> On Apr 23, 2020, at 7:30 PM, Allan Odgaard via Cocoa-dev
> <cocoa-dev@lists.apple.com> wrote:
>
> On 24 Apr 2020, at 2:18, Rob Petrovec wrote:
>
>> I get a 1 second time for the first run and then a much quicker time for the
>> second. I did some sampling and the longer time due to is Apple’s check for
>> malware on first run of a process. This is a known, documented and
>> advertised behavior.
>
> I would be very interested in documentation about what low-level APIs (like
> execve) do malware checks (network access), under which conditions they are
> performed, what servers are contacted, and what sort of caching of good/bad
> results are done.
>
> Is any of that documented?
Here is some from a quick Google search. I think the feature in
question is XProtect. With a little more time I could probably find more
in-depth docs.
https://www.apple.com/macos/security/ See the 'Protection starts at
the core’ section
https://support.apple.com/guide/mac-help/protect-your-mac-from-malware-mh40596/mac
https://www.howtogeek.com/217043/xprotect-explained-how-your-macs-built-in-anti-malware-works/
> There is also blacklisting going on: I can get an executable locally
> blacklisted which will cause it to terminate instantly when executed. This
> seems to be about some run-time code signature validation, and when it
> happens, it appears to be the inode that gets blacklisted until next reboot,
> but more info about this would be nice.
Depending on where the app is being terminated, I would suspect it is
the same “Allow apps downloaded from” feature in the General section of the
Security & Privacy Pref pane.
>> […] So I don’t think this test is analogous to your initial issue of a delay
>> opening a file every time.
>
> I said I get a similar delay the first time my app obtains URL properties¹
> for ~/Desktop, ~/Documents, and, ~/Downloads, and I included sample code for
> this issue.
Sorry I forgot what your initial problem was. However, my statement
still applies. Getting the localized string for a folder is completely
different then the launching app.
> Perhaps you would be willing to add this sample code to a GUI application and
> see if you can reproduce? I re-attached it below, and have the result written
> to /tmp/duration.txt so you don’t have to fiddle with capturing log output.
I tried it (although I changed it from writing a file to disk to
NSLog() and it spit out:
default 19:58:53.343324-0600 Test Foo Duration 0.003
—Rob
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
