Hi,
recently my Little Snitch firewall has detected the process rapportd trying to connect or receive connection from multiple IPs (like 200 + of them) from all around the world, including Russia, China and Pakistan.
Can anybody comment on what is going on?
MacBook Pro 15", macOS 10.14
Apple has a daemon that manages Handoff (part of Continuity).
There is also a IBM "security" piece of garbage that Banks push customers to install. It is called Trusteer Rapport.
It also runs a daemon called rapportd. It runs from this path: /Library/Rapport/bin/rapportd.app/Contents/MacOS/rapportd
So, if you can tell where the daemon is running from, you might be able to tell them apart.
Here is the Man page for Apple's rapportd:
rapportd(8) BSD System Manager's Manual rapportd(8)
NAME
rapportd -- Rapport Daemon.
SYNOPSIS
Daemon that enables Phone Call Handoff and other communication features
between Apple devices.
Use '/usr/libexec/rapportd -V' to get the version.
LOCATION
/usr/libexec/rapportd
No, I'm just wondering if it is telling you something that is not true.
What does Activity Monitor say rapportd is doing?
I never use any third party security apps on my macs.
…
Little Snitch firewall has detected
Those two sentences are orthogonal and do not intersect.
I don't know why yours is contacting all of those servers. Having it on most of the day, mine has only sent 2kB of data (23 packets).
Perhaps your "not third party security app" is not functioning properly.
Yeah, I kind of got so much used to little snitch that I forgot it falls under the category.
So, you idea is that it is the Little Snitch itself that uses the rapportd to connect to hundreds of IPs? I find that very doubtful.
I will continue investigating, and as a last resort I have already downloaded the Mojave install app. I guess maybe its time for full erase and reinstall....
strange to have two separate utilities running under same name, but either way that does not explain multiple connections to IPs from around the globe!
My culprit is the Apple built in utility located at /usr/libexec/rapportd
I never use any third party security apps on my macs.
Maybe if you tell us if it is Trusteer or Apple's process we could try to help. If it is Trusteer, what other third party apps are installed that claim to protect your computer?
Post an etrecheck report so that we can better see what may be contributing to your issue.
Rapportd process tries to connect to hundreds of IP addresses - what is going on?
