10

Since I'm on Monterrey (from Mojave), there is syspolicyd process ALWAYS using 35-45% on the CPU!

If I leave the laptop in idle, syspolicyd (Apple Gatekeeper) consumes an average of 37% of the processor; NON-STOP.

This sometimes heats up and the fan to spin. But the main problem is that this drains the battery of the laptop!
I already have virtual machines or Docker or Kubernetes already sucking out all the power.
With this update and the arrival of syspolicyd I practically cannot use my laptop as a mobile device! The battery will be drained.

What I tried:

How do I prevent it from continuously hogging the CPU?
How do I eventually disable the service alltogether?

Kamafeather
  • 446
  • See https://apple.stackexchange.com/questions/378796/syspolicyd-is-killing-my-battery-on-a-new-macbook-pro-repeatedly-scanning-and-r and https://apple.stackexchange.com/questions/392521/syspolicyd-producing-huge-amount-of-read-on-disk – Tetsujin Dec 07 '21 at 12:49
  • I already checked them & tried all the solutions there, thanks. Neither of those questions provide a working solution to the problem. – Kamafeather Dec 07 '21 at 12:59
  • It's always best to document what you have researched & tried already - it saves duplicated effort. – Tetsujin Dec 07 '21 at 13:05
  • @Kamafeather How long has this problem been going on for? - Is it a few hours, or weeks and months? - Does htis problem occur if you create a new user account and login as that user only? – jksoegaard Dec 07 '21 at 23:21
  • With continuous use it goes on since a week, since I upgraded macOS. – Kamafeather Dec 08 '21 at 00:49
  • 1
    My 2020 Intel Air has this exact problem. Monterey, syspolicyd dominates all other processes, even after a fresh restart with no opened applications. As i write this, syspolicyd is the top of Activity Monitor if i order by either CPU or CPU Time.

    I should add, i have tried renice, nice, disabling gatekeeper entirely, manually allowed Dev and Full Disc Access to common apps, etc. Nothing i have tried seems to have a measurable impact.

     – Ben Roux Dec 08 '21 at 20:47
  • I've finally found the issue and a solution!! Check my answer below! – Kamafeather Jan 14 '22 at 04:00

1 Answers1

6

I figured it out!

Solution

check in the macOS Console.app, filtering by syspolicyd.
There will be lines that are marked with a yellow dot .

Find those where is reported something like:

Kernel Extension BLOCKED "com.malwarebytes.mbam.rtprotection"

or

Kernel Extension BLOCKED "org.pqrs.driver.Karabiner.VirtualHIDDevice.v061000"

  • In my case I've then found out that Malwarebytes' Kext was deprecated. Reinstalling fixed the extension.

  • With Karabiner, the re-install triggered again the request to enable the extension in System Preferences.
    It finally asks to Allow the extension in "Preferences"->"Privacy & Security" ‼️

So, instead of cleaning manually, just download and re-install the most recent version of the software providing the extension, and suddenly syspolicyd will drop to zero % CPU usage‼️

Rationale

Apparently the issue is with extensions not being Allowed. Even though I am sure I've checked several times in Privacy&Security, there was no sign of any requested extension (so the OS fails to keep a memory record about that required permission).

This was leading the system to waste CPU cycles trying to load an unprivileged extensions and fail, cutting 1/3 of performance and battery life away.

This is a bug in the OS but hopefully this fix will finally improve a lot of users that were left grudging without a clue and a down-performing "upgraded" system.

Kamafeather
  • 446
  • Where exactly in the Console.app should I look? (which of the tabs in the sidebar) – Y. Gherbi Aug 23 '22 at 17:44
  • Oh and what permission did Karabiner exactly need in your case? Maybe I can check and manually add it, I might face the same issue – Y. Gherbi Aug 23 '22 at 17:45
  • Did you try to COMMAND+SPACE and type "Console"? Or looking into the Applications folder? – Kamafeather Aug 23 '22 at 19:45
  • 1
    About Karabiner, the best way I found to retrigger the extension message is to uninstall and reinstall the app. This seems to be a standard procedure that worked and allowed me to fix with all the other apps that also have an extension. – Kamafeather Aug 23 '22 at 19:46
  • Yes, I have the Console app open but I was asking about the tabs in the sidebar. I see about 6 types of "Reports". Which one should I search in? – Y. Gherbi Aug 26 '22 at 00:47
  • 1
    I don't know the exact one, I filter through the main list (Devices->MacBook); or you might try System.log, honestly I can't remember but I don't think I ever had to choose a section: I simply Start Streaming the system events and then look through them, helping myself with the Search box or looking for the yellow circle mentioned in the answer. Sorry if I can't help you better. – Kamafeather Aug 26 '22 at 20:41
  • Sadly I see errors but get no helpful info: Unable to find URL for target: <private>, or error registering ticket: -1, Target is revoked: PST: (vuid: 7833708A-2328-4478-842F-5FA5CD7C41BF), (objid: 1254311), (team: (null)), (id: (null)), (bundle_id: (null)), and Unable to parse ticket.. Would be superhelpful to have a modicum of additional info in Console app. – Chris Paveglio Nov 20 '22 at 18:38
  • I can't help much, I'm not using macOS atm (and anyway the errors are already fixed). – I recall only by memory but... try filtering the Console output with keywords like syspolicyd, or Extension or kernel, and look for entries that show a warning/error that are marked with yellow/red dot. Or try checking the other subsections in the left pane of Console. – IF extensions are the issue, then you'll find something by insisting in digging the logs. – Kamafeather Nov 23 '22 at 16:51
  • If somebody else manages to fix the issue, hopefully they can update my answer with more details. – Kamafeather Nov 23 '22 at 16:52