What is /usr/libexec/rapportd?
After update to 10.13.2 Firewall asked whether I want to allow network access.
Is it from apple?
If not-where does it come from? The only thing I found was that Trusteer has a tool named rapport but I did not install it (maybe in combination with another product but not that I am aware of).
OBS MacBook Pro (15-inch 2.4/2.2 GHz), macOS High Sierra (10.13.2)
Hello whstlblwr,
Yes. You are correct. There is a lot of confusion over this issue because there is a 3rd party security product called "Trusteer Rapport" that banks have been pushing on their customers for years. I'm not sure what Trusteer Rapport does, but it sure doesn't protect against adware. Here is a great example showing a truly scary amount of adware installed right alongside Trusteer Rapport: EtreCheck has detected infected adware, should I delete files?
Unfortunately, in macOS Sierra, Apple introduced a new background process and named it "rapportd". That was the source of the confusion in this thread. I've seen similar confusion in other threads.
Uninstall Norton.
so much discussion. Can anyone just tell us whether to allow or deny? or some other action like uninstall something?
This happens to me too. I don't think it is related to Trusteer nor IBM.
Examination of the /usr/libexec/rapportd (dated Dec 1, 2017 15:46) shows a '--version' option as:
Rapport daemon version 120.48
Makes uses of the following classes:
Appears to be an XPC-based network daemon with levels of -->multipeer<-- 'chatty'-nist and private/public flag.
Pattern 'rapportd' is found in the following file:
So, there is a MAN page: Executed 'man rapportd' and I get the following:
rapportd(8) BSD System Manager's Manual rapportd(8)
NAME
rapportd -- Rapport Daemon.
SYNOPSIS
Daemon providing support for the Rapport connectivity framework.
Use '/usr/libexec/rapportd -V' to get the version.
LOCATION
/usr/libexec/rapportd
December 7, 2017
Looks like this is directly related to the Mac OSX System Update that I performed on that man page's date timestamp.
But ZERO hit on Bing/Google/Search.Com on the search phrase "Rapport connectivity framework"
What is extremely disappointing of Apple Support is their unwillingness to explain in their Support Discussion groups, much less in their 10.13.2 Release Notes, what exactly this `rapportd` daemon does.
All we know from the threads and my experiences are these:
I'm a low-end user, and have this problem, too. Running High Sierra. Also Norton security stuff. I get repeated messages that a computer with a slightly different IP address than my own is trying to access. Should I be concerned that there is an attempt at unauthorized access to my system? Thanks.
Yesterday I upgraded to 10.13.3 (it took very long, say more than an hour).
One hour ago my iMac froze, this was, until now, very exceptional.
After switching on, this little monster appeared asking to receive icomming data. NO WAY.
I am not running Norton.
I have a fairly limited knowlege of how MacOS works, and my suspicion is based on activity and interactions between rapportd and some other system processes, so i may be way off.. however, from what information there is known about it, is it possible that rapportd is a system process which allows other network devices access to parts of the operating system which would usually require authentication? And does so without user interaction?
The name would be sort of appropriate if that was the case too.
Needed to reply to my first post on this discussion. I love stock markets etc.. and I have been saying for the past 9 months if Apple doesn't expand into a new arena they are going to bleed a trillion dollar death. They obviously don't care about personal computing anymore; focusing mainly on the iPad and super high end iMac's. With that being said and all of these RANDOM processes being run from our machines collecting data with no plan or focused way to monetize this data a new "division" needs to be created.
I've always thought something with healthcare due to all info they've been collecting on users from their iPhones for years now. But they have released something even simpler and better. Paired with Geisinger a U.S based healthcare provider in the north east. Apple is releasing an app which will allow you to get all of your medical records immediately. Wow! Lol.. Where I am from (Philly) it's a difficult process to get your medical docs.
A baby's first steps. Now what does rapportd do... oh yea it's something to do with Airplay 2.0! Involving the Homepod / Apple TV / etc ..
This isn't Windows. Norton is probably not helping you. I assume when you say "a slightly different IP address", it means something like your Mac is 192.168.1.10 and the other computer is 192.168.1.15, means that it's something on your local network. 192.168.x.x addresses are private - they can't be routed across the Internet. Meaning that it's not someone coming in from outside. (Same private routing applies to 10.x.x.x and 172.16.x.x-172.31.x.x networks) The fact that Norton doesn't seem to understand that the other device is on the same network segment, and doesn't know what kind of device it is communicating with, illustrates that it's not very useful.
If it is Apple then why after my update did it give me this error :
"Rapportd" is not optimized for your Mac.
This app needs to be updated by its developer to improve compatibility.
I have never installed a banking app on this laptop. I do have chrome. I never use it.
It is starting to look like AirPlay 2.0 related crap.
That’s what I just said.
I wish I had thought of that. 😉
Also, Rapport Connectivity Framework (rapportd) daemon opens TCP port 49158, so your firewall should be blocking it until this daemon has been vetted, publicly and by Apple.
# lsof -i -P | grep -i rapport
rapportd 334
jdoe3uIPv4 0xc1e2ffdef2ba45df0t0TCP *:49158 (LISTEN)
rapportd 334 jdoe4uIPv6 0xc1e2ffdeed4f37b70t0TCP *:49158 (LISTEN)
Internet Storm Center has little info on this port number:
What is rapportd? In /usr/libexec/rapportd After update to 10.13.2 Firewall asked about it
