Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

humpbacktwale

macrumors regular
Original poster
Dec 20, 2019
204
33
You can find them under Privacy-> Analytics and Improvements->Analytics Data.

Noticed them under my diagnostic logs. The heaviest stack for the largest process are as follows:
  • libsystem_pthread.dylib
  • libdispatch.dylib
  • PowerlogCore
  • libsqlite3
Honestly, given the report on the pegasus malware, which states that one of the processes it uses is aggregatenotd, and spoofs the binary of aggregated, I just want to make sure that these are not out of the ordinary. Can't seem to find anything useful online apart for the usual ones where someone posts a log file and asks if they are being hacked. I got three in the last month, with the last one being over 3 weeks ago.
 
I have it in my log but facetime and iMessage is disabled on my phone. Not sure what this is but I dont think its malware.
I use IOS 15.
 
Hmmm, maybe the reason I can't find any post of these before 2020 is due to some new functionality added within the last year or so to this daemon? Yeah I have never enabled iMessage either, but whether or not that is a mitigative actions has yet to be confirmed.

So to confirm, you are also seeing an aggregated.diskwrites_resources? Does the heaviest stack also match mine?

Yeah my curiosity is mostly to see how widespread this was. I just think it odd there aren't more posts of them like other daemons may have, and that it just so happened to line up with one of the binaries that is used for spoofing.

Though again, I don't know whether the act of spoofing would even cause the log file to be generated for the process matching the spoofed binary, or what could even cause it in the first place. Apple seems to publish very little regarding its privateframeworks (by design, I suppose)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.