Jump to content
valuedcustomer

RTProtectionDaemon Full Disk Access on Mojave

Recommended Posts

During my Premium trial, I noticed many "RTProtectionDaem" file system permission deny errors in the Console app when running on Mojave.

I decided to try adding /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app to Full Disk Access in System Preferences / Security & Privacy:

FDA.png.6ba2cadf00aabec71a72d690d2c508ce.png

After that all the Console errors stopped, and I also noticed a reduction in CPU usage for RTProtectionDaemon.

I couldn't find any info regarding this in the user manual or on the forums, so I just thought I'd post it in case it might help anyone else is seeing issues with Premium on Mojave.

Share this post


Link to post
Share on other sites

Thanks for your feedback.

Malwarebytes for Mac is slightly impacted by Mojave's new privacy protections. The software needs to be able to scan for Safari extensions, which are in a protected folder in Mojave. Unfortunately, Mojave does not trigger a permission request alert when a background process (like RTProtectionDaemon) tries to access such resources. This means that it will throw errors in the logs.

The good news is that this doesn't affect detections from a practical standpoint. Mojave only allows certain verified Safari extensions to load from Safari's extensions folder. This means that the adware extensions can no longer load from this protected folder, so there should be nothing to detect there on Mojave. Still, it can't hurt to add RTProtectionDaemon to the Full Disk Access list, and the only data Malwarebytes for Mac will use that permission to look at is Safari extensions. It will not look at things like your e-mail messages, browsing history, etc.

I haven't seen any other reports of performance issues caused by this issue, but we'll look into that.

Share this post


Link to post
Share on other sites

Thank you for the info!

I was seeing errors on far more directories than just Safari Extensions:

error	11:12:16.380345 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.AddressBook.plist
error	11:12:16.450804 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.homed.notbackedup.plist
error	11:12:16.482700 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.AddressBook.plist.jRkBQDX
error	11:12:16.498165 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.homed.plist
error	11:12:16.506978 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Messages
error	11:12:16.507332 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/HomeKit
error	11:12:16.547984 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Mail
error	11:12:16.590979 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Safari
error	11:12:16.599280 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Suggestions
error	11:12:16.616164 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/PersonalizationPortrait
error	11:12:18.142231 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Cookies
error	11:12:20.806274 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/IdentityServices
error	11:12:20.809638 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Calendars
error	11:12:20.845359 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.mail-shared.plist
error	11:12:20.861293 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.AddressBook.plist
error	11:12:20.885284 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.homed.notbackedup.plist
error	11:12:20.899736 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.AddressBook.plist.jRkBQDX
error	11:12:20.907199 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.homed.plist
error	11:12:20.913606 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Messages
error	11:12:20.913790 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/HomeKit
error	11:12:20.947074 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Mail
error	11:12:20.995794 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Safari
error	11:12:21.000432 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Suggestions
error	11:12:21.009104 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/PersonalizationPortrait
error	11:12:22.585268 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Cookies
error	11:12:23.760913 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/IdentityServices
error	11:12:23.763139 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Calendars
error	11:12:23.807840 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.mail-shared.plist
error	11:12:23.824618 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.AddressBook.plist
error	11:12:23.842068 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.homed.notbackedup.plist
error	11:12:23.856439 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.AddressBook.plist.jRkBQDX
error	11:12:23.863758 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.homed.plist
error	11:12:23.870585 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Messages
error	11:12:23.870712 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/HomeKit
error	11:12:23.905057 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Mail
error	11:12:23.947802 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Safari
error	11:12:23.952462 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Suggestions
error	11:12:23.961636 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/PersonalizationPortrait
error	11:12:25.347283 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Cookies
error	11:12:32.742310 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/IdentityServices
error	11:12:32.744642 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Calendars
error	11:12:32.781225 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.mail-shared.plist
error	11:12:32.797441 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.AddressBook.plist
error	11:12:32.814654 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.homed.notbackedup.plist
error	11:12:32.828201 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.AddressBook.plist.jRkBQDX
error	11:12:32.835720 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Preferences/com.apple.homed.plist
error	11:12:32.842705 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Messages
error	11:12:32.842838 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/HomeKit
error	11:12:32.876472 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Mail
error	11:12:32.935913 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Safari
error	11:12:32.940708 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/Suggestions
error	11:12:32.954135 -0600	kernel	Sandbox: RTProtectionDaem(61) System Policy: deny(1) file-read-data /Users/***/Library/PersonalizationPortrait

and that's only 15 seconds' worth, so it seemed reasonable to assume it might impact performance with that high of an error rate.

Share this post


Link to post
Share on other sites

A question to Treed
I was not able to put RTProtectionDaemon in full access to the disk, but I put the Malwarebytes application directly. (see attached picture)
May it have negative implications for privacy but not only?
Thank you
A greeting
Massimiliano

1922750210_Schermata2018-11-15alle14_11_06.jpg.dd6b9e41f8876fd7dfe2fa3400320e7a.jpg

Share this post


Link to post
Share on other sites

Adding the Malwarebytes app won't actually help, so I don't recommend adding it. You would need to add RTProtectionDaemon, but you can't navigate there from the dialog you get by pressing the + button.

To add it, choose Go to Folder from the Go menu in the Finder, then paste the following path into the dialog that appears:

/Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app

Then click Go. This will reveal the RTProtectionDaemon app in the Finder.

Then, in System Preferences -> Security & Privacy -> Privacy -> Full Disk Access, click the padlock at the bottom left of the window to unlock the preferences, then drag the RTProtectionDaemon app into the list. That should add it.

Share this post


Link to post
Share on other sites

I made the changes you advised me. (see attached picture)

One question: but the manual / scheduled scanning process haven't the same access problems?

Thanks

474614791_Schermata2018-11-15alle15_33_09.jpg.1cad1dfc8dccb058b6072263640e9e03.jpg

 

Share this post


Link to post
Share on other sites

Yes, any scan will have this issue, but RTProtectionDaemon handles both cases. (Its name is not entirely accurate at this point... it's not only used for RTP.)

Share this post


Link to post
Share on other sites

I would like to point out that the Titanium Software Maintenance software deletes this Malwarebytes setting in the privacy section of macOS.

I do not know if it is caused by the software in question, Malwarebytes or Apple.

If it is possible to carry out a verification

The software is free and is located at this link

I have always found it useful for occasional system maintenance. If it is not recommended to please let me know.

Thank you

Greetings

Massimiliano

 

P.S.: for some time I no longer have the possibility to edit posts in case of error. If you can solve. Thank you

Share this post


Link to post
Share on other sites
2 hours ago, MAXBAR1 said:

 for some time I no longer have the possibility to edit posts in case of error.

The edit prompt is only available for a short time after you submit the post, so it probably expired before you discovered your error.

Share this post


Link to post
Share on other sites
4 minutes ago, alvarnell said:

The edit prompt is only available for a short time after you submit the post, so it probably expired before you discovered your error.

Unfortunately, I do not seem to be able to edit even after the post has been published; not even 1 second after publication

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.