macOS 12.6.1 Update on Apple Silicon with BlockBlock v2.1.4 com.apple.MobileSoftwareUpdate.UpdateBrainService

objective-see / BlockBlock

BlockBlock provides continual protection by monitoring persistence locations.

GNU General Public License v3.0

619 stars 38 forks source link

macOS 12.6.1 Update on Apple Silicon with BlockBlock v2.1.4 com.apple.MobileSoftwareUpdate.UpdateBrainService #53

Closed rudelm closed 1 year ago

rudelm commented 1 year ago

Hi,

I've just tried to run the Software Update for macOS 12.6.1 update with BlockBlock v2.1.4 running and was greeting by a flood of permission checks for

com.apple.MobileSoftwareUpdate.UpdateBrainService

I've allowed some of them but have disabled BlockBlock for the time being, so that the update process can finish. There's no way to accept all requests of the update. I wonder if the update will succeed with BlockBlock interfering this much.

Is this a known problem? What should be the suggested excemption rule for the UpdateBrainService?

rudelm commented 1 year ago

At least the update succeeded. I left all windows open and let the installer run. BlockBlock is now enabled again. I've accepted a few of the UpdateBrainService requests, but would like to clean them up from the rules list. Is there a way I can filter for a given string, so that I can remove all of the entries at once?

ok, that's a different thing that was already requested in #45

quartermarsh commented 1 year ago

Same here. I just force quit the helper. This was on BlockBlock v2.0.4 so it appears this situation was not dealt with in v2.1.4. Glad to hear the update succeeded at least.

What should be the suggested excemption rule for the UpdateBrainService?

Inquiring minds want to know, although while it was happening those alerts were coming so fast I couldn’t even get a rule scope dialogue to stay visible.

Ultimately, I think this is something quite unexpected which is worth investigation by the developement team.

quartermarsh commented 1 year ago

@objective-see Is this related to #38?

objective-see commented 1 year ago

@objective-see Is this related to #38?

@quartermarsh, it appears to be related to #52. Just released a v2.1.5 with a fix 🤞

rudelm commented 1 year ago

Thank you @objective-see I've just downloaded and updated manually, since it wasn't detected as an update yet from the app itself. Its still working so far and I'm looking forward to the next macOS update to test it :) But from looking at #52 it seems to be the same issue and if that changed RegEx fixes it, I'm fine with closing this and commenting any follow up problems there if you want?

objective-see commented 1 year ago

Thanks @rudelm! 🙏🏽 Yes, same issue as #52 ...closing out both as this now should be fixed! (See: https://github.com/objective-see/BlockBlock/commit/ed7d7b653f609b783a3ac6b482a3845a20da03a6)

(Can re-open if the fix proves to be insufficient)

quartermarsh commented 1 year ago

@objective-see 🙏

On Thu, Nov 10, 2022 at 9:19 PM, Objective-See Foundation @.***> wrote:

@.***(https://github.com/objective-see) Is this related to #38?

@.***(https://github.com/quartermarsh), it appears to be related to #52. Just released a v2.1.5 with a fix 🤞

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>