: [com.apple.calendar.store.log.caldav.coredav] [Refusing to parse response to PROPPATCH because of content-type: [text/html; charset=UTF-8].]

4/12/16 6:25:35.000 PM kernel[0]: pci pause: SDXC

4/12/16 6:25:50.000 PM kernel[0]: [AppleHSBluetoothDevice][getExtendedReport] Could not retrieve information for BatteryPercent feature

4/12/16 6:25:50.000 PM kernel[0]: [AppleHSBluetoothDevice][updateBatteryLevel] Couldn't get battery percentage from device

4/12/16 6:25:50.000 PM kernel[0]: [AppleHSBluetoothDevice][getExtendedReport] Could not retrieve information for BatteryPercent feature

4/12/16 6:25:50.000 PM kernel[0]: [AppleHSBluetoothDevice][updateBatteryLevel] Couldn't get battery percentage from device

4/12/16 6:26:01.002 PM com.apple.CDScheduler[46]: *** LOG MESSAGE QUOTA EXCEEDED - SOME MESSAGES FROM THIS PROCESS HAVE BEEN DISCARDED ***

4/12/16 6:26:01.572 PM SpotlightNetHelper[363]: tcp_connection_destination_handle_tls_close_notify 90 closing socket due to TLS CLOSE_NOTIFY alert

4/12/16 6:26:01.572 PM SpotlightNetHelper[363]: tcp_connection_tls_session_error_callback_imp 90 __tcp_connection_tls_session_callback_write_block_invoke.434 error 32

4/12/16 6:26:02.618 PM Microsoft Excel[1980]: Stream 0x802fb5e0 is sending an event before being opened

4/12/16 6:26:31.534 PM SpotlightNetHelper[363]: tcp_connection_tls_session_error_callback_imp 91 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

4/12/16 6:26:31.534 PM SpotlightNetHelper[363]: tcp_connection_tls_session_error_callback_imp 92 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

4/12/16 6:28:18.000 PM bootlog[0]: BOOT_TIME 1460500098 0

Reply

Answer 5

Linc Davis

Level 10

209,547 points

Apr 14, 2016 2:56 PM in response to ECTimeLord

1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.

The test works on OS X 10.8 ("Mountain Lion") and later. I don't recommend running it on older versions of OS X. It will do no harm, but it won't do much good either.

Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.

2. If you don't already have a current backup, please back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.

There are ways to back up a computer that isn't fully functional. Ask if you need guidance.

3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.

You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.

In this case, however, there are ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone who understands the code can verify what it does.

You may not be able to understand the script yourself. But variations of it have been posted on this website many times over a period of years. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.

Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.

4. Here's a general summary of what you need to do, if you choose to proceed:

☞ Copy the text of a particular web page (not this one) to the Clipboard.

☞ Paste into the window of another application.

☞ Wait for the test to run. It usually takes a few minutes.

☞ Paste the results, which will have been copied automatically, back into a reply on this page.

These are not specific instructions; just an overview. The details are in parts 7 and 8 of this comment. The sequence is: copy, paste, wait, paste again. You don't need to copy a second time.

5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is intermittently slow, run the test during a slowdown.

You may have started up in safe mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual before running it. If you can only test in safe mode, do that.

6. If you have more than one user, and only one user is affected by the problem,, and the affected user is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.

7. Load this linked web page (on the website "Pastebin.") Press the key combination command-A to select all the text, then copy it to the Clipboard by pressing command-C.

8. Launch the built-in Terminal application in any one of the following ways:

☞ Enter the first few letters of its name ("Terminal") into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

Click anywhere in the Terminal window to activate it. Paste from the Clipboard into the window by pressing command-V, then press return. The text you pasted should vanish immediately.

9. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.

If the test is taking much longer than usual to run because the computer is very slow, you might be prompted for your password a second time. The authorization that you grant by entering it expires automatically after five minutes.

If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.

10. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:

Test started

Part 1 of 4 done at: … sec
…
Part 4 of 4 done at: … sec

The test results are on the Clipboard.

Please close this window.

The intervals between parts won't be exactly equal, but they give a rough indication of progress.

Wait for the final message "Please close this window" to appear—again, usually within a few minutes. If you don't see that message within about 30 minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it. Then go to the next step. You'll have incomplete results, but still something.

In order to get results, the test must either be allowed to complete or else manually stopped as above. If you close the Terminal window while the test is still running, the partial results won't be saved.

11. When the test is complete, or if you stopped it manually, quit Terminal. The results will have been saved to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.

At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "close this window" message. Please wait for it and try again.

If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.

12. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "The message contains invalid characters." That's a bug in the software that runs this website. Please post the test results on Pastebin, then post a link here to the page you created.

If you have an account on Pastebin, please don't select Private from the Paste Exposure menu on the page, because then no one but you will be able to see it.

13. When you're done with the test, it's gone. There is nothing to uninstall or clean up.

14. This is a public forum, and others may give you advice based on the results of the test. They speak for themselves, not for me. The test itself is harmless, but whatever else you do may not be. For others who choose to run it, I don't recommend that you post the test results on this website unless I asked you to.

15. The linked UNIX shell script bears a notice of copyright. Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

Reply

Answer 6

ECTimeLord Author

Level 1

12 points

Apr 16, 2016 12:42 PM in response to Linc Davis

Hello,

I actually performed the test you suggested, let it run, went and did something else. I went to wake up my computer, the test had completed but the computer was frozen. Waited and waited, ball kept spinning. Had to re-boot, the test results were now gone from the clipboard. You had suggested running the test when the computer is symptomatic, the problem is that when it isn't frozen, it isn't noticeably symptomatic. No matter, I will rerun the test on Monday when I return to work and this iMac. I did copy the system log queries before the most recent reboot. I will include them for a few of those minutes. If this is not helpful, let me know and I won't include this information. Thank you for all your help thusfar.

4/16/16 2:41:24.000 PM syslogd[45]: ASL Sender Statistics

4/16/16 2:42:36.175 PM WindowServer[169]: device_generate_desktop_screenshot: authw 0x0(0), shield 0x0(0)

4/16/16 2:42:36.179 PM WindowServer[169]: device_generate_lock_screen_screenshot: authw 0x0(0)[inf, inf, 0, 0] shield 0x0(0), dev [1920,1080]

4/16/16 2:42:56.385 PM CalendarAgent[261]: CoreLocation: Discarding message for event 27 because of too many unprocessed messages

4/16/16 2:43:26.215 PM launchservicesd[78]: SecTaskLoadEntitlements failed error=22

4/16/16 2:43:26.218 PM launchservicesd[78]: SecTaskLoadEntitlements failed error=22

4/16/16 2:43:26.245 PM AOUDownloadCount[13903]: ERROR|AOUDownloadCount.m|368L|Error:AOUDownloadCount::sendDownloadCountInfo:get DownloadCountInfo failed.

4/16/16 2:43:26.246 PM appleeventsd[53]: SecTaskLoadEntitlements failed error=22

4/16/16 2:46:04.347 PM Microsoft Word[959]: Stream 0x803389f0 is sending an event before being opened

4/16/16 2:46:08.728 PM Microsoft Excel[743]: Stream 0x7c4b37b0 is sending an event before being opened

4/16/16 2:47:34.389 PM CalendarAgent[261]: CoreLocation: Discarding message for event 32 because of too many unprocessed messages

4/16/16 2:47:34.389 PM CalendarAgent[261]: CoreLocation: Discarding message for event 1 because of too many unprocessed messages

4/16/16 2:47:34.390 PM CalendarAgent[261]: CoreLocation: Discarding message for event 27 because of too many unprocessed messages

4/16/16 2:47:34.390 PM CalendarAgent[261]: CoreLocation: Discarding message for event 1 because of too many unprocessed messages

4/16/16 2:47:34.390 PM CalendarAgent[261]: CoreLocation: Discarding message for event 27 because of too many unprocessed messages

4/16/16 2:51:35.000 PM syslogd[45]: ASL Sender Statistics

4/16/16 2:52:09.306 PM Microsoft Word[959]: Stream 0x7fb54830 is sending an event before being opened

4/16/16 2:52:13.679 PM Microsoft Excel[743]: Stream 0x7e8245f0 is sending an event before being opened

4/16/16 2:54:30.756 PM CalendarAgent[261]: CoreLocation: Discarding message for event 32 because of too many unprocessed messages

4/16/16 2:54:30.757 PM CalendarAgent[261]: CoreLocation: Discarding message for event 1 because of too many unprocessed messages

4/16/16 2:54:30.757 PM CalendarAgent[261]: CoreLocation: Discarding message for event 27 because of too many unprocessed messages

4/16/16 2:54:30.757 PM CalendarAgent[261]: CoreLocation: Discarding message for event 1 because of too many unprocessed messages

4/16/16 2:54:30.757 PM CalendarAgent[261]: CoreLocation: Discarding message for event 27 because of too many unprocessed messages

4/16/16 2:57:30.199 PM taskgated[255]: no application identifier provided, can't use provisioning profiles [pid=13906]

4/16/16 2:58:14.266 PM Microsoft Word[959]: Stream 0x81c9aa30 is sending an event before being opened

4/16/16 2:58:14.267 PM Microsoft Word[959]: Stream 0x81c9aa30 is sending an event before being opened

4/16/16 2:58:18.634 PM Microsoft Excel[743]: Stream 0x80712010 is sending an event before being opened

4/16/16 2:59:34.240 PM CalendarAgent[261]: CoreLocation: Discarding message for event 32 because of too many unprocessed messages

4/16/16 2:59:34.240 PM CalendarAgent[261]: CoreLocation: Discarding message for event 1 because of too many unprocessed messages

4/16/16 2:59:34.240 PM CalendarAgent[261]: CoreLocation: Discarding message for event 27 because of too many unprocessed messages

4/16/16 2:59:34.240 PM CalendarAgent[261]: CoreLocation: Discarding message for event 1 because of too many unprocessed messages

4/16/16 2:59:34.240 PM CalendarAgent[261]: CoreLocation: Discarding message for event 27 because of too many unprocessed messages

4/16/16 2:59:34.241 PM CalendarAgent[261]: CoreLocation: Discarding message for event 27 because of too many unprocessed messages

4/16/16 3:01:57.000 PM syslogd[45]: ASL Sender Statistics

4/16/16 3:01:57.599 PM CalendarAgent[261]: [com.apple.calendar.store.log.caldav.queue] [Operation <CalDAVWriteEntityQueueableOperation: 0x7fc3a8d17430; Sequence: 1932> took for ever. Killing the agent.]

4/16/16 3:03:15.830 PM WindowServer[169]: send_datagram_available_ping: pid 93 failed to act on a ping it dequeued before timing out.

4/16/16 3:03:15.832 PM com.apple.backupd[13891]: Backup failed with error 18: The backup disk could not be found.

4/16/16 3:03:17.465 PM CalendarAgent[261]: [com.apple.calendar.store.log.caldav.coredav] [Refusing to parse response to PROPPATCH because of content-type: [text/html; charset=UTF-8].]

4/16/16 3:03:17.512 PM CalendarAgent[261]: [com.apple.calendar.store.log.caldav.coredav] [Refusing to parse response to PROPPATCH because of content-type: [text/html; charset=UTF-8].]

4/16/16 3:03:45.000 PM kernel[0]: PM response took 14671 ms (82, locationd)

4/16/16 3:03:45.000 PM kernel[0]: PM response took 14725 ms (178, awdd)

4/16/16 3:03:45.000 PM kernel[0]: PM response took 29932 ms (286, Spotlight)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 93, loginwindow)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 262, mapspushd)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 312, soagent)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 333, callservicesd)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 291, fmfd)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 339, IDSKeychainSynci)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 278, fontd)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 358, IMRemoteURLConne)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 357, IMRemoteURLConne)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 356, netbiosd)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 375, cloudpaird)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 378, diagnostics_agen)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 658, Messages)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 758, ScanSnap Manager)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 879, com.apple.WebKit)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 965, com.apple.appkit)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 987, com.apple.WebKit)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 1116, firefox)

4/16/16 3:03:45.000 PM kernel[0]: PM notification timeout (pid 1861, cupsd)

4/16/16 3:03:45.898 PM CommCenter[246]: Telling CSI to go low power.

4/16/16 3:03:45.899 PM AirPlayUIAgent[374]: 2016-04-16 03:03:45.899067 PM [AirPlayUIAgent] BecomingInactive: NSWorkspaceWillSleepNotification

4/16/16 3:03:45.900 PM ClamXav Sentry[384]: Nighty night!

4/16/16 3:03:45.909 PM sharingd[301]: 15:03:45.909 : BTLE scanner Powered Off

4/16/16 3:03:45.910 PM sharingd[301]: 15:03:45.909 : BTLE scanner Powered Off

4/16/16 3:04:01.000 PM kernel[0]: PM response took 8035 ms (364, AOUMonitor)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 82, locationd)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 178, awdd)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 71, coreduetd)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 93, loginwindow)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 262, mapspushd)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 93, loginwindow)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 272, Finder)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 271, SystemUIServer)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 312, soagent)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 333, callservicesd)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 291, fmfd)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 339, IDSKeychainSynci)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 278, fontd)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 358, IMRemoteURLConne)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 357, IMRemoteURLConne)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 356, netbiosd)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 370, 2BUA8C4S2C.com.a)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 375, cloudpaird)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 378, diagnostics_agen)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 658, Messages)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 758, ScanSnap Manager)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 879, com.apple.WebKit)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 965, com.apple.appkit)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 987, com.apple.WebKit)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 1116, firefox)

4/16/16 3:04:15.000 PM kernel[0]: PM notification timeout (pid 1861, cupsd)

4/16/16 3:04:17.000 PM kernel[0]: ARPT: 8755.535246: wl0: setup_keepalive: interval 900, retry_interval 30, retry_count 10

4/16/16 3:04:17.000 PM kernel[0]: ARPT: 8755.535253: wl0: setup_keepalive: Local IP: 192.168.1.9

4/16/16 3:04:17.000 PM kernel[0]: ARPT: 8755.535256: wl0: setup_keepalive: Remote IP: 17.143.163.37

4/16/16 3:04:17.000 PM kernel[0]: ARPT: 8755.535259: wl0: setup_keepalive: Local port: 49173, Remote port: 5223

4/16/16 3:04:17.000 PM kernel[0]: ARPT: 8755.535263: wl0: setup_keepalive: Seq: 1093867503, Ack: 2185971973, Win size: 4096

4/16/16 3:04:17.000 PM kernel[0]: ARPT: 8755.535276: wl0: MDNS: IPV4 Addr: 192.168.1.9

4/16/16 3:04:17.000 PM kernel[0]: ARPT: 8755.535279: wl0: MDNS: IPV6 Addr: fe80:0:0:0:2af0:76ff:fe11:a05a

4/16/16 3:04:17.000 PM kernel[0]: ARPT: 8755.535282: wl0: MDNS: 0 SRV Recs, 0 TXT Recs

4/16/16 3:04:23.581 PM Microsoft Excel[743]: Stream 0x7cf02140 is sending an event before being opened

4/16/16 3:04:23.582 PM Microsoft Excel[743]: Stream 0x7cf02140 is sending an event before being opened

4/16/16 3:04:24.167 PM Microsoft Word[959]: Stream 0x806b20b0 is sending an event before being opened

4/16/16 3:04:44.000 PM kernel[0]: PM response took 28148 ms (55, powerd)

4/16/16 3:26:26.000 PM bootlog[0]: BOOT_TIME 1460834786 0

Reply

Answer 7

Linc Davis

Level 10

209,547 points

Apr 16, 2016 1:38 PM in response to ECTimeLord

You had suggested running the test when the computer is symptomatic

If possible.

Reply

Answer 8

ECTimeLord Author

Level 1

12 points

Apr 16, 2016 4:31 PM in response to Linc Davis

I am assuming that the lines I posted have no useful information.

I will run the test Monday, post the results.

The freezes are happening more frequently, often when I wake up from screen saver.

Thanks.

Reply

Answer 9

ECTimeLord Author

Level 1

12 points

Apr 18, 2016 5:45 AM in response to Linc Davis

Hello, here are the results of the test.

1 Start time: 08:38:39 04/18/16

2

3 Revision: 1574

4

5 Model Identifier: iMac16,2

6 Boot ROM Version: IM162.0206.B00

7 System Version: OS X 10.11.4 (15E65)

8 Kernel Version: Darwin 15.4.0

9 Time since boot: 8 minutes

10

11 UID: 502

12

13 USB

14

15 FreeAgent GoFlex (Seagate LLC)

16 Back-UPS ES 550G FW904.W1 .D USB FW:W1 : (American Power Conversion)

17

18 Bluetooth

19

20 Magic Keyboard

21 Magic Mouse 2

22

23 FileVault 2

24

25 FileVault is On.

26

27 System errors (/s)

28

29 ClamXav Sentry (UID 502, error 3): 346

30

31 I/O in, lifetime (KiB/s)

32

33 backupd (UID 0): 4109

34 firefox (UID 502): 1767

35

36 I/O in, sampled (KiB/s)

37

38 backupd (UID 0): 1647

39

40 Energy impact, lifetime (relative)

41

42 WindowServer (UID 88): 8163.24

43 firefox (UID 502): 4615.58

44 Terminal (UID 502): 24.45

45 bash (UID 502): 21.16

46 Mail (UID 502): 15.71

47

48 GPU usage, lifetime (ms/s)

49

50 WindowServer (UID 88): 15399.81

51 firefox (UID 502): 8684.67

52

53 CPU usage, lifetime (ms/s)

54

55 Terminal (UID 502): 244.32

56 bash (UID 502): 211.55

57 Mail (UID 502): 154.93

58

59 LS schemes: No

60

61 Global prefs (system)

62

63 MultipleSessionEnabled = 1

64

65 Firewall: On

66

67 Wi-Fi

68

69 Security: WEP

70

71 System caches/logs

72

73 2.5 GiB: /System/Library/Caches/com.apple.coresymbolicationd/data

74

75 Diagnostic reports

76

77 2016-04-14 Microsoft Word hang x2

78

79 HID errors: 6

80

81 Kernel log

82

83 Apr 16 15:04:15 PM notification timeout (pid 658, Messages)

84 Apr 16 15:04:15 PM notification timeout (pid 658, Messages)

85 Apr 16 15:04:15 PM notification timeout (pid 658, Messages)

86 Apr 16 15:04:15 PM notification timeout (pid 758, ScanSnap Manager)

87 Apr 16 15:04:15 PM notification timeout (pid 758, ScanSnap Manager)

88 Apr 16 15:04:15 PM notification timeout (pid 758, ScanSnap Manager)

89 Apr 16 15:04:15 PM notification timeout (pid 879, com.apple.WebKit)

90 Apr 16 15:04:15 PM notification timeout (pid 879, com.apple.WebKit)

91 Apr 16 15:04:15 PM notification timeout (pid 965, com.apple.appkit)

92 Apr 16 15:04:15 PM notification timeout (pid 987, com.apple.WebKit)

93 Apr 16 15:04:15 PM notification timeout (pid 987, com.apple.WebKit)

94 Apr 16 15:04:15 PM notification timeout (pid 1116, firefox)

95 Apr 16 15:04:15 PM notification timeout (pid 1861, cupsd)

96 Apr 16 15:26:30 Sleep failure code 0x00000000 0x28006900

97 Apr 16 15:26:30 IO80211ControllerMonitor::configureSubscriptions() failed to add subscriptionIO80211Controller::start _controller is 0xc3e9704d63e5d801, provider is 0xc3e9704ca4c46b01

98 Apr 16 15:26:30 init: error getting PHY_MODE; using MODE_UNKNOWN

99 Apr 16 15:26:30 [IGPU] Scheduler Throttle Cap = 100ms.

100 Apr 16 15:26:34 CoreStorageFamily::unlockVEKs(UUID) VEK unwrap failed. this is normal, except for the root volume.

101 Apr 16 15:26:55 pci pause: SDXC

102 Apr 18 08:30:34 IO80211ControllerMonitor::configureSubscriptions() failed to add subscriptionIO80211Controller::start _controller is 0x4e785f7246cb0bf1, provider is 0x4e785f718761fff1

103 Apr 18 08:30:34 init: error getting PHY_MODE; using MODE_UNKNOWN

104 Apr 18 08:30:34 [IGPU] Scheduler Throttle Cap = 100ms.

105 Apr 18 08:30:38 CoreStorageFamily::unlockVEKs(UUID) VEK unwrap failed. this is normal, except for the root volume.

106 Apr 18 08:30:59 pci pause: SDXC

107 Apr 18 08:37:43 pci pause: SDXC

108

109 System log

110

111 Apr 18 08:30:56 ClamXav Sentry: App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

112 Apr 18 08:31:00 symptomsd: __73-[NetworkAnalyticsEngine observeValueForKeyPath:ofObject:change:context:]_block_invoke unexpected switch value 2

113 Apr 18 08:30:59 cloudd: There's an iCloud account without a CloudKit Child Accounts. This ain't right, I'll make a new one.

114 Apr 18 08:31:44 fseventsd: Logging disabled completely for device:1: /Volumes/Recovery HD

115 Apr 18 08:31:57 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 13 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

116 Apr 18 08:31:57 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 12 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

117 Apr 18 08:31:57 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 10 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

118 Apr 18 08:31:57 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 9 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

119 Apr 18 08:31:57 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 11 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

120 Apr 18 08:31:57 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 8 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

121 Apr 18 08:31:57 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 14 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

122 Apr 18 08:31:57 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 7 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

123 Apr 18 08:31:57 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 18 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

124 Apr 18 08:31:57 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 15 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

125 Apr 18 08:35:36 launchservicesd: Application App:"loginwindow" asn:0x0-1001 pid:93 refs=8 @ 0x7ff750e03800 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0x2d02d pid=577 "ScreenSaverEngine"")), so denying. : LASSession.cp #1531 SetFrontApplication() q=LSSession 100007/0x186a7 queue

126 Apr 18 08:36:59 ntpd: sigio_handler: sigio_handler_active != 1

127 Apr 18 08:36:59 ntpd: sigio_handler: sigio_handler_active != 0

128 Apr 18 08:37:19 fseventsd: requested timestamp is prior to the earliest log file. setting event-id to zero

129 Apr 18 08:37:30 UserEventAgent: Failed to send message because the port couldn't be created.

130 Apr 18 08:37:30 com.apple.backupd: Error -35 while resolving alias to backup target

131 Apr 18 08:37:30 UserEventAgent: Failed to send message because the port couldn't be created.

132 Apr 18 08:37:30 com.apple.backupd: Backup failed with error 18: The backup disk could not be found.

133 Apr 18 08:37:30 UserEventAgent: Failed to send message because the port couldn't be created.

134 Apr 18 08:37:31 UserEventAgent: Failed to send message because the port couldn't be created.

135 Apr 18 08:38:41 SpotlightNetHelper: tcp_connection_tls_session_error_callback_imp 22 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22

136

137 launchd log

138

139 Apr 11 08:42:41 : Failed to remove file or directory: name = dyld_shared_cache_x86_64h, error = 1: Operation not permitted. Further logging suppressed.

140 Apr 11 08:42:41 com.apple.airplaydiagnostics.server: Unrecognized MachService property: ResetAtClose

141 Apr 11 08:42:48 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: path = /System/Library/LaunchAgents/com.apple.FirmwareUpdateHelper.plist, caller = loginwindow.94, error = 138: Service cannot be loaded on this hardware

142 Apr 11 08:42:48 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: caller = otherbsd.264, service = com.getdropbox.dropbox.loginhelper, error = 119: Service is disabled

143 Apr 12 18:28:21 : Failed to remove file or directory: name = dyld_shared_cache_x86_64h, error = 1: Operation not permitted. Further logging suppressed.

144 Apr 12 18:28:22 com.apple.airplaydiagnostics.server: Unrecognized MachService property: ResetAtClose

145 Apr 12 18:28:26 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: path = /System/Library/LaunchAgents/com.apple.FirmwareUpdateHelper.plist, caller = loginwindow.93, error = 138: Service cannot be loaded on this hardware

146 Apr 12 18:28:26 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: caller = otherbsd.241, service = com.getdropbox.dropbox.loginhelper, error = 119: Service is disabled

147 Apr 14 08:47:59 : Failed to remove file or directory: name = dyld_shared_cache_x86_64h, error = 1: Operation not permitted. Further logging suppressed.

148 Apr 14 08:47:59 com.apple.airplaydiagnostics.server: Unrecognized MachService property: ResetAtClose

149 Apr 14 08:48:04 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: path = /System/Library/LaunchAgents/com.apple.FirmwareUpdateHelper.plist, caller = loginwindow.93, error = 138: Service cannot be loaded on this hardware

150 Apr 14 08:48:04 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: caller = otherbsd.242, service = com.getdropbox.dropbox.loginhelper, error = 119: Service is disabled

151 Apr 16 07:27:35 : Failed to remove file or directory: name = dyld_shared_cache_x86_64h, error = 1: Operation not permitted. Further logging suppressed.

152 Apr 16 07:27:35 com.apple.airplaydiagnostics.server: Unrecognized MachService property: ResetAtClose

153 Apr 16 07:27:40 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: path = /System/Library/LaunchAgents/com.apple.FirmwareUpdateHelper.plist, caller = loginwindow.93, error = 138: Service cannot be loaded on this hardware

154 Apr 16 07:27:40 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: caller = otherbsd.242, service = com.getdropbox.dropbox.loginhelper, error = 119: Service is disabled

155 Apr 16 15:26:29 : Failed to remove file or directory: name = dyld_shared_cache_x86_64h, error = 1: Operation not permitted. Further logging suppressed.

156 Apr 16 15:26:30 com.apple.airplaydiagnostics.server: Unrecognized MachService property: ResetAtClose

157 Apr 16 15:26:34 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: path = /System/Library/LaunchAgents/com.apple.FirmwareUpdateHelper.plist, caller = loginwindow.93, error = 138: Service cannot be loaded on this hardware

158 Apr 18 08:30:34 : Failed to remove file or directory: name = dyld_shared_cache_x86_64h, error = 1: Operation not permitted. Further logging suppressed.

159 Apr 18 08:30:34 com.apple.airplaydiagnostics.server: Unrecognized MachService property: ResetAtClose

160 Apr 18 08:30:39 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: path = /System/Library/LaunchAgents/com.apple.FirmwareUpdateHelper.plist, caller = loginwindow.93, error = 138: Service cannot be loaded on this hardware

161 Apr 18 08:30:39 com.apple.xpc.launchd.user.domain.502.100007.Aqua: Could not import service from caller: caller = otherbsd.242, service = com.getdropbox.dropbox.loginhelper, error = 119: Service is disabled

162

163 System services loaded

164

165 com.apple.logd

166 - status: 1

167 com.apple.watchdogd

168 com.microsoft.office.licensingV2.helper

169

170 Login services loaded

171

172 2BUA8C4S2C.com.agilebits.onepassword4-helper

173 com.fujitsu.pfu.ScanSnap.AOUMonitor

174 com.google.keystone.user.agent

175 uk.co.canimaansoftware.clamxav.clamscan

176 uk.co.canimaansoftware.clamxav.freshclam

177

178 Contents of /Library/LaunchAgents/com.fujitsu.pfu.ScanSnap.AOUMonitor.plist

179 - mod date: Nov 18 16:45:28 2015

180 - size (B): 483

181 - checksum: 1604324271

182

183 <?xml version="1.0" encoding="UTF-8"?>

184 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

185 <plist version="1.0">

186 <dict>

187 <key>Label</key>

188 <string>com.fujitsu.pfu.ScanSnap.AOUMonitor</string>

189 <key>ProgramArguments</key>

190 <array>

191 <string>/Applications/ScanSnap Online HOST.localized/AutoOnlineUpdater.app/Contents/MacOS/AOUMonitor.app/Contents/Mac OS/AOUMonitor</string>

192 </array>

193 <key>RunAtLoad</key>

194 <true/>

195 </dict>

196 </plist>

197

198 Contents of Library/LaunchAgents/com.google.keystone.agent.plist

199 - mod date: Mar 2 14:29:41 2016

200 - size (B): 801

201 - checksum: 837571393

202

203 <?xml version="1.0" encoding="UTF-8"?>

204 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

205 <plist version="1.0">

206 <dict>

207 <key>Label</key>

208 <string>com.google.keystone.user.agent</string>

209 <key>LimitLoadToSessionType</key>

210 <string>Aqua</string>

211 <key>ProgramArguments</key>

212 <array>

213 <string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>

214 <string>-runMode</string>

215 <string>ifneeded</string>

216 </array>

217 <key>RunAtLoad</key>

218 <true/>

219 <key>StartInterval</key>

220 <integer>3623</integer>

221 <key>StandardErrorPath</key>

222 <string>/dev/null</string>

223 <key>StandardOutPath</key>

224 <string>/dev/null</string>

225 </dict>

226 </plist>

227

228 Contents of Library/LaunchAgents/uk.co.canimaansoftware.clamxav.clamscan.plist

229 - mod date: Nov 23 09:53:07 2015

230 - size (B): 684

231 - checksum: 593154150

232

233 <?xml version="1.0" encoding="UTF-8"?>

234 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

235 <plist version="1.0">

236 <dict>

237 <key>Label</key>

238 <string>uk.co.canimaansoftware.clamxav.clamscan</string>

239 <key>OnDemand</key>

240 <true/>

241 <key>ProgramArguments</key>

242 <array>

243 <string>/Applications/ClamXav.app/Contents/Resources/ScheduleHelper</string>

244 <string>scan</string>

245 </array>

246 <key>RunAtLoad</key>

247 <false/>

248 <key>StartCalendarInterval</key>

249 <array>

250 <dict>

251 <key>Hour</key>

252 <integer>9</integer>

253 <key>Minute</key>

254 <integer>30</integer>

255 <key>Weekday</key>

256 <integer>3</integer>

257 </dict>

258

259 ...and 3 more line(s)

260

261 Contents of Library/LaunchAgents/uk.co.canimaansoftware.clamxav.freshclam.plist

262 - mod date: Nov 23 09:53:07 2015

263 - size (B): 642

264 - checksum: 2779299519

265

266 <?xml version="1.0" encoding="UTF-8"?>

267 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

268 <plist version="1.0">

269 <dict>

270 <key>Label</key>

271 <string>uk.co.canimaansoftware.clamxav.freshclam</string>

272 <key>OnDemand</key>

273 <true/>

274 <key>ProgramArguments</key>

275 <array>

276 <string>/Applications/ClamXav.app/Contents/Resources/ScheduleHelper</string>

277 <string>update</string>

278 </array>

279 <key>RunAtLoad</key>

280 <false/>

281 <key>StartCalendarInterval</key>

282 <array>

283 <dict>

284 <key>Hour</key>

285 <integer>10</integer>

286 <key>Minute</key>

287 <integer>30</integer>

288 </dict>

289 </array>

290 </dict>

291

292 ...and 1 more line(s)

293

294 User login items

295

296 iTunesHelper

297 - /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

298 Dropbox

299 - /Applications/Dropbox.app

300 ClamXav Sentry

301 - /Applications/ClamXav.app/Contents/Resources/ClamXav Sentry.app

302

303 Safari extensions

304

305 1Password

306 - com.agilebits.onepassword4-safari

307

308 Firefox extensions

309

310 Firefox Hello Beta

311

312 iCloud services

313

314 MOBILE_DOCUMENTS

315 PHOTO_STREAM

316 MAIL_AND_NOTES

317 CONTACTS

318 CALENDAR

319 REMINDERS

320 BOOKMARKS

321 NOTES

322 FIND_MY_MAC

323

324 iCloud errors

325

326 Photos 44

327 cloudd 10

328 Finder 6

329 cloudphotosd 4

330 comapple.CloudPhotosConfiguration 3

331 bird 2

332

333 Continuity errors

334

335 sharingd 15

336 Pages 12

337 sharedfilelistd 6

338 useractivityd 2

339

340 Restrictive permissions: 22

341

342 Lockfiles: 3

343

344 Accessibility

345

346 Keyboard Zoom: On

347

348 Applications

349

350 /Applications/ScanSnap/ScanToMobileTrans.app

351 - jp.co.pfu.ScanSnap.ScanToMobileTrans

352 - PFU LIMITED

353

354 Bundles

355

356 /Library/Internet Plug-Ins/Quartz Composer.webplugin

357 - com.apple.QuartzComposer.webplugin

358 - Software Signing

359 /Users/USER/Library/Application Support/Google/Chrome/WidevineCDM/1.4.8.866/_platform_specific/mac_x64/widevine cdmadapter.plugin

360 - NA

361 /Users/USER/Library/Application Support/LogMeIn Client/update/temp/Contents/PlugIns/LogMeInSafari32.plugin

362 - NA

363

364 Library paths

365

366 /Applications/CardMinder/Cs/Lib/CMlibCNOper.dylib

367 /Applications/CardMinder/Cs/Lib/CMlibCNPinyin.dylib

368 /Applications/CardMinder/En/Lib/CMlibEnNamAddr.dylib

369 /Applications/CardMinder/Jp/Lib/CMlibJpAddr.dylib

370 /Applications/CardMinder/Jp/Lib/CMlibJpCom.dylib

371 /Applications/CardMinder/Jp/Lib/CMlibJpNam.dylib

372 /Applications/CardMinder/Kr/Lib/CMlibKRCnv.dylib

373 /Applications/CardMinder/Kr/Lib/CMlibKROper.dylib

374 /Applications/CardMinder/OCR/Abbyy/libCMABBYYEngine.dylib

375 /Applications/CardMinder/OCR/Abbyy/libFREngineDyn.dylib

376 /Applications/CardMinder/OCR/FJOCR/libCMFJOCRWrp.dylib

377 /Applications/CardMinder/OCR/FJOCR/libExtOCR.dylib

378 /Applications/CardMinder/OCR/FJOCR/libF5alocreCoreLib.dylib

379 /Applications/CardMinder/OCR/FJOCR/libf5alocrl.dylib

380 /Applications/CardMinder/OCR/FJOCR/libf5awzbin.dylib

381 /Applications/CardMinder/OCR/FJOCR/libf5awztbl.dylib

382 /Applications/CardMinder/OCR/FJOCR/libf5memctl.dylib

383 /Applications/CardMinder/OCR/FJOCR/pfocrwrp.dylib

384 /Applications/CardMinder/OCR/PenPower/amecard.dylib

385 /Applications/CardMinder/OCR/PenPower/bizbinarize.dylib

386 /Applications/CardMinder/OCR/PenPower/chinese_card.dylib

387 /Applications/CardMinder/OCR/PenPower/cparserdict.dylib

388 /Applications/CardMinder/OCR/PenPower/crypto.dylib

389 /Applications/CardMinder/OCR/PenPower/engcard.dylib

390 /Applications/CardMinder/OCR/PenPower/esteupcard.dylib

391 /Applications/CardMinder/OCR/PenPower/greekcard.dylib

392 /Applications/CardMinder/OCR/PenPower/icard_sdk.dylib

393 /Applications/CardMinder/OCR/PenPower/japan_card.dylib

394 /Applications/CardMinder/OCR/PenPower/japocrreg.dylib

395 /Applications/CardMinder/OCR/PenPower/jpgcnvt.dylib

396 /Applications/CardMinder/OCR/PenPower/korean_card.dylib

397 /Applications/CardMinder/OCR/PenPower/kscocrreg.dylib

398 /Applications/CardMinder/OCR/PenPower/noreupcard.dylib

399 /Applications/CardMinder/OCR/PenPower/ocrreg.dylib

400 /Applications/CardMinder/OCR/PenPower/parengaddr.dylib

401 /Applications/CardMinder/OCR/PenPower/pareupaddr.dylib

402 /Applications/CardMinder/OCR/PenPower/parseuntitle.dylib

403 /Applications/CardMinder/OCR/PenPower/ppeupcard.dylib

404 /Applications/CardMinder/OCR/PenPower/preimgprocess.dylib

405 /Applications/CardMinder/OCR/PenPower/rtkctl.dylib

406 /Applications/CardMinder/OCR/PenPower/rtkctl_eeu.dylib

407 /Applications/CardMinder/OCR/PenPower/rtkctl_greece.dylib

408 /Applications/CardMinder/OCR/PenPower/rtkctl_neu.dylib

409 /Applications/CardMinder/OCR/PenPower/rtkctl_rus.dylib

410 /Applications/CardMinder/OCR/PenPower/rtkctl_tky.dylib

411 /Applications/CardMinder/OCR/PenPower/rtkctl_weu.dylib

412 /Applications/CardMinder/OCR/PenPower/russiacard.dylib

413 /Applications/CardMinder/OCR/PenPower/splitaddress.dylib

414 /Applications/CardMinder/OCR/PenPower/splitaddrtel.dylib

415 /Applications/CardMinder/OCR/PenPower/wcardsdk.dylib

416 /Applications/CardMinder/OCR/PenPower/xkakalib.dylib

417 /Applications/ScanSnap/Lib/Intel/libFREngineDyn.dylib

418 /Applications/ScanSnap/Lib/SsSvcOCRHandler.dylib

419 /Applications/ScanSnap/Lib/libABBYYWrapper.dylib

420 /Applications/ScanSnap/Lib/libExtOCRFJOCR.dylib

421 /Applications/ScanSnap/Lib/libF5alocreCoreLib.dylib

422 /Applications/ScanSnap/Lib/libMarkerOCR.dylib

423 /Applications/ScanSnap/Lib/libOCRControl.dylib

424 /Applications/ScanSnap/Lib/libP2IDOCTYP.dylib

425 /Applications/ScanSnap/Lib/libf5alocrl.dylib

426 /Applications/ScanSnap/Lib/libf5awzbin.dylib

427 /Applications/ScanSnap/Lib/libf5awztbl.dylib

428 /Applications/ScanSnap/Lib/libf5memctl.dylib

429 /Applications/ScanSnap/Lib/pfocrwrp.dylib

430 /Users/USER/Library/Application Support/Firefox/Profiles/b2e415u7.default/gmp-gmpopenh264/1.5.3/libgmpopenh264. dylib

431 /Users/USER/Library/Application Support/Google/Chrome/WidevineCDM/1.4.8.866/_platform_specific/mac_x64/libwidev inecdm.dylib

432 /usr/local/clamXav/lib/libclamav.6.dylib

433 /usr/local/clamXav/lib/libclamunrar.6.dylib

434

435 App extensions

436

437 com.agilebits.onepassword4.safariextensioncompanion

438 com.getdropbox.dropbox.garcon

439 com.microsoft.onenote.mac.shareextension

440 uk.co.canimaansoftware.clamxav.ClamXav-Latest

441

442 Non-loading kernel extensions

443

444 /System/Library/Extensions/AppleOSXUSBNCM.kext

445 - com.apple.driver.AppleOSXUSBNCM

446 - Software Signing

447

448 Installations

449

450 ScanSnap Manager: 3/31/16, 8:50 AM

451 MacScanSnapReceiptV15L40UpWW: 3/31/16, 8:48 AM

452 ScanSnap Organizer: 3/31/16, 8:44 AM

453 ScanSnap Manuals: 3/31/16, 8:43 AM

454 CardMinder: 3/31/16, 8:43 AM

455

456 Elapsed time (sec): 313

Reply

Answer 10

Linc Davis

Level 10

209,547 points

Apr 19, 2016 7:56 AM in response to ECTimeLord

A

Please disconnect the external hard drive and the UPS temporarily and see whether there's an improvement. I doubt that there will be, and in that case the problem may be caused by an internal hardware fault.

Make a "Genius" a ppointment at an Apple Store, or go to another authorized service provider. You may have to leave the machine there for several days.

Back up all data on the internal drive(s) before you hand over your computer to anyone. There are ways to back up a computer that isn't fully functional—ask if you need guidance.

If privacy is a concern, erase the data partition(s) with the option to write zeros* (do this only if you have at least two complete, independent backups, and you know how to restore to an empty drive from any of them.) Don’t erase the recovery partition, if present.

Keeping your confidential data secure during hardware repair

Apple also recommends that you deauthorize a device in the iTunes Store before having it serviced.

*An SSD doesn't need to be zeroed.

B

The test results show other issues, probably not related to the original question.

You're on a Wi-Fi network that uses the obsolete and insecure WEP security standard. If it's your network, that's very dangerous. Please change your router's settings so that it uses WPA 2 Personal security. If it doesn't support that standard, it should be replaced. I can't give you specific instructions for changing the setting, because all routers are different. Refer to the manufacturer's documentation.

C

"ClamXav Sentry" is not working and should be removed from your login items in the Users & Groups pane of System Preferences. Preferably, "ClamXav" should be removed entirely, since it serves no real purpose. Never install any "anti-virus" or "anti-malware" software again, as it's all worse than useless.

Reply

Answer 11

ECTimeLord Author

Level 1

12 points

Apr 19, 2016 8:00 AM in response to Linc Davis

Thank you very much. Will do all the steps you recommend, remove Clam, fix the security issues. Question, why is ClamAx worse than useless? I am interested in your thoughts. I very much appreciate your input and will update you.

Reply

Answer 12

Linc Davis

Level 10

209,547 points

Apr 19, 2016 8:11 AM in response to ECTimeLord

Mac users often ask what they should do protect themselves from malicious software ("malware")—often loosely called "viruses"—and in particular, whether they should use "anti-virus" (AV) or "anti-malware" software. The short answer to the latter question is "no," but that answer may give the wrong impression that there is no threat to defend against. There is a threat.

1. This is a comment on what you should—and should not—do to avoid malware that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions.

It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it. AV software is not intended to, and does not, defend against such attacks.

The comment is long because the issue is complex. The key points are in sections 5, 6, and 12.

OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as file quarantine, execute disable, sandboxing, system integrity protection, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.

2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."

The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.

The following caveats apply to XProtect:

☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.

☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.

As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.

3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't been checked for security by Apple unless it comes from the App Store, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)

Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:

☞ It can easily be disabled or overridden by the user.

☞ A malware attacker could find a way around it, or could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.

☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.

Apple has taken far too long to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. Those lapses don't involve App Store products, however.

For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.

4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background. It checks for, and removes, malware that matches a recognition database maintained by Apple. To ensure that MRT will run when that database is updated, open the App Store pane in System Preferences and check the box marked

Install system data files and security updates

if it's not already checked.

Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise it has no user interface.

5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, not machine behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.

The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in effect, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.

Software from an untrustworthy source

☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.

☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.

☞ Rogue websites such as CNET Download, MacUpdate, Soft32, Softonic, and SourceForge distribute free applications that have been packaged in a superfluous "installer."

☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.

Software that is plainly illegal or does something illegal

☞ High-priced commercial software such as Photoshop is "cracked" or "free."

☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.

Unsolicited offers or advice from strangers

☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)

☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.

☞ You win a prize in a contest you never entered.

☞ A stranger on the Internet is eager to help you, but only if you download a free application of his choosing. He assuresyou that you can trust him, or that you can trust his friend who wrote the application. If you demur, he insists.

☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.

☞ Anything online that you would expect to pay for is "free."

Unexpected events

☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.

☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any download that isn't what you expected it to be.

☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.

☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.

Looking for help in all the wrong places

☞ You need technical support, so you search the Web for a term such as "Microsoft Office help," expecting to find a phone number for Microsoft. Very often, the top search hit, and maybe several of the top hits, will be one of the fake tech-support scams that infest the search engines. When you call the number, you'll be connected, not to Microsoft, but to a criminal in a country with weak law enforcement. He will ask to take remote control of your computer, and for your credit card number.

☞ The danger level is especially high if you're searching for help with a malware problem. Internet criminals know that people who have already been attacked successfully are easy marks for another attack. You'll get not just a few scams in the search results, but hundreds of them. They will all be promoting AV software.

I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack and other kinds of exploitation. Any of the above scenarios should, at the very least, make you uncomfortable.

6. The emergence of data-destroying "ransomware" for the Mac has made backing up all data a part of the defense against attack. Since an infected machine could destroy its own backups, at least one backup device must always be offline. For example, you could rotate your backup drives, keeping one with you or at another site. That strategy also protects against a physical threat such as fire or theft.

7. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.

Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.

Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.

Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.

8. Another perennial weak point is Adobe Flash Player. Like Java, Flash is in well-deserved decline, but Flash content is still much more widespread than Java content on the Web. If you choose to install the Flash plugin, you can reduce your exposure to Flash by checking the box marked

Stop plug-ins to save power

in Advanced tab of the Safari preferences window, if it's not already checked. Consider also installing a Safari extension such as "ClickToFlash" or "ClickToPlugin." They will prevent Flash content from loading automatically, and will also cause non-Flash video to be substituted for Flash on YouTube and maybe some other sites. I've tested those extensions and found them safe, but you should always do your own research before deciding whether to trust any third-party software.

9. Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.

Although it may seem counter-intuitive, you should never install any AV or "Internet security" products for the Mac if you have a choice, as they are all worse than useless. If you're required by a (mistaken) institutional policy to install some kind of AV, pick one of the free apps in the Mac App Store—nothing else.

Why shouldn't you use AV products?

☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.

☞ The design is usually predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system—a common cause of instability and poor performance.

☞ By modifying the operating system, the software may also create weaknessesthat could be exploited by malware attackers.

☞ Most importantly, a false sense of security is dangerous. That fact pertains to all AV software there will ever be, no matter what else changes.

Using AV software sets you up for double exploitation: by malware attackers, from whom the software doesn't protect you, and by the AV industry itself. The latter will often try to hook you with a free loss-leader product so it can charge you for "upgrades" later.

10. A free AV product from the App Store may serve a purpose if it satisfies a network administrator who mistakenly insists that you have some kind of AV application. It won't modify the operating system; in fact, it won't do anything unless you run it. It's harmless, provided that you don't make the mistake of thinking that it actually protects you, and that you don't let it delete or move any files. Ignore any warnings it may give you about "heuristics" or "phishing." Those warnings, if they're not merely false positives, refer to the text of email messages or cached web pages, not to malware. Also ignore any attempts to sell you a paid version of the product.

The fact that a product is in the App Store does not mean that it's any good, or that it's endorsed by Apple.

An AV app is not needed, and can't be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.

Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:

London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe

You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise.

If you're just curious as to whether a file is recognized as malware by AV engines, you can upload it to the "VirusTotal" website, where it will be tested against most of them. A negative result is no proof of anything, for the reasons stated above. I don't recommend doing this with a file that might contain private information.

11. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

12. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe, no matter what you do. Navigating the Internet is like walking the streets of a big city. It can be as safe or as dangerous as you choose to make it. The greatest harm done by AV software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.

Reply

Answer 13

MadMacs0

Level 5

5,221 points

Apr 19, 2016 4:54 PM in response to ECTimeLord

Nobody can decide whether you need A-V software other than you after becoming educated as to the threat and evaluating the cost of using it (Registration, RAM and CPU utilization). All of Linc's points are valid, but he doesn't know your situation as well as you do.

If you decide to keep ClamXav (it is only active if you want it to be and simply takes up space) and want to use Sentry, consult the Sentry Documentation, visit the ClamXav Forum or contact support@clamxav.com.

Reply