1

I'd like to check my processes and see if any are suspicious ones. I could Google every single one, but starting with a list of known macOS processes would be super helpful.

This list would have processes like kernel_task in it, possibly even with a description.

Here's an example list generated by OpenAI, I'm not sure how accurate it is:

https://chatgpt.com/share/0cdd2a64-922f-4efb-8fa8-e1dbb1d76f4e

Does such a list exist (not AI-generated)?

Improve this question
2
  • Why? A microkernel has LOTS of processes. Commented Aug 14, 2024 at 23:26
  • 1
    On my Mac right now, there are 209 System processes running as root; 100 other OS processes running as various users; and 650 processes running under my user. I'd suggest that "checking each process name off a list" is neither the best nor the quickest way to monitor your system for suspicious processes. Commented Aug 15, 2024 at 9:24

2 Answers 2

Reset to default
5

Your well intentioned attempt to classify a process by name won’t handle some real world problems. Assuming Apple doesn’t release more than 10 updates a year and they don’t add more than a dozen processes on average, you’ve got a massive effort to navigate what’s changing.

Worse, there’s nothing stopping a bad actor from naming their process after one you believe to be safe. There’s a long history of valid processes being (ab)used for bad intent.

I would instead encourage you to learn about code signing, risks and benefits of loading code outside the App Store model. Get some understanding of gatekeeper and Apple anti malware tools exist where they log status, updates and possible issues.

Protection starts at the core.

The technically sophisticated runtime protections in macOS work at the very core of your Mac to keep your system safe from malware. This starts with state-of-the-art antivirus software built in to block and remove malware. Technologies like XD (execute disable), ASLR (address space layout randomization), and SIP (system integrity protection) make it difficult for malware to do harm, and they ensure that processes with root permission cannot change critical system files.

Controlling what you install, not relaxing settings designed to help you secure your apps and getting educated on security hygiene (password and biometric mistakes people can make, update cadence, backups) is a realistic task for most. Manually consulting a list that’s crowd sourced to check for suspicious tasks is a canonical Sisyphean task in my experience.

Improve this answer
1

Any process started from /System is a macOS process, and probably safe, because /System is protected by SSV. Well, safe, as long as they don't work on malicious input which changes their behaviour, but that you won't be able to see based on a list of processes anyway.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.