Etrecheck..Remote management in lockdown mode w/ system integrity ?

pyro_phoria wrote:

Etrecheck..Remote management in lockdown mode w/ system integrity ?

You are going to have to formulate your question more clearly. No one has any idea what you are talking about.

I know I probably shouldn't worry since engineering said it was fine :)

Who is "engineering"? I can assure you that you have never, and will never, talk to anyone in "engineering" at Apple. That being said, the 1st tier tech support person wasn't wrong. You don't have any security concerns.

I am just concerned because my phone now won't turn on after restoring it with this computer which I got on July 4th?

Here are instructions from Apple to reset your phone: Reset iPhone settings to their defaults - Apple Support

If that doesn't work, you will need to take your phone to an Apple Store or Authorized Apple service provider.

EtreCheckPro

EtreCheck is not going to help with iPhone problems.

Is this bad do you think? It says it is excellent. So probably no one is remoting into my computer in lockdown mode even without a network. Haha.

No one is remoting into your computer even without lockdown mode. You've just fallen victim to internet scams. You should probably reset your computer like you need to do with your phone. Then, be more careful about 3rd party software. You don't need lock down mode. You don't need 3rd party "security" apps. You don't need any "clean up" apps.

P.S. does a developer want to help me with a bounty.

Nope.

You’ve posted a list of network activity, and a whole lot of network connections is utterly normal and expected and benign.

Absent direct access to your Mac, and investigating which apps are active, and then what those apps are doing, nobody can tell if that immense list is entirely benign. Which very likely is benign.

To learn more about this topic area, Beej’s guide to networking programming might help learn about sockets and the socket API, or probably better to start with an IP-focused book such as Tanenbaum’s Computer Networks book, or similar.

All modern systems and all smartphones make extensive use of network connections, too. IoT devices are a little more limited in their chatter, but those too use networking.

To learn more about macOS and iOS and iPadOS, consider acquiring the three-volume OS X Internals book by Jonathan Levin.

Next on your path toward learning about security here would be a book or some classwork on digital forensics, and on blue-teaming security concepts.

Given the reported panic, I’d expect bad or unstable or flaky hardware, or add-on apps that are problematic. Typically not caused by security too, absent background- and risks-related information about your context you shouldn't post here.

All that written, netstat on a Mac is exceeding unlikely to be relevant to an iPhone panic.

Get the iPhone hardware looked at, or the Mac hardware looked at, if it is crashing at all regularly.

iPhone, iPad, and macOS can and variously have had malware. iPhone and iPad malware has been fairly rare and targeted, based on available information. Mac malware has been a little more common, but that also tends to be folks that sought out and installed the problematic apps. Add-on security apps and related, adware, “free stuff” apps, add-on VPN apps, that sort of stuff tends to be more privacy- or stability-problematic.

If you believe you are a target for espionage-level tooling, then you really need more specialized help with your security than can be offered around here, too.

pyro_phoria wrote:

What does x86 only mean?

It means the app only has the old Intel code. It does not have the newer Apple Silicon code. There's nothing wrong with this. Such software will run fine. But Apple's new Mac chips have been out for 4 years now. Any software that still does not have native Apple Silicon code has likely been abandoned by its developer. It is likely to cause problems in the future, not because of the Intel vs. Apple Silicon, but just because the software obviously isn't being updated anymore. As Apple continues to modify the operating system, software that hasn't been updated in years is more and more likely to stop working or exhibit bugs.

I use "x86" instead of "Intel" because "Intel" is a trademark and I don't want to get sued.

What is com.apple.WebKit.WebContent.CaptivePortal?

I don't know. All I know for sure is that it is genuine Apple software and not malicious in any way. EtreCheck found a valid Apple signature for it.

Apple doesn't document its internal components like this. All anyone can do is guess. There is a good description in this thread (What is com.apple.WebKit.WebContent.Capti… - Apple Community). It seems plausible enough. I see no reason do doubt it. I just can't guarantee it.

What is Wish.app?

I'm pretty sure it is a user interface for the ancient Tcl/tk scripting language. I can't tell you any more. I'm pretty old, but Tcl/Tk is before my time. I'm sure it is part of some poorly-written, 3rd party app.

It is important to mention previous devices due to the pattern of my Mac's being corrupted. My M1 before February (computer #3) was corrupted due to a file in /private/var/ folders which the engineers said to delete. I did not have access to the file; it did not exist on my computer. They told me to erase the computer.

That's just standard procedure. There was likely no corruption or problem of any kind. People install all kinds of 3rd party system modification apps and such apps cause all kinds of problems. Apple tends to just wipe the device to restore it to a factory-fresh condition. That does fix most problems.

What is "unexpected kind 198 which 0xc6?" ?

No clue. I just wrote the EtreCheck app. If it doesn't show up in EtreCheck, I don't know anything about it.

This looks like some random low-level error code. I'm sure it means nothing at all. There are many thousands of these errors that are constantly happening inside your Mac. It's all totally normal. It's an operating system held together with strapping wire and duct tape, about to blow a gasket at any minute.

The computer is not dirty?

No. Therefore, there is nothing that needs to be "cleaned up".

I asked that you please demonstrate sensitivity.

If sensitivity is the only thing you'll respond to, then you're doomed to be played by scammers six ways from Sunday. They will always tell you want you want to hear. They're lying to you.

The computer constantly crashes so I thought it was slow due to the system data. I immediately deleted the apps realizing that didn't make sense.

I recommend starting a new question, from scratch, with that information. Don't say anything about "hacking" or "security" or "remoting into". None of that is happening. Please will see that, swarm, and play you like fiddle for them own amusement. I'm not kidding. This may be an Apple site, but it's still the internet. It's not a safe space.

pyro_phoria wrote:

How sure are you when you can assure me?

Sorry, I don't understand.

This was the work authorization of my previous computer, which was replaced for free.

If that compare has been replaced, then there is no point in talking about it anymore.

3rd party plugins were authorized by iLok antipiracy to make sure they weren't fake.

Never heard of iLok before. It seems to be some kind of USB device and/or service for developers to prevent software piracy. This software isn't designed to protect you. It is designed to protect software developers against people who download cracked versions of expensive apps.

I most certainly did not download 644 apps.

Most of the apps listed in an EtreCheck report are Apple apps that come pre-installed with the operating system. My computer lists 631 apps. 579 of these are Apple apps.

But since you're confused, I will change the next version of EtreCheck to more clearly identify how many of those apps are built-in Apple Maps.

the computer generated 46 GB of system data.

46 GB of system data is totally normal. In fact, it is exceptionally good. Here are a couple of recent questions from people having problems with "system data":

How do I optimise storage used by system … - Apple Community

What is "normal" System Data size for an … - Apple Community

There are hundreds more. Sometimes people have hundreds of GBs of "system data".

It is why I downloaded the cleaner apps.

Your computer is not dirty.

I will be waiting a response. I would most appreciate a useful answer that isn't dismissive and rude. Please demonstrate sensitivity.

All I can do for you is tell you that EtreCheck is not going to be of any help.

pyro_phoria wrote:

I know I probably shouldn't worry since engineering said it was fine :) I am just concerned because my phone now won't turn on after restoring it with this computer which I got on July 4th?

EtreCheckPro vers

<EtreCheck.log>

ion: 6.8.5 (68049)

Report generated: 2024-07-22 00:22:30

Download EtreCheckPro from https://etrecheck.com

Runtime: 1:41

I always wondered why the computer asks if scopedbookmarkagent can use the login keycahin without a network when I am recording music?

Not sure what you think the network has to do with anything. That agent needs a password that is stored in your login keychain. The keychain doesn't just store internet passwords.

Is this bad do you think? It says it is excellent.

That is a relative speed rating, not a comment on what you have installed. The "Excellent" rating means Etrecheck was able to collect all of the data it displayed in the normally expected amount of time.

So probably no one is remoting into my computer in lockdown mode even without a network. Haha.

Probably, nobody is remoting into your computer if it was not in lockdown mode and if it was connected to a network. You could even come close to "absolutely."

If you don’t know what the output is telling you, why did you run the command?

I can know absolutely nothing about your Mac or network but can unequivocally state you have never been hacked and never will be hacked unless you specifically invited it to happen.

can you interpret it for me? I ran the command to ask for help. Thanks for asking.

No. Why did you run the command? What were you hoping to discover? Did you read somewhere that command would tell you something? What were you hoping it was going to tell you.

From the man page, it shows you have services listening for a connection. Nothing abnormal about that. That's what network services do when they don't have any connections.

I don't see any issue with this.

The support person noted your list of issues and tried to test the computer. It constantly rebooted so they suspected a bad logic board. None of that verified any of the issues you presented to them. You had a Mac with a failed logic board.

Supposing you were actually hacked, nobody here can help you analyze the computer. There are no logs, screenshots, or anything else that can demonstrate the existence of a hacker. If you really think you were hacked, you need to hire an individual who will sit down at your computer and analyze it in person.

If you hire a legitimate security specialist, they will tell you there is nothing wrong with your Mac.

If you hire a less than honorable person, they will tell you there are multitudes of problems which they can repair for only a small percentage of your life savings.

pyro_phoria wrote:

Please post a link to a textbook or Apple article so I can better understand since you cannot interpret it. I already read the man page and did not find complete information. It is why I Asked The Community.

I told you I have no ability to interpret the output of netstat. All I can do is read the man page which pretty clearly states there is something listening for network connections. It also clearly indicates you displayed no network connections being active.