managedeventsd

executablemacOS261.8 KBx86_64, arm64

Endpoint Security monitor — tracks process, file, and network activity

Monitors system activity through the Endpoint Security framework, observing process execution, file operations, and network connections. Maintains private storage for collected data and exposes three XPC services for querying monitoring state and activity logs. Communicates with eight network endpoints, likely for telemetry or policy synchronization. Instruments 20 bundle identifiers across the system to classify activity by application.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 261.8 KB
UUID: 60F47A16-E0FD-3B5A-A05C-CC4D81FF5FFA
Analyzed: 2026-04-09T09:54:49Z
CDHash: 0d4b7aacee64389efa9b58fa0e3cb46ce1fa311fa789c6ee2b521048461c57e7

Capabilities

StoragePrivate storage area access

com.apple.private.security.storage.ManagedConfigurationFiles [object Object]

SecurityEndpoint Security (process/file/network monitoring)

/usr/lib/libEndpointSecurity.dylib

Frameworks16

DMCUtilities libbsm.0.dylib libEndpointSecurity.dylib Foundation libobjc.A.dylib libc++.1.dylib libSystem.B.dylib CoreFoundation libswiftCore.dylib libswiftCoreFoundation.dylib(weak)libswiftDispatch.dylib libswiftIOKit.dylib(weak)libswiftObjectiveC.dylib(weak)libswiftXPC.dylib libswift_Builtin_float.dylib(weak)libswiftos.dylib

Entitlements5

com.apple.developer.endpoint-security.clienttrue

com.apple.private.endpoint-security.clienttrue

com.apple.private.endpoint-security.xpc.controltrue

com.apple.private.security.storage.ManagedConfigurationFilestrue

com.apple.private.tcc.allow

kTCCServiceSystemPolicyAllFiles kTCCServiceEndpointSecurityClient

Interesting Strings

Bundle IDs(20)

*com.apple.private.endpoint-security.client ,com.apple.developer.endpoint-security.client /com.apple.devicemanagementclient.managedeventsd /com.apple.private.endpoint-security.xpc.control <com.apple.private.security.storage.ManagedConfigurationFiles

File Paths(3)

/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/PrivateFrameworks/DMCUtilities.framework/Versions/A/DMCUtilities

URLs & Endpoints(5)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><string>com.apple.compilers.llvm.clang.1_0</string>https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

CoreFoundation Foundation libswiftCoreFoundation.dylib

Endpoints(8)

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Hostnamemacosx26.1.internal

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

1

Hardware

0

IPC

0

Analytics

0

Security

1

System

0

Behavioral Profile

URL Endpoints

5

Telemetry Strings

0

File Paths

3

Bundle IDs

20

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Codeba6e202d8ca6eab5b86ac0be7bb08365364cf9c2fc9e8c3ceec94668755b49b2

Importsd1ea910bafa231c27e128907d483b911a0ca99d28ca9954227610bbe17ea1c4a

Frameworksc3f2d9e0eac07a413539cf50c2bf89b2fa0965e22839154a2547c437581a6e96

Classes42e9aafa9203eada22b81e0788eafc706893ef501587b2a71b5e24c7327f304a

Entitlementsa9cb8c3963f22b928b1b14a758235b987aaa1979ff756fc73bb78dc023275b81

Symbolsa8ea42e699bd13cd005fbc31c600f2ce2c651044b2c637b77d9d543dc3309fbb

Static Libraries0 / 177 functions identified

Functions(177)

0x100001428-[DMCEndpointSecurityMessage initWithClient:message:]

0x1000015d8-[DMCEndpointSecurityMessage dealloc]

0x100001628-[DMCEndpointSecurityMessage description]

0x1000016d4-[DMCEndpointSecurityMessage msToDeadline]

0x100001718-[DMCEndpointSecurityMessage eventTypeName]

0x100001768-[DMCEndpointSecurityMessage dispositionName]

0x1000017a0-[DMCEndpointSecurityMessage _machTimeToMS:]

0x100001808-[DMCEndpointSecurityMessage _translateDisposition:]

0x100001828-[DMCEndpointSecurityMessage uuid]

0x100001830-[DMCEndpointSecurityMessage client]

0x100001838-[DMCEndpointSecurityMessage message]

0x100001840-[DMCEndpointSecurityMessage deadline]

0x100001848-[DMCEndpointSecurityMessage eventType]

0x100001850-[DMCEndpointSecurityMessage isMountMessage]

0x100001858-[DMCEndpointSecurityMessage mountToName]

0x100001860-[DMCEndpointSecurityMessage disposition]

0x100001868-[DMCEndpointSecurityMessage mountFlags]

0x100001870-[DMCEndpointSecurityMessage readOnlyMount]

0x100001878-[DMCEndpointSecurityMessage isSignalMessage]

0x100001880-[DMCEndpointSecurityMessage sourceSigner]

Imports206 symbols from 13 dylibs

libswiftCore.dylib77 libSystem.B.dylib36 Foundation32 libobjc.A.dylib18 libEndpointSecurity.dylib14

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

gamecontrolleragentd

GamePolicyAgent

uarppersonalizationd

enhancedloggingd