Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Buadhai

macrumors 65816
Original poster
Jan 15, 2018
1,126
436
Korat, Thailand
This on a 16GB 2017 iMac running Catalina.

This Mac uses more swap space than I'd like, so I fired up EtreCheckPro to see if I could find the RAM hogs. I'd been using both Activity Monitor and top (command line), but nothing seemed obvious.

EtreCheck found a few suspects, but instead of naming and shaming the culprits it shows the process names as "REDACTED":

screenshot 2021-04-16 at 05.22.37.jpg


Pretty hard to know what to do when you're dealing with "a process that shall not be named".

Any ideas?
 
I can reproduce what you are seeing, but CPU (and Energy) frequently show REDACTED as process, Memory only show it for times when another user was active.

My guess is that the Redacted is because it relates to a process for which you do not have permissions. I am further guessing that this is not decided by EtreCheckPro, rather it is what macOS gives EtreCheckPro when it asks macOS for analytics data. Related is that the Console app is also redacts logging (which is different from analytics) and that this very annoying.

I realise that this does not solve your problem - it only guesses at an explanation.
 
  • Like
Reactions: Buadhai
Here's the response I got from EtreSoft, lightly edited:

To answer your question, I don’t really know. What you are looking at here is Apple’s analytics data. It is Apple that calls the process REDACTED, not EtreCheck. My guess is that it is a Safari process that represents a web site. Apple doesn’t redact that in Safari, but they do in the analytics data that EtreCheck reads. That makes sense as Apple redacts potentially sensitive information from many log files. The web sites you are going to would definitely be sensitive.
 
I've just come across THIS item - HowToTellIfYourMacIsHackeded

It suggests that EtreCheck itself is malware. Perhaps EtreSoft himself would like to comment?

It may just be 'sour grapes', but it's good to check out such matters for the benefit of everyone. 😇

This website looks untrustworthy and rubbish. What makes you think this is credible?

EtreSoft has a good reputation here and elsewhere; the software is signed using a valid Apple developer certificate and notarised using Apple’s notary service, which you can always verify yourself. You can also upload it to virustotal.com and do a check to see whether it contains malware.

What can happen is that a malicious actor counterfeits an app by disguising adware/malware or takes a copy of an app, inserts adware/malware into it and then redistributes it via unofficial channels. This is where you have to make sure to only download software from official channels and verify that the app you’ve downloaded is code-signed and notarised before you allow it to run.

The fact that something isn’t on the Mac App Store is no indication of bad behaviour. There are numerous reasons why a developer would not choose the Mac App Store as a distribution platform or choose to abandon it.
 
This website looks untrustworthy and rubbish. What makes you think this is credible?

EtreSoft has a good reputation here and elsewhere; the software is signed using a valid Apple developer certificate and notarised using Apple’s notary service, which you can always verify yourself. You can also upload it to virustotal.com and do a check to see whether it contains malware.

What can happen is that a malicious actor counterfeits an app by disguising adware/malware or takes a copy of an app, inserts adware/malware into it and then redistributes it via unofficial channels. This is where you have to make sure to only download software from official channels and verify that the app you’ve downloaded is code-signed and notarised before you allow it to run.

The fact that something isn’t on the Mac App Store is no indication of bad behaviour. There are numerous reasons why a developer would not choose the Mac App Store as a distribution platform or choose to abandon it.

Thank you so much for posting your view 'KALLT' and please forgive my failure to respond to you.
I agree that the Google produced site appears to have been produced by someone holding a grudge.

May I ask if you have a view on the integrity of the BBS forum here:- https://x704.net/bbs/
There are so many places on the Internet nowadays where one can be 'taken for a ride'! TIA

EDIT:

I have now purchased EtreCheck from Etresoft!

https://x704.net/bbs/viewtopic.php?f=6&t=9373&hilit=Etresoft#p124482

I also apologised to the Developer, Mr John Daniel. If you see him around, please let him know. :cool:

Thanks.
 
Last edited:
I know its been several years since the last post but just as an FYI, the "is-etrecheck-malware" site hasn't been updated in over 2 years and it was clearly setup by someone with limited tech ability & possibly ill intent. The site has zero useful information and the page where it claims EtreCheck is malware --- well just read it. Innuendo followed by supposition followed by just a bunch of ridiculous jargon tossed together in some kind of lame salad to make it sound credible. I mean seriously, the author uses the phrase "It seems a technique known as social engineering..." --- Seriously WHAT? Is that supposed to pass for some kind of tech wizard guru insight???

I have zero opinion on whether or not EtreCheck is a good util or if it may be malware but I can say that the site in question is clearly FUD and useless for anyone seriously interested in Mac performance and security.
 
Last edited:
  • Wow
Reactions: Lucas!
I have zero opinion on whether or not EtreCheck is a good util or if it may be malware but I can say that the site in question is clearly FUD and useless for anyone seriously interested in Mac performance and security.

Did you, by chance, actually run the script listed here:-


Might that script, itself, cause harm?

Thanks.
 
Did you, by chance, actually run the script listed here:-


Might that script, itself, cause harm?

Thanks.
I've had a cursory look through it and didn't see anything nefarious in there, so I followed the instructions on a freshly wiped 2018 MBA.

Took several minutes to run, and asked for access to lots of stuff, but since it was a fresh install (and it wasn't on any network) I granted access. After completion and pasting the output to a fresh txt doc, everything appears to be as advertised, though it did get confused.

I think it'd need to be updated for any OS version that has the separate System partition, as the script listed all of the root/System extensions as 'bad' on a Sonoma install.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.