Jump to content

RTProtectionDaemon / there’s an issue with the process’ code signature


Recommended Posts

Hi

I have been ruining Malwarebytes a while on my mac, thanks for l making it available. Definitely provides an air of security.

Today I saw this error message from "Little Snitch" about the RTProtectionDaemon and an issue with the process code signature [screenshot attached]:  

I could not find any info about this here, but google did provide some info on other forums. Nothing definitive though.

Do you need a system snapshot? this seems like an error outside my mac? I read this text on your site about system snapshots,

but when I look at the malwarebytes item in the menubar there is no option to "Take System Snapshot" [see second screenshot]

So, I opened malwarebytes - but there seems to be no option to take a system snapshot there either:

Include a system snapshot taken with Malwarebytes Anti-Malware for Mac on the affected system

  • Choose Take System Snapshot from the Scanner menu, in the menu bar at the top of the screen
  • When the snapshot window opens, choose Select All from the Edit menu, copy the selected text
  • Paste the copied snapshot into your post here

I hope this is sufficient info. Now that Little Snitch has blocked the RTProtectionDaemon I guess malwarebytes cant work properly?

 

Little Snitch tells me "On 15 Feb 2018, RTProtectionDaemon tried to establish a connection to sirius.mwbsys.com. The request was denied via connection alert."

thanks for your help

With my regards
 

Screen Shot 2018-02-15 at 08.06.55.png

Screen Shot 2018-02-15 at 08.23.02.png

Link to post
Share on other sites

  • Staff

There's definitely not a problem with the code signature on recent versions of Malwarebytes for Mac. There was such an issue with 3.0.1. If you are using version 3.0.1, you need to update to the latest version. You can download that from here:

https://malwarebytes.com/mac-download

If you already have Malwarebytes for Mac 3.1.1 (or later), the first thing to try is restarting the computer. If that fixes it, there was bad cached data that was refreshed.

If that doesn't fix it, something may have damaged the Malwarebytes software, either maliciously or because of disk corruption. In this case, uninstall Malwarebytes for Mac completely (open the Malwarebytes app and choose Uninstall from the Help menu), then download a fresh copy from the link above and reinstall it.

It's also entirely possible that there's an error in Little Snitch's code that is causing this issue. We've seen enough of these cases recently, without there being any issues with our code signature, that either there's an issue with macOS's ability to accurately maintain this code signature data in the kernel cache,  disk corruption is a more widespread issue than we would have thought on modern macOS, or there's a bug involving the code signature checks in Little Snitch.

Link to post
Share on other sites

  • 10 months later...

It's not just an MBAM issue, there are quite a few apps that suffer from this problem, most involve a name change at some point so this could simply be related to when Malwarebytes Anti-Malware changed to Malwarebytes. I'm pretty sure there have been discussions and I think I even passed on a recommendation from LS on one approach to working around the issue.

If you aren't willing to just hit "Ignore Code Signature", try going into LS Rules and delete everything you see involving Malwarebytes... and RTProtectionDaemon. Make sure LS is in "Alert Mode", reboot your computer, launch Malwarebytes and approve all the connection requests.

Link to post
Share on other sites

  • Staff

The problem is due to a kernel cache that gets outdated following some updates, and it can happen to any software. I don't know whether this is a macOS issue or whether the folks at Objective Development could do something about this in Little Snitch, but the simplest fix would be to just restart the computer.

I'm sure Objective Development has heard this feedback from others, but it wouldn't hurt to provide your feedback to them, in case there's something they can do about it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.