Friday, July 1, 2016 [Tweets] [Favorites]

Xcode Clobbered by socketfilterfw at Launch

Iritscen:

Every time I open Xcode, there is massive hard drive churn. iStat seems to indicate that the culprit is socketfilterfw. The computer is not properly useable again for upwards of 2 minutes since the disk churn slows everything to a crawl.

I’ve been getting this, too, except that (with an SSD) the main symptom is extremely high CPU usage. It takes more like 10 minutes to resolve.

When Xcode launches, the OS X Firewall needs to scan the entire Xcode application bundle for some reason (some kind of checksum validation?). socketfilterfw is the Firewall’s agent for doing this.

It was suggested that we fiddle with the Firewall settings under the Security preference pane to try to fix this, and I’ve found that by removing the listing for Xcode and turning off the setting “Automatically allow signed software to receive incoming connections”, it seems to have stopped socketfilterfw from taking over my computer for a couple minutes at every launch of Xcode. I also tried changing Xcode’s Firewall listing from “allow” to “block”, and this did not make a difference; only removing it from the list did.

Simply removing Xcode from the list fixed the problem for me. I’m not sure what functionality I’m losing by not allowing Xcode to accept connections.

See also: Ask Different.

2 Comments

By default the OS X firewall allows signed apps to accept connections. But in order to do that, it has to check the app to see if it is signed. Xcode is a huge app and can take minutes, even with an SSD, to check its code signature.

The easy solution is to just turn off the firewall. It doesn't do what most people think it does anyway.

@John My question is, why does removing Xcode from the list but leaving “Automatically allow signed software to receive incoming connections” checked fix the problem? I would think that since Xcode is still signed it would still need to verify the signature.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment