User profile for user: PowWow332
PowWow332 Author
User level: Level 1
22 points

Account users terminal list

I ran dscl . -list /Users to see the list of users on my Mac, im not sure if all of them are "authentic" can someone please tell me if any of them look off? for example, _mysql, _postgres, _clamav. im not too sure what they are, thanks!

_accessoryupdater


_amavisd


_analyticsd


_aonsensed


_appinstalld


_appleevents


_applepay


_appowner


_appserver


_appstore


_ard


_assetcache


_astris


_atsserver


_audiomxd


_avbdeviced


_avphidbridge


_backgroundassets


_biome


_calendar


_captiveagent


_ces


_clamav


_cmiodalassistants


_coreaudiod


_coremediaiod


_coreml


_corespeechd


_ctkd


_cvmsroot


_cvs


_cyrus


_darwindaemon


_datadetectors


_demod


_devdocs


_devicemgr


_diagnosticservicesd


_diskimagesiod


_displaypolicyd


_distnote


_dovecot


_dovenull


_dpaudio


_driverkit


_eligibilityd


_eppc


_findmydevice


_fpsd


_ftp


_gamecontrollerd


_geod


_hidd


_iconservices


_installassistant


_installcoordinationd


_installer


_jabber


_kadmin_admin


_kadmin_changepw


_knowledgegraphd


_krb_anonymous


_krb_changepw


_krb_kadmin


_krb_kerberos


_krb_krbtgt


_krbfast


_krbtgt


_launchservicesd


_lda


_locationd


_logd


_lp


_mailman


_mbsetupuser


_mcxalr


_mdnsresponder


_mmaintenanced


_mobileasset


_mobilegestalthelper


_modelmanagerd


_mysql


_naturallanguaged


_nearbyd


_netbios


_netstatistics


_networkd


_neuralengine


_notification_proxy


_nsurlsessiond


_oahd


_ondemand


_postfix


_postgres


_qtss


_reportmemoryexception


_reportsystemmemory


_rmd


_sandbox


_screensaver


_scsd


_securityagent


_sntpd


_softwareupdate


_spotlight


_sshd


_svn


_swtransparencyd


_systemstatusd


_taskgated


_teamsserver


_terminusd


_timed


_timezone


_tokend


_trustd


_trustevaluationagent


_unknown


_update_sharing


_usbmuxd


_uucp


_warmd


_webauthserver


_windowserver


_www


_wwwproxy


_xserverdocs


daemon


********* (my user)


nobody


root

Posted on Apr 5, 2025 11:59 AM

Reply
Question marked as Top-ranking reply
User profile for user: leroydouglas
leroydouglas
Community+ 2025
User level: Level 10
198,870 points

Posted on Apr 5, 2025 12:15 PM

PowWow332 wrote:

I ran dscl . -list /Users to see the list of users on my Mac, im not sure if all of them are "authentic" can someone please tell me if any of them look off?


Nothing looks off.

the whole dump from A to Z < _accessoryupdater...._xserverdocs > all part of the Directory Service.



You would be better off with a more refined command


This will list all registered users on you computer that you would be interested in for a list of users:

dscl . list /Users | grep -v '_'



normal example would be similar here:

daemon

YourUserName

nobody

root

View in context
17 replies
Question marked as Top-ranking reply
User profile for user: leroydouglas
leroydouglas
Community+ 2025
User level: Level 10
198,870 points

Apr 5, 2025 12:15 PM in response to PowWow332

PowWow332 wrote:

I ran dscl . -list /Users to see the list of users on my Mac, im not sure if all of them are "authentic" can someone please tell me if any of them look off?


Nothing looks off.

the whole dump from A to Z < _accessoryupdater...._xserverdocs > all part of the Directory Service.



You would be better off with a more refined command


This will list all registered users on you computer that you would be interested in for a list of users:

dscl . list /Users | grep -v '_'



normal example would be similar here:

daemon

YourUserName

nobody

root

Reply
User profile for user: leroydouglas
leroydouglas
Community+ 2025
User level: Level 10
198,870 points

Apr 5, 2025 2:22 PM in response to PowWow332

PowWow332 wrote:

Thanks for the link, this is my first Mac product, it’s a 2019 M1 MacBook pro, was _clamav something preinstalled on all Mac products? I’m assuming it is, and didn’t come with something i specifically installed. Thanks for taking time and responding to me, it’s much appreciated!


I am confident there are many many things in that long list you have no idea about.


The reference above goes back to OS X 10.5 from 2006. The _clamav still shows up in current package and shows up in the most recent macOS 15.4. I would not be concerned. You have no control there.


I would not waste any more time on a non-issue.

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
145,055 points

Apr 5, 2025 1:07 PM in response to PowWow332

Could you provide some background on this?


Because this topic can head in different directions.


It’s quite difficult to prove a negative, for instance; that no compromise exists.


When looking at account listings, consider that an attacker could compromise a legitimate account, or could replace a legitimate account with their own. They could enable root access and set a password, here.


If you suspect or have evidence of an existing compromise, you’re usually headed for a re-install from known-good sources.


_clamav is part of macOS 13. I don’t have macOS 15 handy to check. But given concerns about _clamav, this discussion certainly looks familiar.

Reply
User profile for user: PowWow332
PowWow332 Author
User level: Level 1
22 points

Apr 5, 2025 1:12 PM in response to MrHoffman

I was looking into the users on my mac, not for any particular reason, but i noticed “_clamav”. When i searched it up, i noticed it was related to clam anti-virus, but i don’t remember installing that software. I just want to know if it’s a standard user that pops up when you check the users, nothing more. Is it from an external app installed on my mac, or something that’s already there. Thanks for your response!

Reply
User profile for user: PowWow332
PowWow332 Author
User level: Level 1
22 points

Apr 5, 2025 1:46 PM in response to leroydouglas

That screenshot from your device, correct?


Also, thanks for this, I simply just wanted to know if others saw this on their machine, or if it was something just on mine. I really gotta stop worrying about things like this because they are out of my “skill level”. I notice nothing wrong with my mac, no slow downs, no pop-ups, i just explore in my own time and find something that has a “scary” name, and i fall into a loop of thinking my device is compromised.. Once again, thanks!

Reply
User profile for user: leroydouglas
leroydouglas
Community+ 2025
User level: Level 10
198,870 points

Apr 5, 2025 2:04 PM in response to PowWow332

PowWow332 wrote:

That screenshot from your device, correct?

Also, thanks for this, I simply just wanted to know if others saw this on their machine,


yes this is my current working macOS 15.4 screen shot from the Terminal.app


you can also see it listed in the deprecated article going back to Security Update 2009-001...

About the security content of Security Update 2009-001 - Apple Support


Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
145,055 points

Apr 5, 2025 3:22 PM in response to PowWow332

PowWow332 wrote:

I’m trying to move away from this, but my mac is 2019 m1. If this isn’t something pre-installed on my mac, how could it have gotten there? Regardless, it’s not something i should be generally be worried about, right?


ClamAV is not installed on your Mac. No Mac has had ClamAV pre-installed in the last decade or so.


As for “worry”, there are certainly other things to be aware, which can include the sorts of problems that can arise from add-on security apps, from “coffee shop” VPN apps, bad password choices including re-used passwords, two-factor authentication not being enabled on an Apple Account, lack of encryption, and a variety of other security-related topics.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Account users terminal list

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up