https://community.cisco.com/t5/endpoint-security/log-entries-re-exechandler-swift-335-quot-hash-found-in-cache/m-p/5330400#M8954 <P><SPAN>In trying to investigate the source of a Mac Book M4 Pro crash that made the trackpad unresponsive to clicks, and also killed the Dock and Application Switcher, I found multiple log entries on my Mac (running Sequoia 15.6.1) of the form “</SPAN>com.cisco.endpoint.svc.securityextension [info][<SPAN>ExecHandler.swift@335] Executable file /usr/libexec/xpcproxy - hash found in cache!”, </SPAN></P><P><SPAN>&nbsp;and</SPAN><BR /><SPAN>”endpointsecurity [info][ExecHandler.swift@335] Executable file /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdworker_shared - hash found in cache!”</SPAN></P><P><SPAN>Does “hash found in cache!” from com.cisco.endpoint.svc.securityextension refer to it finding the hash of a potentially malicious file? &nbsp;I have scanned what I believe are the relevant cache files and binaries with several antivirus engines, and did not get any hits. I do have reason to suspect that I might have been hacked by some sophisticated and malign actors, and I cannot find any matches to "ExecHandler.swift@335" (or even "swift@335") on the web (although perhaps ExecHandler.swift is a&nbsp;</SPAN>component of the Endpoint Security Extension?). Thanks.</P> Tue, 16 Sep 2025 06:10:40 GMT bobstowe 2025-09-16T06:10:40Z https://community.cisco.com/t5/endpoint-security/log-entries-re-exechandler-swift-335-quot-hash-found-in-cache/m-p/5330400#M8954 <P><SPAN>In trying to investigate the source of a Mac Book M4 Pro crash that made the trackpad unresponsive to clicks, and also killed the Dock and Application Switcher, I found multiple log entries on my Mac (running Sequoia 15.6.1) of the form “</SPAN>com.cisco.endpoint.svc.securityextension [info][<SPAN>ExecHandler.swift@335] Executable file /usr/libexec/xpcproxy - hash found in cache!”, </SPAN></P><P><SPAN>&nbsp;and</SPAN><BR /><SPAN>”endpointsecurity [info][ExecHandler.swift@335] Executable file /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mdworker_shared - hash found in cache!”</SPAN></P><P><SPAN>Does “hash found in cache!” from com.cisco.endpoint.svc.securityextension refer to it finding the hash of a potentially malicious file? &nbsp;I have scanned what I believe are the relevant cache files and binaries with several antivirus engines, and did not get any hits. I do have reason to suspect that I might have been hacked by some sophisticated and malign actors, and I cannot find any matches to "ExecHandler.swift@335" (or even "swift@335") on the web (although perhaps ExecHandler.swift is a&nbsp;</SPAN>component of the Endpoint Security Extension?). Thanks.</P> Tue, 16 Sep 2025 06:10:40 GMT https://community.cisco.com/t5/endpoint-security/log-entries-re-exechandler-swift-335-quot-hash-found-in-cache/m-p/5330400#M8954 bobstowe 2025-09-16T06:10:40Z