I found a way to significantly improve the experience of running Helix applications on virtualized instances on macOS High Sierra or Mojave. First, a description of the underlying problem is in order:
By default, the macOS Malware Removal Tool (process MRT) runs when it is loaded, which occurs very soon after the first maOS User login. When Apple has updated the malware information used by MRT, or when a virtual machine used to run Helix applications has failed to properly complete the shutdown process, which High Sierra is especially prone to do, then MRT can run for a very long time. This consumes 100% of the processing capacity of typical virtual machines until MRT exits, which I have seen take more than an hour. Other processes which are less “nice” than MRT can take back some of the virtual machine’s processing capacity, but triggering that by launching Helix applications seems to promote instability, including kernel panics. In an effort to work around this, I have set Activity Monitor to launch upon login and try to wait for the CPU Load to drop to normal levels before launching any Helix application. It is not always practical to do this.
A Preference List file causes MRT to run at load. The pathname of this file is: /System/Library/LaunchAgents/com.apple.MRTa.plist. The standard version of this file causes MRT to run at load and when the macOS Notification daemon receives “com.apple.mrt-agent-ready,” apparently from some other system process, possibly the process that updates the malware information used by MRT. The com.apple.MRTa.plist file can be opened and edited by BBEdit, which includes a privileged helper tool, which must be allowed to run when macOS asks.
However, before an edited com.apple.MRTa.plist can be saved, System Integrity Protection (SIP) must be temporarily disabled on the virtual machine. Here are a few hyperlinks to instructions published online: How To Disable System Integrity Protection (SIP) On Mac?
, How to Disable System Integrity Protection in Mac OS
, and How to Disable System Integrity Protection (SIP) – Intego Support
. A few additional points should be made. Starting a virtual machine in Recovery Mode requires that the machine can detect the Command-R key combination when starting. This works when the macOS arrow cursor is over the window displaying the virtual machine as it starts on the host machine. Catching the startup process might take a couple of tries. The virtual machine window likely will be very small after the virtual machine starts. Enlarge or zoom the window to be able to see what you are doing. If you want to restart the virtual machine from the command line in Terminal, then type “reboot” at the command prompt and press the Enter key.
After SIP has been disabled, launch a compatible version of BBEdit on the VM, and open the com.apple.MRTa.plist file in the /System/Library/LaunchAgents/ folder. Lines 7 and 8 in the standard file will be:
Change the word “true” to “false” in line 8, which will make the lines:
Malware Removal Tool will still run occasionally after this change has been made, but not after every initial macOS user login. If you want to be able to conveniently run MRT manually, then create a text file named “Run MRT.sh” which contains:
sudo /System/Library/CoreServices/MRT.app/Contents/MacOS/MRT -a -r /
Make sure that macOS users in the “admin” user group have permission to execute the file, and set it to open with Terminal. Since running this shell script requires being logged in as a macOS administrator and knowing an administrator password, if you are not accustomed to setting file permissions, then it is safe to use the Finder’s Info window to allow “Read & Write” by “Everyone.” Once the script file is prepared, double-clicking it will launch Terminal, request an administrator password, and then run MRT when the Ether key is pressed.
I hope that others find this helpful.