7 Replies Latest reply: Apr 27, 2014 8:05 AM by Kevalya
tish! Level 1 Level 1 (5 points)
so lately ive been wondering if i have someone keylogging me, and i decided to look at my activity monitor.

are these normal process names?
- smoke
- apsd -ft
- rcd
- pboard
- mdworker

very appreciated!

Imac 3.06 GHz i3, Mac OS X (10.6.6)
  • 1. Re: suspicious stuff on activity monitor.
    William Boyd, Jr. Level 6 Level 6 (10,490 points)
    tishowns wrote:
    are these normal process names?
    - smoke
    - apsd -ft
    - rcd
    - pboard
    - mdworker


    Welcome to Apple's discussion groups.

    My system has pboard and mdworker but not the others. According to "man" in a Terminal session, rcd is the "remote control daemon". My system has no "man" information about the other two.

    Select each of those processes, click in the "Inspect" icon in the tool bar, then on the tab for "Open Files and Ports". In each case one of the first several entries in the list will be the path to the executable. That might give you some extra information.
  • 2. Re: suspicious stuff on activity monitor.
    Kappy Level 10 Level 10 (226,765 points)
    The apsd -ft process is the background process for FaceTime.
  • 3. Re: suspicious stuff on activity monitor.
    thomas_r. Level 7 Level 7 (27,925 points)
    so lately ive been wondering if i have someone keylogging me


    Why? Unless you have allowed an untrusted individual to use an admin account on your machine while unsupervised, that's very unlikely. If you think you've got a malware infection, you probably don't... see my [Mac Virus guide|http://www.reedcorner.net/guides/macvirus>.

    are these normal process names?


    I don't know about some of those, but in Activity Monitor, select the questionable process and click Inspect, then choose the Open Files and Ports tab. The second item on the list should be the executable file... see where that is and whether that gives you any additional information.
  • 4. Re: suspicious stuff on activity monitor.
    Terry Mahoney Level 1 Level 1 (35 points)

    @William Boyd: Here's what man apsd says ...

     

    APSD(8)                   BSD System Manager's Manual                  APSD(8)

     

     

    NAME

         apsd -- Apple Push Notification service daemon

     

     

    SYNOPSIS

         apsd

     

     

    DESCRIPTION

         apsd ApplePushService daemon for Apple Push Notification service.  This

         is part of the ApplePushService framework.

     

     

         There are no configuration options to apsd.  Users should not run apsd

         manually.

  • 5. Re: suspicious stuff on activity monitor.
    macfrombrampton Level 1 Level 1 (0 points)

    The APSD sends encrypted traffic to 17.x.x.x network which is Apple. Alot of people think it is Facetime but I never used facetime and noticed the outgoing encrypted traffic.

  • 6. Re: suspicious stuff on activity monitor.
    thomas_r. Level 7 Level 7 (27,925 points)

    A lot of people are wrong. The apsd process is a general-purpose process for managing push notifications. The apsd-ft process is for FaceTime. (Note that all the above posts duplicated a typo in the original post, consisting of a space inserted in the name.)

     

    Also, this topic originated in 2011... I don't think that tish! is still looking for answers to this question after more than 3 years.

  • 7. Re: suspicious stuff on activity monitor.
    Kevalya Level 1 Level 1 (0 points)

    Thanks for your answer Thomas.

     

    You are probably right about tish! no longer looking for answers to this question, but others of us are still searching on this topic.