SIGKILL from macOS 24h disk-write budget mislabeled as "blocked by endpoint security" on unmanaged personal Mac (~2.1 GB launch write burst, Cowork VM pre-warm)
Open 💬 0 comments Opened Jul 3, 2026 by sklar1000
Summary
On an unmanaged personal Mac (no MDM, no EDR), Claude Code was repeatedly SIGKILLed by macOS's per-process 24-hour disk-write budget, and Claude Code's crash detector mislabeled every kill as "blocked by endpoint security" — advising the user to "ask IT to allowlist Team ID Q6L2SF6YDW." That advice is unactionable on a personal machine (there is no IT, and nothing blocks on code signature). This is the same false-positive family as #58626 and #59292, with the actual root cause diagnosed below.
Environment
- macOS Darwin 25.5.0, personal/unmanaged (verified: no MDM profile, no Jamf, no CrowdStrike/SentinelOne/Defender)
- Claude Desktop with bundled claude-code (2.1.187 and 2.1.197 both present in
~/Library/Application Support/Claude/claude-code/) - Cowork previously adopted on this machine (
vm_bundles/claudevm.bundlepresent, currently 5.8 GB; not actively used since ~May 2026)
Evidence (from macOS diagnostic reports)
Two disk writes resource-exception diagnostics were captured (filenames preserved from investigation notes; the originals have since been rotated out by macOS — I can re-capture a fresh one on request, as the write pattern recurs at every app launch):
Claude_2026-06-04-050738_*.diag— "disk writes … 2147.49 MB … exceeding limit … over 86400s". The process had written ~2.1 GB of dirty pages in ~5.4 h (~4.4x the budgeted rate) and was SIGKILLed. 4 kills over 4 consecutive days (~24h recurrence, matching the rolling budget window). Each kill produced the "blocked by endpoint security" popup.Claude_2026-06-14-152810_*.diag— fired 3m42s after an app restart, showing 2147.49 MB of file-backed memory dirtied in 57 seconds (~37.5 MB/s) against the same2147.48 MB / 86400slimit (this event was non-fatal,Action taken: none).
Analysis
- The budget is metered at the resource-coalition level (desktop app + CLI sessions + MCP servers + node children together), not per-PID.
- The ~2.1 GB write burst happens at app launch — the dominant plausible mechanism is the pre-warm/boot of the bundled Cowork VM disk image (
vm_bundles/claudevm.bundle, 10 GB at the time of diagnosis), which dirties the memory-mapped image on every launch even when Cowork is never used. - Consequently "restart the app" makes things worse: each restart adds a ~2 GB spike to the rolling 24h counter rather than resetting it.
- Team ID
Q6L2SF6YDWis genuinely Anthropic's (matches the binary signature), so the endpoint-security popup points users at allowlisting an ID that is already fine.
Asks
- Fix the SIGKILL classifier: before labeling a SIGKILL "endpoint security," check for a matching macOS resource-exception diagnostic (
disk writes/ jetsam) and surface the real cause. On unmanaged machines the endpoint-security message is always wrong. - Trim the launch write storm, or make the Cowork VM pre-warm opt-out for users who don't use Cowork — same ask as #57371 (filed for Windows CoworkVMService; this is the macOS equivalent evidence).
Related
- #58626, #59292 (endpoint-security false-positive reports)
- #57371 (no user-facing toggle for the bundled Cowork service)