{"id":42128,"date":"2024-02-15T16:09:25","date_gmt":"2024-02-15T21:09:25","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=42128"},"modified":"2024-02-15T16:09:25","modified_gmt":"2024-02-15T21:09:25","slug":"mac-app-launches-slowed-by-malware-scan","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2024\/02\/15\/mac-app-launches-slowed-by-malware-scan\/","title":{"rendered":"Mac App Launches Slowed by Malware Scan"},"content":{"rendered":"

Jeff Johnson<\/a>:<\/p>\n

macOS is periodically scanning FileMerge for malware on launch, which causes very slow app launches. I don’t know what the exact period is between scans, but rebooting the Mac seems to reset the cache[…]. I’ve noticed the same syspolicyd<\/code> malware scanning and consequent slow launches with some other apps such as Xcode itself, Google Chrome, and Wireshark. You can even see syspolicyd<\/code> spinning up % CPU in Activity Monitor when the malware scan happens.<\/p>

[…]<\/p>

I also saw somewhat slow launching from another app bundled with Xcode, Accessibility Inspector. This app is larger than FileMerge, yet it launches much more quickly. I suspect the reason is that it links to fewer Xcode frameworks[…]<\/p>

[…]<\/p>

You may remember our friend syspolicyd<\/code> as the process that phones home to Apple when running unsigned executables<\/a>. It was also the culprit in making Xcode tools slow after reboot<\/a>.<\/p>

[…]<\/p>

I’ve now confirmed that disabling SIP does indeed eliminate the syspolicyd<\/code> malware scan. Xcode launches so fast, it’s beautiful.<\/p><\/blockquote>\n\n

Previously:<\/p>\n