Unknown configuration Profiles - Managed Client

I noticed for a while that my MaBooks has several processes running at boot all related to MDMclient, Managedclient, RemoteManagement, RemoteDesktop, studentd , Classroom etc...

I checked on other friend's laptops by running a series of Log Show --debug or Log stream --debug with different predicates related to the terms and the outputs came back empty.

The BETA software ended up being installed on my devices (unknowingly to me), so I thought that maybe those events were related, although I has seen these processes running on my MacBooks, prior to the BETA software and on devices that don't have the BETA installed. I turned off the BETA.

Then I noticed that 6 user configuration profiles were showing in System_reports. I also noticed plist file with reference to the software Mobile Me, running in my systems and authenticating my MacBooks to servers via tokens.

And just few moments ago, I saw the notification "Your screen is being observed" on one of my MacBooks as I turned it on. This has been a regular occurrence.

For context, my MacBook had been compromised my someone close who had access (please spare me the usual snobbish and rude doubtful comments). I have performed several factory reset and wonder if these compromise are not persistent due to the installation of a malicious MDM.

I am concerned about this. My MacBooks are for personal use and were never enrolled in MDM by me.

And one last question... In the system report of one of my MacBooks, I saw a list of disabled Samsung Software related to Samsung MDM and remote connection (no user consent). Is this a normal occurrence?

Thank You in advance for your help.

I can't stress enough that I do NOT want anyone with negative, useless, rude, answers or comments on this post.

MacBook Pro 13″, macOS 14.0

Posted on Sep 13, 2023 10:48 AM

Top-ranking reply

John Galt

Level 10

155,318 points

Posted on Sep 13, 2023 2:18 PM

Those Macs are being remotely managed by someone other than you. The solution is to erase them as you have been doing.

Consider the possibility that your Apple ID has been compromised in a similar manner, which would lead to the ability for someone else to remotely log in and use your Macs, so you need to fix that first: If you think your Apple ID has been compromised - Apple Support, after which you can proceed to erase the Macs and configure them as your own.

When you do that, also consider the likelihood that the wireless networks you have been using have also been compromised. The solution to that is to use network equipment that is exclusively yours to own and control. Use secure wireless passwords (which most people do) and change the default passwords for your wireless routers (which most people don't).

Whereas many people are quickly led to suspect some kind of genius-level "hacking" there are far more common, low-tech means of accomplishing the same thing — from someone looking over your shoulder (possibly using the reflection in a window or mirror or sunglasses or even some shiny object) as you type in personal information such as passwords or passcodes, or artfully concealed tiny cameras. Those don't need any special skills.

Never write down passwords. Anywhere. Ever.

Lots of other suggestions but you get the idea.

And one last question... In the system report of one of my MacBooks, I saw a list of disabled Samsung Software related to Samsung MDM and remote connection (no user consent). Is this a normal occurrence?

No.

View in context

Unknown configuration Profiles - Managed Client

Similar questions