Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

System log analysis to identify the cause of unintentional file deletion

Hi.

Please help me with analyzing the system log.


My several files located in the desktop and document folder were unintentionally moved into the trash box at the same time 12:12, but I have no idea why this happened. The strange thing is that several files were moved but the others were not. I am scared if it was caused by the control via the remote connection from the external environment.


Thank you in advance.


Posted on Oct 21, 2021 3:34 AM

Reply
Question marked as Best reply

Posted on Oct 23, 2021 5:46 PM

naoki97 wrote:

Finally, I appreciate analyzing the system log and providing the useful links.

The System Logs with recent versions of macOS are completely worthless as they include so much junk and developer log entries that are not useful to an average user. Plus many of the system logs are sanitized so any potential information has been deleted for security reasons. You will just go crazy trying to examine the macOS system logs which also contain a lot of scary sounding entries that are completely harmless.


Uninstall all third party apps that are Cleaners/Optimizers/Anti-Virus/VPN
these are all know to cause issues on the macOS
> By the way, kindly give me more the details. I checked this, but I am not getting why you recommend this.

These types of apps are not needed on a Mac and they usually cause more problems than they solve. Plus they impact system performance and interfere with the normal operation of macOS. These forums are full of posts where users are having severe macOS issues which are immediately resolved after properly uninstalling these types of apps by following the developer's instructions. Some of these apps are very close to being malware themselves and even formerly respected apps now are selling your personal information.


You do not need these types of apps on a Mac. Those manufacturers & developers spend lots of money marketing these useless apps by scaring users. If you see these types of apps recommended by a professional technical reviewer, then most likely that reviewer has a Windows background and is not truly familiar with macOS and is trying to get more hits for his website. macOS security is excellent already as long you as a user practices safe computing habits. The user is always the weakest link in all security measures.


Similar questions

17 replies
Question marked as Best reply

Oct 23, 2021 5:46 PM in response to naoki97

naoki97 wrote:

Finally, I appreciate analyzing the system log and providing the useful links.

The System Logs with recent versions of macOS are completely worthless as they include so much junk and developer log entries that are not useful to an average user. Plus many of the system logs are sanitized so any potential information has been deleted for security reasons. You will just go crazy trying to examine the macOS system logs which also contain a lot of scary sounding entries that are completely harmless.


Uninstall all third party apps that are Cleaners/Optimizers/Anti-Virus/VPN
these are all know to cause issues on the macOS
> By the way, kindly give me more the details. I checked this, but I am not getting why you recommend this.

These types of apps are not needed on a Mac and they usually cause more problems than they solve. Plus they impact system performance and interfere with the normal operation of macOS. These forums are full of posts where users are having severe macOS issues which are immediately resolved after properly uninstalling these types of apps by following the developer's instructions. Some of these apps are very close to being malware themselves and even formerly respected apps now are selling your personal information.


You do not need these types of apps on a Mac. Those manufacturers & developers spend lots of money marketing these useless apps by scaring users. If you see these types of apps recommended by a professional technical reviewer, then most likely that reviewer has a Windows background and is not truly familiar with macOS and is trying to get more hits for his website. macOS security is excellent already as long you as a user practices safe computing habits. The user is always the weakest link in all security measures.


Oct 23, 2021 10:08 AM in response to naoki97

naoki97 wrote:

Hi.
Please help me with analyzing the system log.

My several files located in the desktop and document folder were unintentionally moved into the trash box at the same time 12:12, but I have no idea why this happened. The strange thing is that several files were moved but the others were not. I am scared if it was caused by the control via the remote connection from the external environment.




One off anomaly are not unheard of, glitches happen, accidental key entries happen...



Not sure what is this "control by a remote connection" ...(?)


Turn off Sharing if this is your concern


File Sharing Allowing Access:

Set up file sharing on Mac - Apple Support

Allow a remote computer to access your Mac - Apple Support

Share your Mac screen, files, and services with other users on ...

Copy files with Remote Desktop - Apple Support

Allow Apple Remote Desktop to access your Mac

Use the Finder to share files between your Mac and your ...




<myiMac com.apple.xpc.launchd[1] (com.apple.mdworker.shared.02000000-0200-0000-0000-000000000000[83656]): Service exited due to SIGKILL | sent by mds[124]\ >


Uninstall all third party apps that are Cleaners/Optimizers/Anti-Virus/VPN

these are all know to cause issues on the macOS

Oct 23, 2021 10:55 AM in response to naoki97

As security is a concern, might I suggest learning a little more about and some thought spent toward better securing your environment?


This thought starts with robust and unique Apple ID password, as folks get in trouble with password re-use, and with poorly-chosen passwords, and passwords that otherwise become known to others. passwords are utterly fundamental to your security. Remote access into your Mac is, well, easiest when the attacker knows or can guess your password. Re-using passwords is a great way to get in deep trouble.


Work through the Apple password security recommendations, too. Password security recommendations - Apple Support


Beyond robust and unique passwords, enabling two-factor authentication can give you a “last chance” defense against account takeover, if the miscreant has acquired or guessed your Apple ID and password through phishing or otherwise.


What’s phishing, you might ask? Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support


Another important step toward upgrading your security is to have Time Machine or other backups configured and running. Preferably with decent storage capacity allocated to Time Machine to allow some depth of backups, too.


If your information is important enough to warrant additional backups, have rotating backups and some of which are disconnected and kept off-site and rotated back. This as backups are your recovery path from security breaches, from accidents and other causes of data loss, and as it’s a whole lot harder to damage (or flood, or burn, or wind) not-local and disconnected backups.


Here are some steps that Apple suggests for upgrading your own security, when personal security really matters:

Device and Data Access when Personal Safety is At Risk


Wading through logs is approximately futile for most issues, until you know more about what sort of attack you’re looking for. Logs have massive amounts of cryptically- or scarily-worded data, much of which is only useful to the app developers and to Apple, at most. You’re looking for a needle in a whole lot of haystacks, and without really being sure of what the particular needle you’re seeking even looks like.


From the provided log, I see a whole lot of Spotlight chatter, which is usually normal.


From the log, I also see Avast installed, which is of a class of apps that I generally don’t recommend installing, and that I would remove. Avast is blocking some activities which appear normal, as well. Avast in particular has had some privacy surprises, too.


Here is some anti-malware-related related reading: Effective defenses against malware and other threats - Apple Community


As for the files ending up in the trash, I tend to cause that myself when I’m deleting one or more files, and mistakenly select one or more additional files I hadn’t intended to delete. Backups are helpful here too, as Time Machine with decent depth-of-backups allows you to recover files even after the trash has been emptied.

Oct 23, 2021 8:57 PM in response to naoki97

Hey Naoki97!


Just curious if you sync your Desktop and Documents with iCloud. (You can check in System Preferences > Apple ID > iCloud > iCloud Drive > Options). Or if you did before this incident.


Disabling this wouldn’t account for being moved to the Trash. But do you have an “iCloud Drive Archive” folder in your home folder? (Finder > Go > Home).


If so, what do you see in there, because any time you disable this feature, you’re asked if you want to save a copy to your Mac, the data removes itself from Desktop and Documents, and moves the data into this folder.


Add your Desktop and Documents files to iCloud Drive:

https://support.apple.com/en-us/HT206985


If I’m way off, then apologize, it’s just the first thought that went through my mind, as I’ve been experienced before. I did also notice the CloudDocs log, maybe related, maybe not, cheers, hope you figure it out!

Oct 23, 2021 4:08 PM in response to MrHoffman

This is the nice opportunity for me to revisit the security environment.

  • Apple ID & Password -> Two-factor authentication is already turned on, if anyone attempts to log into my account, I am supposed to be notified.
  • Time Machine - My mac is always taking its back up and syncing with Time Machine.
  • OS - I keep the OS in up to date as much as I can.
  • Third party security software - I will study the packages in the detail and choose the robust one.


Finally, I appreciate analyzing the system log and providing the useful links.

Oct 23, 2021 10:26 PM in response to naoki97

Thanks for that. We’re you able to check if you had an iCloud Archive folder? And if so, the date it was added/modified? I think knowing that may help to rule/not rule out the iCloud angle.

As for remote controlling, etc. Is your Mac managed by an institution or company using MDM or configuration profiles?

Cheers.

Oct 23, 2021 10:45 PM in response to HWTech

These types of apps are not needed on a Mac and they usually cause more problems than they solve. Plus they impact system performance and interfere with the normal operation of macOS. These forums are full of posts where users are having severe macOS issues which are immediately resolved after properly uninstalling these types of apps by following the developer's instructions. Some of these apps are very close to being malware themselves and even formerly respected apps now are selling your personal information

Third party app, this may be one of the cause, I think. I am trying to find out the suspicious app. Thank you for your help.

Oct 23, 2021 10:53 PM in response to DiZoE

We’re you able to check if you had an iCloud Archive folder? And if so, the date it was added/modified? I think knowing that may help to rule/not rule out the iCloud angle.

> Yes. The archive folder itself is modified today, but none of the included folders have been modified since February, 2021.


As for remote controlling, etc. Is your Mac managed by an institution or company using MDM or configuration profiles?

> No, completely for private. I do not think this is the true cause according to the replies.

System log analysis to identify the cause of unintentional file deletion

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.