eslogger

executablemacOS1.1 MBx86_64, arm64

Endpoint security monitoring daemon — observes process, file, and network activity

Monitors system activity across processes, files, and network connections using the Endpoint Security framework. Collects telemetry on application behavior and system events, transmitting observations to Apple endpoints for analysis. Enforces security policies and rules by inspecting execution flows and file operations. Runs as a privileged system daemon with access to sensitive process and network state.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 1.1 MB
UUID: 9F816C3E-E103-3CB9-AEF9-9A503F8A10DF
Analyzed: 2026-04-07T05:21:14Z
CDHash: 4a2b853c132091e682761743af06674f2b34ab5019cde1abd15ed043effd7691

Capabilities

SecurityEndpoint Security (process/file/network monitoring)

/usr/lib/libEndpointSecurity.dylib

Frameworks16

ArgumentParserInternal libEndpointSecurity.dylib Foundation libobjc.A.dylib libSystem.B.dylib TCC libswiftCore.dylib libswiftCoreFoundation.dylib(weak)libswiftDispatch.dylib libswiftIOKit.dylib(weak)libswiftObjectiveC.dylib(weak)libswiftSystem.dylib libswiftXPC.dylib(weak)libswift_Builtin_float.dylib(weak)libswift_DarwinFoundation1.dylib libswiftos.dylib

Entitlements3

com.apple.developer.endpoint-security.clienttrue

com.apple.private.endpoint-security.embeddedclienttrue

com.apple.security.iokit-user-client-class

EndpointSecurityDriver EndpointSecurityExternalClient

Interesting Strings

Bundle IDs(9)

*com.apple.security.iokit-user-client-class08 ,com.apple.developer.endpoint-security.client 2com.apple.private.endpoint-security.embeddedclient <key>com.apple.developer.endpoint-security.client</key><key>com.apple.private.endpoint-security.embeddedclient</key>

File Paths(3)

/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/PrivateFrameworks/ArgumentParserInternal.framework/Versions/A/ArgumentParserInternal /System/Library/PrivateFrameworks/TCC.framework/Versions/A/TCC

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

Foundation libswiftCoreFoundation.dylib libswift_DarwinFoundation1.dylib

Endpoints(7)

HostnameEndpointSecurity-589.40.2

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

0

Hardware

0

IPC

0

Analytics

0

Security

1

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

0

File Paths

3

Bundle IDs

9

IOKit Constants

0

Library Functions

4

Structural HashesSHA-256

Codef7550258b80cff3e67cc06dd95f3f6b66c0039a7519fe3ed403d09f96e4cf1a3

Importsa104cd88b56f292f6697416ff6619addaac229f0aec7b360a557eba435825b68

Frameworkscbc57b79e7279747d43d3dd1c7a7477582aeceaaac5f2ac277a602739a242540

Classese3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Entitlements2caf3c346cdcde03f62d7c9e00039296923816ca8690001103572e8089a95e38

Symbolsa104cd88b56f292f6697416ff6619addaac229f0aec7b360a557eba435825b68

Static Libraries4 / 2796 functions identified

Identified Libraries

avcodec 8.0.1 (1 fn)lz4 1.10.0 (1 fn)onig 6.9.10 (2 fn)

Functions(2796)

0x100001130sub_100001130

0x100001250sub_100001250

0x100001294sub_100001294

0x1000012e8sub_1000012e8

0x1000012f4sub_1000012f4

0x100001348sub_100001348

0x100001390sub_100001390

0x1000013f4sub_1000013f4

0x10000143csub_10000143c

0x10000146csub_10000146c

0x100001484sub_100001484

0x1000014a0sub_1000014a0

0x1000014b4sub_1000014b4

0x1000014fcsub_1000014fc

0x100001548sub_100001548

0x100001558sub_100001558

0x100001578sub_100001578

0x100001bd0sub_100001bd0

0x100001f24sub_100001f24

0x100001f68sub_100001f68

Imports435 symbols from 11 dylibs

libswiftCore.dylib252 ArgumentParserInternal63 Foundation43 libSystem.B.dylib25 libswiftDispatch.dylib18

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

devicerecoverytool

findmylocateagent

swtransparency-sysdiagnose