Tag Archives: operating system

2025, Apple, Gadget Man, Gadget Man Projects, Macbook Pro, Matt Porter

Fixing configd 100% CPU Usage on macOS Monterey (and Disabling PPPController.bundle)

Leave a comment

For months, I battled a persistent and damaging issue on my Mid 2015 MacBook Pro — a workhorse of a machine that, even at nearly 10 years old, continues to run exceptionally well with a 2.5GHz Quad-Core i7, 16GB RAM, 1 TB SSD and macOS Monterey 12.7.6.

The system process configd would regularly consume 100% of the CPU. The fans screamed. The laptop baked. Performance tanked. Worst of all — two batteries failed completely during the years this bug went undiagnosed.

A Machine with a Backstory

This MacBook Pro actually replaced an almost identical model (with a 500GB SSD) whose keyboard had begun to fail. That original machine is now used as a secondary workstation — mostly plugged in with external monitors, keyboard and mouse and of course, rarely moved.

However, the replacement system was set up via migration from the older Mac, meaning all settings, preferences, and low-level cruft came with it. It’s entirely possible this bug — and the problematic plugin behind it — exists on the secondary machine too, simply hiding in the shadows because that Mac rarely gets unplugged or stressed.

A Hunch from the Past

Throughout the troubleshooting, I had a nagging feeling: years ago, I’d installed a PPP-based VPN service, and I couldn’t shake the idea that something related had survived the years. That memory — almost dismissed — turned out to be the smoking gun.

All the Fixes That Didn’t Work

Before getting to the actual solution, I tried everything:

  • Resetting network preferences

  • Disabling IPv6

  • Safe Mode diagnostics

  • launchctl unloads

  • Cleaning out /SystemConfiguration

  • Monitoring via top and Activity Monitor

Nothing worked. The issue was like digital rot — persistent and invisible.

Enter ChatGPT

Eventually, I turned to ChatGPT for deeper insight. Together, we sampled the configd process and analysed its call stack. That led us to the true culprit:

PPPController.bundle — a legacy dial-up/VPN plugin, long deprecated but still loading in the background.

Despite not being used in years, it was triggering configd into a CPU loop, damaging system performance and hardware.

macOS Protections (and How to Work Around Them)

macOS uses System Integrity Protection (SIP) and Signed System Volumes (SSV) to protect core files. To disable this plugin, you must bypass those protections temporarily.

The Fix (Finally)

WARNING!

DO NOT ATTEMPT ANY OF THE FIXES BELOW WITHOUT CONSULTING A TRAINED APPLE EXPERT! YOU ARE FIDDLING WITH THE WORKINGS OF A COMPUTER AND RISK PERMANENTLY LOSING THE CONTENTS OF YOUR HARD DRIVE. PLEASE, PLEASE!!! TAKE A FULL BACKUP BEFORE ATTEMPTING ANYTHING LIKE THIS.

IT TOOK SEVEN ATTEMPTS TO FIX THIS PROBLEM WITH THE ASSISTANCE OF CHATGPT, SO IT FAILED SIX TIMES BEFORE THE ISSUE WAS RESOLVED.

Step 1: Reboot into macOS Recovery (Cmd + R)

Open Terminal from the menu.

Step 2: Disable protections

bash
csrutil disable
csrutil authenticated-root disable
reboot

Reboot again into Recovery after this.

Step 3: Mount the system volume

bash
mount -uw /Volumes/Macintosh\ HD

Step 4: Disable the plugin

bash
mv /Volumes/Macintosh\ HD/System/Library/SystemConfiguration/PPPController.bundle \
/Volumes/Macintosh\ HD/System/Library/SystemConfiguration/PPPController.bundle.disabled

Step 5: Bless the system snapshot

bash
bless --folder /Volumes/Macintosh\ HD/System/Library/CoreServices --bootefi --create-snapshot
reboot

Confirming It Worked

  • top -o cpu showed configd no longer topping the chart

  • configd -v | grep -i ppp showed nothing — the plugin was gone

  • The Mac ran cooler, quieter, and battery health stopped declining

Re-enabling Protections

After verifying stability:

bash
csrutil enable
csrutil authenticated-root enable

Then reboot normally.

Final Thoughts

This wasn’t your average support task. It took two dead batteries, countless failed attempts, a hunch from years back, and finally the help of ChatGPT to trace configd’s madness back to a plugin that had long outlived its purpose.

If you’ve ever migrated from an older Mac, especially one where you’d used PPP-based VPNs or dial-up tools, this issue may be lurking silently in your system too — especially if that system is mostly docked or plugged in. For me, it nearly cooked a great machine.

Now? My Mid 2015 MacBook Pro is back to being a quiet, powerful daily driver — and I intend to keep it that way.

Have a similar story? Reach out  or connect with me on social media. Let’s keep our ageing tech running better than new.

Crowdstrike, Gadget Man, Matt Porter, Microsoft, Podcast, Technology, The Gadget Man, Worldwide Outage

Global Windows Crash Crisis: Crowdstrike Falcon Sensor Update “Defect” Disrupts Key Sectors Worldwide

Leave a comment

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Email | TuneIn | RSS | More

Today, I’m addressing a significant issue affecting numerous Windows users worldwide. Reports have emerged of widespread crashes, commonly referred to as the “blue screen of death,” impacting various critical sectors, from transportation to banking and media.

I spoke with Sarah Julian at BBC Radio WM about the worldwide problems that continue to persist

Understanding the Issue:

The root cause of these crashes has been traced back to an overnight software update for CrowdStrike’s Falcon Sensor. For those unfamiliar, Falcon Sensor is a security tool designed to act as a sentinel for your computer, monitoring and protecting against malicious activities. A single corrupted system file from this update is causing Windows systems to crash upon booting.

Why This Matters:

Windows holds a substantial market share, with 72% of global computers running this operating system. The automatic update to Falcon Sensor has inadvertently introduced a fault, leading to these severe crashes. The update, once applied, seems to corrupt system functionality, causing the dreaded blue screen on countless machines.

Impact Across Sectors:

The ripple effect of this issue is profound. The update has disrupted services across various sectors:

  • Transportation: Both train and plane operations have been hampered.
  • Banking: Financial institutions are facing operational challenges, with payment systems affected.
  • Media: Broadcast systems have been affected, causing interruptions, including Sky News and CBBC.
  • Healthcare: NHS GP surgery systems are impacted, with reports of doctors having to handwrite prescriptions.
  • Emergency Services: Even essential services like emergency call centres have not been spared.
  • Airports: Airports, including Birmingham Airport, have reported issues with check-in services, and operations at the Port of Dover are also impacted.

Al Lakhani, CEO of IDEE, said:

“Many people might be thanking Microsoft for their accidental day off, but countless businesses are suffering due to Microsoft’s and their partners’ failure to maintain their services. This incident underscores the importance of businesses thoroughly researching and vetting their cybersecurity solutions before implementation. Microsoft clearly fell short in this regard, and we are witnessing a cascade of operational failures around the world as a result.”

“CrowdStrike’s platform approach, which relies on a single agent focused on detection, might seem good at first glance, but as we can see, it can create significant issues. For instance, agents require installation and maintenance of software on multiple different OSes, adding layers of complexity and potential points of failure. Moreover, agents can become a single point of failure, as a bad update can compromise the entire network, as seen with the SolarWinds attack.

“The lesson here is blindingly obvious: investing in cybersecurity is not just about acquiring the latest or most popular tools but ensuring those tools are reliable and resilient. This is why businesses must prioritise agentless solutions like MFA 2.0, which reduce the risk of widespread failures and ensure more resilient defences.”

Cloudstrike Falcon Sensor Blue Screen of Death BSOD Global Outage
Cloudstrike Falcon Sensor Blue Screen of Death BSOD Global Outage

Current Status and Actions:

Microsoft has acknowledged the problem and stated that a fix is in place. However, this does not immediately rectify the situation for all affected devices. Many computers remain non-functional, and a manual fix may be required. One proposed solution involves removing the corrupted update link to restore system operations.

Security Concerns:

This incident raises critical questions about our reliance on third-party providers and the level of access they have to our systems. The Falcon Sensor update had kernel-level access, the deepest level of system access, which allowed it to cause such widespread disruption.

Tech Alert Windows Crashes Related to Falcon Server
Tech Alert Windows Crashes Related to Falcon Server

Moving Forward:

As we navigate this challenging situation, it’s essential to stay informed and take proactive steps to secure our systems. Further updates will be provided as new information becomes available and solutions are implemented.

For now, if you’re experiencing issues, consult with your IT department or follow the suggested manual fix to remove the problematic update. Manual intervention is likely to be needed to address the corrupted system file causing the crashes. Stay vigilant and prioritise your system’s security.