Xcode.app gets scanned by socketfilterfw (OS X Firewall) at every launch
Situation:
When I launch Xcode, socketfilterfw, OS X's application based firewall, starts using a lot of CPU.
After some research I narrowed it down to this: socketfilterfw reads all the files in Xcode.app's bundle and does this every time Xcode launches. Gigabytes of data, every time.
It doesn't matter what settings the firewall has, I tried them all. The only thing that stops this is to deactivate the firewall (before launching Xcode).
Has anyone else this effect or an idea what this is about?
Update
I just tried Xcode on a clean install (OS X and Xcode from ADC) and it did not solve it. But it started the scan not when Xcode launches but when a project gets executed (CMD-R). So it starts scanning either when Xcode launches or when executing a project.
Xcode is likely trying to use the network. This is triggering a rule in your firewall that results in Xcode's code signature being checked – requiring a read of the complete application bundle.
Experiment with the following option in OS X's firewall settings:
- System Preferences.app >
- Security & Privacy >
- Firewall >
- Firewall Options… >
- Automatically allow signed software to receive incoming connections
I have this option disabled. As a result, I am frequently prompted to allow Xcode incoming network access. I always deny access as doing so still allows local connections between Xcode and underlying development tools.
As a side note, I am unable to reproduce the behaviour you are seeing on OS X 10.10.3 and Xcode 6.3.2.
Alternative Firewalls
If you do decide to disable your Mac's built-in firewall, investigate using a third party alternative such as Little Snitch: Reasons to prefer Little Snitch over the built-in firewall
I did both options (remove from list, uncheck Automatically allow signed software to receive incoming connections), and then had to restart Xcode for the fix to take effect.