User profile for user: Tamlouie
Tamlouie Author
User level: Level 1
28 points

How can I verify the security of my MacBook after an Apple tech remained remotely logged in?

Concerned...Yesterday a Mac tech (Matthew) from Apple spent over an hour on the phone assisting me with my MacBook. He had access to the system settings, helped reset my Apple Id Password, I logged in and out of iCloud (which only asks for my MacBook login password, not Apple Id's) and more with his guidance. Seemed super nice, and wasn't in a hurry or concerned about time spent. We eventually ended convo, and I proceeded to work on security issues (changing logins, passwords, moving docs, etc.) only to realize two hours later that Matthew was still remotely logged into my laptop. I immediately ended that, but am now bothered and paranoid. If he was a true Apple tech (which I did hear other agents in the background, but I suppose that could be recorded chatter?) why wouldn't he disconnect remote access when he ended the call or at the very least be disconnected when starting another support call?

The whole point for the call was with security issues and now I am unsettled and not sure if I compromised my security further. Is there any way to know for sure? Where could I look to see if his specific access during those two hours did or changed anything? Are there any specific ways or guidance suggestions for this?



[Re-Titled by Moderator]

Original Title: Apple agent did not end remote access after call had ended...what steps to do now, trying to know more about it if possible?


Posted on Jan 31, 2026 5:30 AM

Reply
Question marked as Top-ranking reply
User profile for user: Mac Jim ID
Mac Jim ID
User level: Level 9
63,914 points

Posted on Jan 31, 2026 9:13 AM

Did you initiate the Support call from the number here:

Contact Apple Support - Apple Support


Clicking a link in a Google search for Apple support has been seen as problematic as scammers will pay Google to have their link appear closer to the top of the search.


At this moment, I would recommend to post the free EtreCheck report using the Additional Text option when posting to see if there has been any software installed on your computer that may have been used for this Remote Connection or other purpose.No personal information is included in this report. Do you know what app was used to share your screen?

How to use the Add Text Feature When Post… - Apple Community


You would want to make sure the changes to your Login and Apple Account password occurred AFTER the connection was closed and if not, change them again. There is not a specific log that will track what changes that occurred in those 2 hours.

View in context
22 replies
User profile for user: Tamlouie
Tamlouie Author
User level: Level 1
28 points

Feb 3, 2026 2:36 PM in response to Mac Jim ID

Thank you kindly, it does:

Current update: date: 2026-02-03 20:25:22 +0000 version: 5327


I realize I may be asking too much, and I want to end the thread, but can anyone:

1. offer a reason as to why the tech would "remove" XProtect from the Files & Folders and Full Disc Access when it would appear there was a good reason for it being there, and

2. what has caused the issues following his remote online access even though the Etrecheck report seems clean?


I let the comment thread get out of whack on my part and I am sorry for that.





Reply
User profile for user: Servant of Cats
Servant of Cats
User level: Level 8
36,119 points

Feb 3, 2026 4:48 PM in response to Tamlouie

Tamlouie wrote:

I realize I may be asking too much, and I want to end the thread, but can anyone:
1. offer a reason as to why the tech would "remove" XProtect from the Files & Folders and Full Disc Access when it would appear there was a good reason for it being there, and


I am running macOS 15.7.3 (Sequoia), and there is no XProtect entry in either of those places. Since Apple has built a copy of XProtect into macOS, and it is meant to be enabled all of the time, I believe that any controls for enabling it, disabling it, or giving it permissions are buried deep within macOS.

Reply

How can I verify the security of my MacBook after an Apple tech remained remotely logged in?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up