SIGKILL from macOS 24h disk-write budget mislabeled as "blocked by endpoint security" on unmanaged personal Mac (~2.1 GB launch write burst, Cowork VM pre-warm)

Open 💬 0 comments Opened Jul 3, 2026 by sklar1000

Summary

On an unmanaged personal Mac (no MDM, no EDR), Claude Code was repeatedly SIGKILLed by macOS's per-process 24-hour disk-write budget, and Claude Code's crash detector mislabeled every kill as "blocked by endpoint security" — advising the user to "ask IT to allowlist Team ID Q6L2SF6YDW." That advice is unactionable on a personal machine (there is no IT, and nothing blocks on code signature). This is the same false-positive family as #58626 and #59292, with the actual root cause diagnosed below.

Environment

  • macOS Darwin 25.5.0, personal/unmanaged (verified: no MDM profile, no Jamf, no CrowdStrike/SentinelOne/Defender)
  • Claude Desktop with bundled claude-code (2.1.187 and 2.1.197 both present in ~/Library/Application Support/Claude/claude-code/)
  • Cowork previously adopted on this machine (vm_bundles/claudevm.bundle present, currently 5.8 GB; not actively used since ~May 2026)

Evidence (from macOS diagnostic reports)

Two disk writes resource-exception diagnostics were captured (filenames preserved from investigation notes; the originals have since been rotated out by macOS — I can re-capture a fresh one on request, as the write pattern recurs at every app launch):

  1. Claude_2026-06-04-050738_*.diag — "disk writes … 2147.49 MB … exceeding limit … over 86400s". The process had written ~2.1 GB of dirty pages in ~5.4 h (~4.4x the budgeted rate) and was SIGKILLed. 4 kills over 4 consecutive days (~24h recurrence, matching the rolling budget window). Each kill produced the "blocked by endpoint security" popup.
  2. Claude_2026-06-14-152810_*.diag — fired 3m42s after an app restart, showing 2147.49 MB of file-backed memory dirtied in 57 seconds (~37.5 MB/s) against the same 2147.48 MB / 86400s limit (this event was non-fatal, Action taken: none).

Analysis

  • The budget is metered at the resource-coalition level (desktop app + CLI sessions + MCP servers + node children together), not per-PID.
  • The ~2.1 GB write burst happens at app launch — the dominant plausible mechanism is the pre-warm/boot of the bundled Cowork VM disk image (vm_bundles/claudevm.bundle, 10 GB at the time of diagnosis), which dirties the memory-mapped image on every launch even when Cowork is never used.
  • Consequently "restart the app" makes things worse: each restart adds a ~2 GB spike to the rolling 24h counter rather than resetting it.
  • Team ID Q6L2SF6YDW is genuinely Anthropic's (matches the binary signature), so the endpoint-security popup points users at allowlisting an ID that is already fine.

Asks

  1. Fix the SIGKILL classifier: before labeling a SIGKILL "endpoint security," check for a matching macOS resource-exception diagnostic (disk writes / jetsam) and surface the real cause. On unmanaged machines the endpoint-security message is always wrong.
  2. Trim the launch write storm, or make the Cowork VM pre-warm opt-out for users who don't use Cowork — same ask as #57371 (filed for Windows CoworkVMService; this is the macOS equivalent evidence).

Related

  • #58626, #59292 (endpoint-security false-positive reports)
  • #57371 (no user-facing toggle for the bundled Cowork service)

View original on GitHub ↗