You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
I'm seeing a lot of logs with same signature as below, it is around 3 to 10 per second:
WindowServer: (QuartzCore) [com.apple.coreanimation:WindowServer] Long render detected. Swap 13888 took 3.3e+02s
What could be the reason, it is happening even if I don't connect to external display and no application is running. (even tried to kill all background apps)
M1 Max - Sequoia
MacBook Pro 16″
If you don't have any information about the topic why you care to reply and waste your time? I opened this topic so if anyone else have a similar finding and figured what was the problem can chime in.
I'm a SWE and figured that this could be related to the WindowServer using 10-20% cpu on idle when there's 0 window to manage. (Normally it should hover around 2-5% on said status)
Also when searching on Google I haven't found a single post mentioning this exact log so I decided to post.
During the setup after wipe and restore, I found this to be an interesting screen... I've never seen Apple refer to devices as the product name (in my case, Mac15,12):
Even more peculiar, I requested my privacy data and logs from Apple, and according to Apple, their servers believe this 2024 13" MBA (and associated serial number) is a mid-2014 15" MacBook Pro, when I've never used a MacBook Pro in my life:
Your screen shots do not match your EtreCheck report. Fearful that I had radically screwed something up, I double-checked. I only get the output:
Firewall:
Blocked apps: All
Stealth mode: enabled
when the firewall is set to block all apps.
Unfortunately, I did screw up the output when the firewall is enabled with default settings. So I appreciate your post. I hate seeing bugs in software I wrote.
YogurtD1979 wrote:
My sense is this machine is bound to a VPN that I cannot control or remove
There is no VPN software listed in your EtreCheck report.
my web content and experience seems to be altered. For example, my Google search results are different when I search from other devices.
That's standard Google behaviour.
I appear to be shown older, less relevant content going back to late 2000s to 2020 (could this be a form of censorship from a DNS-redirect or DNS cache poisoning?)
Sounds like normal internet experience.
Many System Settings pages are modified with standard options missing (e.g. Power/Battery Preferences, Network Preferences etc.) compared to the content described in the MacOS software manuals. This leads me to believe that my device may have been MDM'ed some way.
There are no MDM settings listed on your EtreCheck report. It would be best to ask questions about specific discrepancies you are seeing, along with specific Apple URLs for those documents.
Despite being logged in with Apple Account with FileVault enabled, the "Activation Lock Status" continues to be reported as "Disabled" in System Information.
FileVault is not related to Activation Lock. FileVault is a local security setting. Activation Lock is an iCloud/Apple Account setting. FileVault prevents anyone from accessing your data. Activation Lock prevents anyone from just erasing your data and living large with your laptop.
I have searched and come across references to a Mojo/Thor malware/virus that is believed to be transmitted through Thunderbolt adapters. It makes me wonder if the Apple Stores' Thunderbolt adapters may be a common vector?
Don't believe what you see on the internet. Apple Stores are not compromised and those exploits are fake.
From the EtreCheck report, it makes no sense that there are two additional ethernet adapters (en3/en4) configured as I am not connected except by WiFi (en0).
That's normal. I recommend not delving too deeply into the details. Or at least, if you choose to delve, don't automatically assume there is a malicious explanation. The explanation is usually a 30 year-old story of technological development and compromise, trying to keep as many people happy as possible.
I think it's reasonable to believe our MacOS instance is running "virtually" hosted on a surreptitiously-installed Linux installation, and running as a passthrough on machine.
No. That is not a reasonable belief.
If you look at the output from Terminal and use command: netstat -A you will see many open sockets "streaming" data. My question is, what kind of data is being streamed from my computer, or to my computer and from what source?
Nothing. Those are just technical terms. A single word may have multiple meanings. You are not allowed to automatically pick the most malicious explanation to suit an outlandish theory.
Perhaps someone will share some technical knowledge and skill and try to problem solve instead of saying "this is normal process." If it's normal, Apple should explain what it is and how it works.
So you want Apple to give you a free, graduate level computer science education? That's probably not going to happen. You'll either have to pay for it yourself or accept our assurances that everything is normal.
👍
Again, there is no reason to make this personal
Good luck with the Otherwise Friendly and free advise
A lot of logs in console related to WindowServer (Long render detected)
