Kernel Panic, but not sure ?

Discussion in 'Mac Basics and Help' started by Aniej, Apr 21, 2007.

  1. Aniej macrumors 68000

    Aniej

    Joined:
    Oct 17, 2006
    #1
    Antivirus all of the sudden started crashing on me. I got this message in the apple report log when I send the report

    Exception: EXC_BAD_ACCESS (0x0001)
    Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x0000000c

    Is that a kernal panic or something different?

    What is a kernal panic and why does it happen?

    Also, is it indicative of something else about to happen such as a HDD failure?

    can anyone help with this?
     
  2. plinden macrumors 68040

    plinden

    Joined:
    Apr 8, 2004
    #2
    No, that's just a program crash log.

    Apple Docs: What is a kernel panic?

    Try the following steps until it no longer crashes:
    1. Create a new user and log into it. Does it still crash?
    2. Remove the application preferences and relaunch it. Does it still crash?
    3. Remove the application, and if you really must have a virus checker, reinstall it. Does it still crash?
    4. Remove the application totally. You won't get a virus, currently.

    What application is it anyway?
     
  3. Aniej thread starter macrumors 68000

    Aniej

    Joined:
    Oct 17, 2006
    #3
    oh sorry, I thought I said that. It is Norton Antivirus.
     
  4. zephead macrumors 68000

    zephead

    Joined:
    Apr 27, 2006
    Location:
    in your pants
    #4
    That may be your problem. Norton has been known to cause more harm than good on Macs, just by the way the program is constructed.
     
  5. Aniej thread starter macrumors 68000

    Aniej

    Joined:
    Oct 17, 2006
    #5
    Interesting. A few people said that on here, but I was skeptical, but I am hearing it more and more. Are Macs in anyway susceptible to spyware and junk like that so as to warrant spybot search and destroy? I am actually writing a paper for law school on cyberwarfare, which I know a lot more about than basic spyware stuff, but am increasingly becoming interested in different security precautions for Apple. Maybe I will post a separate thread addressing that issue, but I just wanted to respond to your point.
     
  6. MarkMS macrumors 6502a

    Joined:
    Aug 30, 2006
    #6
    Short version of what I want to say:

    No need to have applications like Ad-Aware and Search&Destroy for spyware on OS X yet. Nothing big has hit OS X. As the Mac user base increases, so do the risks of crackers/"hacker" finding exploits for personal gain.

    ---

    Long Version:

    If you must have some Antvirus (AV) scanner, rather than running Norton, try other alternatives like ClamXav. Apple uses the ClamAV engine in the server edition of OS X. ClamXav is just the GUI on the Clam engine, so it is easier for average consumer to run a quick test to make sure Windows partitions are not infected with viruses whether it is in Bootcamp or Parallels. OS X AV scanners shouldn't be used as if you are going to get in OS X virus tomorrow and that it would protect you, but it should be used as a means protect others who do run Windows or another OS on a network. I don't use Norton, ClamXav or the others like Virex from McAfee. My emails/files already go through servers with anti-virus checking in place to protect those who use Windows. I do, however, use Grisoft's AVG for Windows XP in Parallels.

    I personally love Apple and OS X. I may be a "fanboy", but I do keep in mind that there is no such as a 100% secure OS. OS X and *Unix come close, but still have problems. No problems with spyware/viruses in OS X yet, but we need to stay aware that it could be a possibility.

    How to stay aware (few quick steps I use when I get a new Mac) ...

    1. Do not run the default Administrator account for everyday use. Make another account that does not administer the computer. When you need to install an app, install it normally ... but it will ask you to authenticate. You enter the admin account name and its associated password. It takes a few seconds, but it will give you some good protection in the long run. Just make sure to remember that it will only ask you for admin username/pass when installing apps, not for things like viewing pictures from a folder in Preview, listening to .mp3s, or when unzipping a file.

    2. Enable the firewall. Go to System Preferences and enable it.

    3. If you use Safari, untick the checkbox about opening "safe" files automatically. In theory, people can use it against you for gain access to the computer. I don't know if anyone ever attempted it.

    4. Optional: I use an app called "Little Snitch". It lets you know about all incoming/outgoing connections your computer is making to the internet. Very useful. I'm sort of paranoid when it comes to security, so this is a must for all my Macs at home.

    There are more tips, but I can't find the site I saw a while ago with a PDF on everything about securing OS X from using FileVault in SysPrefs and so on. Maybe someone here knows what I'm talking about and remembers the site.
     
  7. Aniej thread starter macrumors 68000

    Aniej

    Joined:
    Oct 17, 2006
    #7
    I really appreciate the time you spent on putting that list together, it is really great. Thank you! Do you have any hints as to the PDF you were referring to? as in some distinguishing word in the title, date, website it was on? I would really like to take a look at it or any other sites that similarly address security.
     
  8. MarkMS macrumors 6502a

    Joined:
    Aug 30, 2006
    #8
  9. Al Storck macrumors newbie

    Joined:
    May 16, 2008
    #9
    Norton AntiVirus 11 and Safari 3.1.1 Kernel panics

    Hello,

    2.4 GHz iMac, Intel Core 2 Duo, running Leopard (Mac OS 10.5.2). All the latest updates have been installed (Time Capsule being used with Time Machine). But several of the kernel panics did occur prior to the Time Capsule being installed.

    All the kernel panics occurred when running Safari 3.1.1. The following is from the last panic log.

    Fri May 16 12:51:37 2008
    panic(cpu 1 caller 0x001A8C8A): Kernel trap at 0x006bb367, type 14=page fault, registers:
    CR0: 0x8001003b, CR2: 0x0000003c, CR3: 0x01131000, CR4: 0x00000660
    EAX: 0x00000000, EBX: 0x00000000, ECX: 0x00000000, EDX: 0x00000000
    CR2: 0x0000003c, EBP: 0x5ad7b708, ESI: 0x00000061, EDI: 0x56d54928
    EFL: 0x00010202, EIP: 0x006bb367, CS: 0x00000008, DS: 0x06c00010
    Error code: 0x00000000

    Backtrace, Format - Frame : Return Address (4 potential args on stack)
    0x5ad7b4f8 : 0x12b0f7 (0x4581f4 0x5ad7b52c 0x133230 0x0)
    0x5ad7b548 : 0x1a8c8a (0x461720 0x6bb367 0xe 0x460ed0)
    0x5ad7b628 : 0x19ece5 (0x5ad7b640 0x5ad7b68c 0x5ad7b708 0x6bb367)
    0x5ad7b638 : 0x6bb367 (0xe 0x640048 0x6c00010 0x190010)
    0x5ad7b708 : 0x6b5a4c (0x0 0x5ad7b98c 0x0 0x0)
    0x5ad7b9b8 : 0x6b617f (0x5ad7baa4 0x3e9 0x1 0x3a362f)
    0x5ad7b9f8 : 0x3b98d2 (0x6ab8600 0x8c057f8 0x0 0x5ad7baa4)
    0x5ad7ba48 : 0x3a93a4 (0x8c057f8 0x0 0x5ad7baa4 0x0)
    0x5ad7ba98 : 0x245f4f (0x8c0583c 0x56db0d00 0x1 0x301000a)
    0x5ad7bc78 : 0x23baa0 (0x56db0d00 0x14 0x14 0x6)
    0x5ad7bcb8 : 0x23d822 (0x56db0d00 0x14 0x6 0x0)
    0x5ad7bdd8 : 0x23d85e (0x56db0d00 0x0 0x5ad7be48 0x13679a)
    0x5ad7bdf8 : 0x2297b6 (0x2 0x56db0d00 0x7027d14 0x0)
    0x5ad7be38 : 0x2187c5 (0x2 0x56db0d00 0x5ad7be88 0x1369ad)
    0x5ad7bec8 : 0x214f04 (0x7169004 0x2 0x56db0d00 0x3e859c)
    0x5ad7bef8 : 0x21565d (0x5258e4 0x6f2cb48 0x2 0x5ad7bf74)
    Backtrace continues...
    Kernel loadable modules in backtrace (with dependencies):
    com.symantec.kext.ips(1.2f28)@0x6b2000->0x6d0fff
    dependency: com.symantec.kext.internetSecurity(1.1f10)@0x6a9000

    BSD process name corresponding to current thread: kernel_task

    Mac OS version:
    9C7010

    Kernel version:
    Darwin Kernel Version 9.2.2: Tue Mar 4 21:17:34 PST 2008; root:xnu-1228.4.31~1/RELEASE_I386
    System model name: iMac7,1 (Mac-F42386C8)


    Note the reference to com.symantec.kext.ips and com.symantec.kext.internetSecurity near the end of the log. Would this be an indication that these files are causing the kernel panics?

    The Norton AntiVirus 11 uninstall application would not work so I rooted through my startup drive to eliminate all files (and there were quite a few) associated with this installation. I then reinstalled the application and updated with Live Update. I am watching to see if the problem presists after this fresh install. Certainly, if it does and can be directly attributable to an installed file by Norton AntiVirus 11, I will once again uninstall the application. This time for good.

    Thank you for any assistance / clarification you could provide.

    Al
     
  10. ElectricSheep macrumors 6502

    ElectricSheep

    Joined:
    Feb 18, 2004
    Location:
    Wilmington, DE
    #10
    It can be an indicator. I depends on where kernel loadable modules appear in the backtrace. This line helps determine this:

    com.symantec.kext.ips(1.2f28)@0x6b2000->0x6d0fff

    So, any instructions in the kernel between the addresses of 0x6b2000 and 0x6d0fff belong to "com.symantec.kext.ips". If one steps through each frame in the backtrace, we see the following.

    These three frames are the kernel dealing with the page fault exception. The first frame listed is the most recent as we are progressing backwards in time. This frame is the actual panic() function which generated this log and halted your machine.

    The next three frames are responsible for tripping the page fault, which panicked the kernel. These frames belong to "com.symantec.kext.ips". I know this because the addresses above that are highlighted in blue fall within the address range we picked out above.

    These remaining frames are the kernel processing a single inbound TCP/IP packet.

    In short, the kernel received a single incoming TCP/IP packet, handed off to the symantec module which then caused a page fault. A page fault inside of the kernel is almost certainly fatal, so a panic() was done.

    It looks like that the symantec kernel extension is indeed responsible for causing these kernel panics. Remove the extension, and the panics should no longer occur.
     

Share This Page