Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Disable bunch of #$!@ in Catalina - Note about Big Sur: https://gist.github.com/pwnsdx/1217727ca57de2dd2a372afdd7a0fc21#gistcomment-3448419
#!/bin/bash
# IMPORTANT: Don't forget to logout from your Apple ID in the settings before running it!
# IMPORTANT: You will need to run this script from Recovery. In fact, macOS Catalina brings read-only filesystem which prevent this script from working from the main OS.
# This script needs to be run from the volume you wish to use.
# E.g. run it like this: cd /Volumes/Macintosh\ HD && sh /Volumes/Macintosh\ HD/Users/sabri/Desktop/disable.sh
# WARNING: It might disable things that you may not like. Please double check the services in the TODISABLE vars.
# Get active services: launchctl list | grep -v "\-\t0"
# Find a service: grep -lR [service] /System/Library/Launch* /Library/Launch* ~/Library/LaunchAgents
# Agents to disable
# 'com.apple.speech.speechdatainstallerd' 'com.apple.speech.speechsynthesisd' 'com.apple.speech.synthesisserver' will freeze Edit menus
# 'com.apple.bird' will prevent saving prompt from being shown
TODISABLE=()
# iCloud
TODISABLE+=('com.apple.security.cloudkeychainproxy3' \
'com.apple.iCloudUserNotifications' \
'com.apple.icloud.findmydeviced.findmydevice-user-agent' \
'com.apple.icloud.fmfd' \
'com.apple.icloud.searchpartyuseragent' \
'com.apple.cloudd' \
'com.apple.cloudpaird' \
'com.apple.cloudphotosd' \
'com.apple.followupd' \
'com.apple.protectedcloudstorage.protectedcloudkeysyncing')
# Safari useless stuff
TODISABLE+=('com.apple.SafariBookmarksSyncAgent' \
'com.apple.SafariCloudHistoryPushAgent' \
'com.apple.WebKit.PluginAgent')
# iMessage / Facetime
TODISABLE+=('com.apple.imagent' \
'com.apple.imautomatichistorydeletionagent' \
'com.apple.imklaunchagent' \
'com.apple.imtransferagent' \
'com.apple.avconferenced')
# Game Center / Passbook / Apple TV / Homekit...
TODISABLE+=('com.apple.gamed' \
'com.apple.passd' \
'com.apple.Maps.pushdaemon' \
'com.apple.videosubscriptionsd' \
'com.apple.CommCenter-osx' \
'com.apple.homed')
# Ad-related
TODISABLE+=('com.apple.ap.adprivacyd' \
'com.apple.ap.adservicesd')
# Screensharing
TODISABLE+=('com.apple.screensharing.MessagesAgent' \
'com.apple.screensharing.agent' \
'com.apple.screensharing.menuextra')
# Siri
TODISABLE+=('com.apple.siriknowledged' \
'com.apple.assistant_service' \
'com.apple.assistantd' \
'com.apple.Siri.agent' \
'com.apple.parsec-fbf')
# VoiceOver / accessibility-related stuff
TODISABLE+=('com.apple.VoiceOver' \
'com.apple.voicememod' \
'com.apple.accessibility.AXVisualSupportAgent' \
'com.apple.accessibility.dfrhud' \
'com.apple.accessibility.heard')
# Quicklook
TODISABLE+=('com.apple.quicklook.ui.helper' \
'com.apple.quicklook.ThumbnailsAgent' \
'com.apple.quicklook')
# Sidecar
TODISABLE+=('com.apple.sidecar-hid-relay' \
'com.apple.sidecar-relay')
# Debugging process
TODISABLE+=('com.apple.spindump_agent' \
'com.apple.ReportCrash' \
'com.apple.ReportGPURestart' \
'com.apple.ReportPanic' \
'com.apple.DiagnosticReportCleanup' \
'com.apple.TrustEvaluationAgent')
# Screentime
TODISABLE+=('com.apple.ScreenTimeAgent' \
'com.apple.UsageTrackingAgent')
# Others
TODISABLE+=('com.apple.telephonyutilities.callservicesd' \
'com.apple.photoanalysisd' \
'com.apple.parsecd' \
'com.apple.AOSPushRelay' \
'com.apple.AOSHeartbeat' \
'com.apple.AirPlayUIAgent' \
'com.apple.AirPortBaseStationAgent' \
'com.apple.familycircled' \
'com.apple.familycontrols.useragent' \
'com.apple.familynotificationd' \
'com.apple.findmymacmessenger' \
'com.apple.sharingd' \
'com.apple.identityservicesd' \
'com.apple.java.InstallOnDemand' \
'com.apple.parentalcontrols.check' \
'com.apple.security.keychain-circle-notification' \
'com.apple.syncdefaultsd' \
'com.apple.appleseed.seedusaged' \
'com.apple.appleseed.seedusaged.postinstall' \
'com.apple.CallHistorySyncHelper' \
'com.apple.RemoteDesktop' \
'com.apple.CallHistoryPluginHelper' \
'com.apple.SocialPushAgent' \
'com.apple.touristd' \
'com.apple.macos.studentd' \
'com.apple.KeyboardAccessAgent' \
'com.apple.exchange.exchangesyncd' \
'com.apple.suggestd' \
'com.apple.AddressBook.abd' \
'com.apple.helpd' \
'com.apple.amp.mediasharingd' \
'com.apple.mediaanalysisd' \
'com.apple.mediaremoteagent' \
'com.apple.remindd' \
'com.apple.keyboardservicesd' \
'com.apple.AddressBook.SourceSync' \
'com.apple.telephonyutilities.callservicesd' \
'com.apple.mobileassetd' \
'com.apple.CalendarAgent' \
'com.apple.knowledge-agent')
for agent in "${TODISABLE[@]}"
do
mv ./System/Library/LaunchAgents/${agent}.plist ./System/Library/LaunchAgents/${agent}.plist.bak
echo "[OK] Agent ${agent} disabled"
done
# Daemons to disable
TODISABLE=()
# iCloud
TODISABLE+=('com.apple.analyticsd', 'com.apple.icloud.findmydeviced')
# Others
TODISABLE+=('com.apple.netbiosd' \
'com.apple.preferences.timezone.admintool' \
'com.apple.remotepairtool' \
'com.apple.security.FDERecoveryAgent' \
'com.apple.SubmitDiagInfo' \
'com.apple.screensharing' \
'com.apple.appleseed.fbahelperd' \
'com.apple.apsd' \
'com.apple.ManagedClient.cloudconfigurationd' \
'com.apple.ManagedClient.enroll' \
'com.apple.ManagedClient' \
'com.apple.ManagedClient.startup' \
'com.apple.locate' \
'com.apple.locationd' \
'com.apple.eapolcfg_auth' \
'com.apple.RemoteDesktop.PrivilegeProxy' \
'com.apple.mediaremoted')
for daemon in "${TODISABLE[@]}"
do
mv ./System/Library/LaunchDaemons/${daemon}.plist ./System/Library/LaunchDaemons/${daemon}.plist.bak
echo "[OK] Daemon ${daemon} disabled"
done
#!/bin/bash
# IMPORTANT: Don't forget to logout from your Apple ID in the settings before running it!
# IMPORTANT: You will need to run this script from Recovery. In fact, macOS Catalina brings read-only filesystem which prevent this script from working from the main OS.
# This script needs to be run from the volume you wish to use.
# E.g. run it like this: cd /Volumes/Macintosh\ HD && sh /Volumes/Macintosh\ HD/Users/sabri/Desktop/disable.sh
# Get active services: launchctl list | grep -v "\-\t0"
# Find a service: grep -lR [service] /System/Library/Launch* /Library/Launch* ~/Library/LaunchAgents
# Agents to enable
TOENABLE=()
# iCloud
TOENABLE+=('com.apple.security.cloudkeychainproxy3' \
'com.apple.iCloudUserNotifications' \
'com.apple.icloud.findmydeviced.findmydevice-user-agent' \
'com.apple.icloud.fmfd' \
'com.apple.icloud.searchpartyuseragent' \
'com.apple.cloudd' \
'com.apple.cloudpaird' \
'com.apple.cloudphotosd' \
'com.apple.followupd' \
'com.apple.protectedcloudstorage.protectedcloudkeysyncing')
# Safari useless stuff
TOENABLE+=('com.apple.SafariBookmarksSyncAgent' \
'com.apple.SafariCloudHistoryPushAgent' \
'com.apple.WebKit.PluginAgent')
# iMessage / Facetime
TOENABLE+=('com.apple.imagent' \
'com.apple.imautomatichistorydeletionagent' \
'com.apple.imklaunchagent' \
'com.apple.imtransferagent' \
'com.apple.avconferenced')
# Game Center / Passbook / Apple TV / Homekit...
TOENABLE+=('com.apple.gamed' \
'com.apple.passd' \
'com.apple.Maps.pushdaemon' \
'com.apple.videosubscriptionsd' \
'com.apple.CommCenter-osx' \
'com.apple.homed')
# Ad-related
TOENABLE+=('com.apple.ap.adprivacyd' \
'com.apple.ap.adservicesd')
# Screensharing
TOENABLE+=('com.apple.screensharing.MessagesAgent' \
'com.apple.screensharing.agent' \
'com.apple.screensharing.menuextra')
# Siri
TOENABLE+=('com.apple.siriknowledged' \
'com.apple.assistant_service' \
'com.apple.assistantd' \
'com.apple.Siri.agent' \
'com.apple.parsec-fbf')
# VoiceOver / accessibility-related stuff
TOENABLE+=('com.apple.VoiceOver' \
'com.apple.voicememod' \
'com.apple.accessibility.AXVisualSupportAgent' \
'com.apple.accessibility.dfrhud' \
'com.apple.accessibility.heard')
# Quicklook
TOENABLE+=('com.apple.quicklook.ui.helper' \
'com.apple.quicklook.ThumbnailsAgent' \
'com.apple.quicklook')
# Sidecar
TOENABLE+=('com.apple.sidecar-hid-relay' \
'com.apple.sidecar-relay')
# Debugging process
TOENABLE+=('com.apple.spindump_agent' \
'com.apple.ReportCrash' \
'com.apple.ReportGPURestart' \
'com.apple.ReportPanic' \
'com.apple.DiagnosticReportCleanup' \
'com.apple.TrustEvaluationAgent')
# Screentime
TOENABLE+=('com.apple.ScreenTimeAgent' \
'com.apple.UsageTrackingAgent')
# Others
TOENABLE+=('com.apple.telephonyutilities.callservicesd' \
'com.apple.photoanalysisd' \
'com.apple.parsecd' \
'com.apple.AOSPushRelay' \
'com.apple.AOSHeartbeat' \
'com.apple.AirPlayUIAgent' \
'com.apple.AirPortBaseStationAgent' \
'com.apple.familycircled' \
'com.apple.familycontrols.useragent' \
'com.apple.familynotificationd' \
'com.apple.findmymacmessenger' \
'com.apple.sharingd' \
'com.apple.identityservicesd' \
'com.apple.java.InstallOnDemand' \
'com.apple.parentalcontrols.check' \
'com.apple.security.keychain-circle-notification' \
'com.apple.syncdefaultsd' \
'com.apple.appleseed.seedusaged' \
'com.apple.appleseed.seedusaged.postinstall' \
'com.apple.CallHistorySyncHelper' \
'com.apple.RemoteDesktop' \
'com.apple.CallHistoryPluginHelper' \
'com.apple.SocialPushAgent' \
'com.apple.touristd' \
'com.apple.macos.studentd' \
'com.apple.KeyboardAccessAgent' \
'com.apple.exchange.exchangesyncd' \
'com.apple.suggestd' \
'com.apple.AddressBook.abd' \
'com.apple.helpd' \
'com.apple.amp.mediasharingd' \
'com.apple.mediaanalysisd' \
'com.apple.mediaremoteagent' \
'com.apple.remindd' \
'com.apple.keyboardservicesd' \
'com.apple.AddressBook.SourceSync' \
'com.apple.telephonyutilities.callservicesd' \
'com.apple.mobileassetd' \
'com.apple.CalendarAgent' \
'com.apple.knowledge-agent')
for agent in "${TOENABLE[@]}"
do
mv ./System/Library/LaunchAgents/${agent}.plist.bak ./System/Library/LaunchAgents/${agent}.plist
echo "[OK] Agent ${agent} disabled"
done
# Daemons to enable
TOENABLE=()
# iCloud
TOENABLE+=('com.apple.analyticsd', 'com.apple.icloud.findmydeviced')
# Others
TOENABLE+=('com.apple.netbiosd' \
'com.apple.preferences.timezone.admintool' \
'com.apple.remotepairtool' \
'com.apple.security.FDERecoveryAgent' \
'com.apple.SubmitDiagInfo' \
'com.apple.screensharing' \
'com.apple.appleseed.fbahelperd' \
'com.apple.apsd' \
'com.apple.ManagedClient.cloudconfigurationd' \
'com.apple.ManagedClient.enroll' \
'com.apple.ManagedClient' \
'com.apple.ManagedClient.startup' \
'com.apple.locate' \
'com.apple.locationd' \
'com.apple.eapolcfg_auth' \
'com.apple.RemoteDesktop.PrivilegeProxy' \
'com.apple.mediaremoted')
for daemon in "${TOENABLE[@]}"
do
mv ./System/Library/LaunchDaemons/${daemon}.plist.bak ./System/Library/LaunchDaemons/${daemon}.plist
echo "[OK] Daemon ${daemon} disabled"
done
@pwnsdx

This comment has been minimized.

Copy link
Owner Author

@pwnsdx pwnsdx commented Sep 16, 2019

"Disable bunch of #$!@" has been updated to support macOS Catalina.

The rules has changed a bit so please read the IMPORTANT note. Disabling SIP is no longer required.

Note that if you run this script, you will disable many things including local sharing, AirPlay, iCloud and almost everything that phone back to Apple servers except the App Store and Software Update. You can always customise the TODISABLE var to reenable some services.

Enjoy and happy upgrade!

@alain57

This comment has been minimized.

Copy link

@alain57 alain57 commented Oct 14, 2019

Hi nice script, but is it possible which one I need to enable again, so that the network shared drive inside my local network are again appearing in macOS ?

edit : i got it it was sharingd

@b0gdanw

This comment has been minimized.

Copy link

@b0gdanw b0gdanw commented Oct 22, 2019

Please consider adding /Library/LaunchAgents/com.apple.followupd.plist to the list. It's responsible for displaying the Sign Into iCloud notification in System Preferences.

@alain57

This comment has been minimized.

Copy link

@alain57 alain57 commented Oct 22, 2019

thanks for the infomation, i'll try that one too as i don't use iCloud and i find it really boring to have useless notification for this :/

@pwnsdx

This comment has been minimized.

Copy link
Owner Author

@pwnsdx pwnsdx commented Oct 22, 2019

@b0gdanw I added it, thanks!

@jumpersdevice

This comment has been minimized.

Copy link

@jumpersdevice jumpersdevice commented Oct 24, 2019

thanks for this, from 14gb used ram to 5 after applying it ! :D

@b0gdanw

This comment has been minimized.

Copy link

@b0gdanw b0gdanw commented Oct 25, 2019

@pwnsdx Another suggestion /System/Library/LaunchAgents/com.apple.UsageTrackingAgent.plist and /System/Library/LaunchAgents/com.apple.ScreenTimeAgent.plist both related to ScreenTime.
@sarassine The account was banned, this is not the place to discuss it.

@stephanepiriou

This comment has been minimized.

Copy link

@stephanepiriou stephanepiriou commented Oct 26, 2019

There is no need to launch the script in recovery mode.
You can just mount "/" partition in read-write mode with :

sudo mount -uw /
@pwnsdx

This comment has been minimized.

Copy link
Owner Author

@pwnsdx pwnsdx commented Oct 26, 2019

There is no need to launch the script in recovery mode.
You can just mount "/" partition in read-write mode with :

sudo mount -uw /

@stephanepiriou Yes but it only works if you disable SIP as well, which is inconvenient and requires to go in Recovery Mode anyway.

@pwnsdx Another suggestion /System/Library/LaunchAgents/com.apple.UsageTrackingAgent.plist and /System/Library/LaunchAgents/com.apple.ScreenTimeAgent.plist both related to ScreenTime.

Thanks @b0gdanw! I will add them now.

@go4m

This comment has been minimized.

Copy link

@go4m go4m commented Nov 9, 2019

Hello, guys .. Can someone help me, after trying to disable agent on iMac 2013 - 27``now imac booting in firmware pasword screen all time, I have been trying all aption to boot in recovery, or save mode, .... get same picture with password, what i not remember, to call apple not option because buy from ebay.
Some weeks ago before ubdating to Clean Catalina, from USB, it come up also that firmware passw. but CMD+R, was working. And I can boot imac in rcovery mode. But not anymore :(
Please help me..

@pwnsdx

This comment has been minimized.

Copy link
Owner Author

@pwnsdx pwnsdx commented Nov 9, 2019

Hello, guys .. Can someone help me, after trying to disable agent on iMac 2013 - 27``now imac booting in firmware pasword screen all time, I have been trying all aption to boot in recovery, or save mode, .... get same picture with password, what i not remember, to call apple not option because buy from ebay.
Some weeks ago before ubdating to Clean Catalina, from USB, it come up also that firmware passw. but CMD+R, was working. And I can boot imac in rcovery mode. But not anymore :(
Please help me..

@go4m Sounds like the seller forgot to remove his EFI password. If you can't contact the guy to ask go to an Apple Store with the invoice (both original and ebay) they can technically do it though they may not want. If you don't have none of these, I don't know any current way of flashing the EFI for these iMacs so… I'm sorry but I will have to say that your Mac's pretty much a brick now. You can of course always with this model get the hard drive out of it in order to recover your data.

@xube

This comment has been minimized.

Copy link

@xube xube commented Nov 21, 2019

Great one! I was looking for solution like this, because lets be hones - there is bunch of useless processes that uses enormous RAM and CPU. What is worst - nobody really knows what they have been done nor are doing. For me almost everything is working, just found one issue - somehow Music App use entire CPU when i disable all services. I could skip using this App, but because i have iPad, sometimes i need to sync music across devices. So i temporarely enabled all services and Music App started behave normal. I cant say which one is responsible. Maybe something related to iCloud? If someone knows, please let me know. Thanks.

@blakeperdue

This comment has been minimized.

Copy link

@blakeperdue blakeperdue commented Nov 24, 2019

@pwnsdx I can't thank you enough, this is exactly what I was looking for to disable all the services I don't need, use, or want on my system. Also thanks for updating it to include Catalina! 💯 🥇 😃

@b0gdanw

This comment has been minimized.

Copy link

@b0gdanw b0gdanw commented Nov 25, 2019

Just a note: disabling com.apple.ManagedClient.enroll, com.apple.ManagedClient and com.apple.ManagedClient.startup prevents installation of mobileconfig profiles.

@mtunjic

This comment has been minimized.

Copy link

@mtunjic mtunjic commented Nov 28, 2019

@pwnsdx suggestion

iCloud

com.apple.iCloudUserNotificationsd

iMedia

com.apple.AMPArtworkAgent
AMPArtworkAgent -- The artwork agent for Music.app, TV.app, and iOS/iPod device syncing

Safari

com.apple.webinspectord
webinspectord relays commands between Web Inspector and targets that it can remotely inspect, such as WKWebView and JSContext instances.

com.apple.SafariPlugInUpdateNotifier

Siri

com.apple.siri-distributed-evaluation
com.apple.siri.context.service

Others

com.apple.facebook.xpc
com.apple.linkedin.xpc
com.apple.podcasts.PodcastContentService
com.apple.twitter.xpc
com.apple.EscrowSecurityAlert

com.apple.routined
routined -- A daemon that learns the historical location patterns of a user.
routined is a per-user daemon that learns historical location patterns of a user and predicts future visits to locations.

com.apple.icdd
icdd -- ImageCapture Discovery Daemon
icdd is a system daemon responsible for matching devices containing images with the appropriate driver modules.

com.apple.progressd
progressd is the ClassKit sync agent. It handles syncing classes, class members, student handouts and progress data between student and teacher man-aged Apple ID accounts.

com.apple.contacts.donation-agent wtf?

@blakeperdue

This comment has been minimized.

Copy link

@blakeperdue blakeperdue commented Nov 28, 2019

Thanks @mtunjic . One of the agents/daemons in the original list is preventing Calendar app from connecting to Google to sync my Google calendar with the Mac Calendar app. I haven't pinpointed which one yet, but am experimenting turning on/off suspected items to see if I can find it.

@mtunjic

This comment has been minimized.

Copy link

@mtunjic mtunjic commented Nov 28, 2019

@blakeperdue

This comment has been minimized.

Copy link

@blakeperdue blakeperdue commented Nov 28, 2019

Thanks @mtunjic ... I would add that @pwnsdx has made it super easy to undo these changes, which has been great. It's super easy to restore services, so thanks for that. I've been individually adding things back to see if it fixes my issue. The only two issues I have remaining are below. I should note I customized pwnsdx's list a bit for my need (for example, I need VoiceOver to test accessibility in our web apps).

Remaining issues:

  • Calendar app won't sync with Google servers
  • Chrome/other apps can't seem to launch finder. For example, when you download a file in Chrome and select "View in Finder" nothing happens.
@mtunjic

This comment has been minimized.

Copy link

@mtunjic mtunjic commented Nov 28, 2019

@sschat

This comment has been minimized.

Copy link

@sschat sschat commented Nov 29, 2019

Can someone help me with the following:

where do i copy this file to, so i can use it while in Recovery Mode?

I moved it to /etc/<dir>/<scripts>

but once in Recovery mode, that directory does not exist. And the whole system looks like a cut-down version of the whole.

So, what location would be good to store it, and would be accessible to run it in Recovery?

@mtunjic

This comment has been minimized.

Copy link

@mtunjic mtunjic commented Nov 29, 2019

Can someone help me with the following:

where do i copy this file to, so i can use it while in Recovery Mode?

I moved it to /etc/<dir>/<scripts>

but once in Recovery mode, that directory does not exist. And the whole system looks like a cut-down version of the whole.

So, what location would be good to store it, and would be accessible to run it in Recovery?

@sschat just run from your system root partition

mount -uw /
cd /Volumes/NameOfYourInstallPartition
sh Users/yourname/… path to script

IMG_1587

@sschat

This comment has been minimized.

Copy link

@sschat sschat commented Nov 29, 2019

thanks for the reply!

i went in again, but i just cant see the "Users" folder.
in "/Volumes/" i only see maOS Base System.
And that one does not have Users in it.

Can this be due to Catalina?(10.15.2)

IMG_2718

@pwnsdx

This comment has been minimized.

Copy link
Owner Author

@pwnsdx pwnsdx commented Nov 29, 2019

Yes you need to mount the user partition in the disk utility

@sschat

This comment has been minimized.

Copy link

@sschat sschat commented Nov 29, 2019

Yes you need to mount the user partition in the disk utility

YES! that was the brainfart here.

thanks!

@blakeperdue

This comment has been minimized.

Copy link

@blakeperdue blakeperdue commented Nov 29, 2019

And if you have APFS encryption turned on, you'll need to run diskutil apfs unlock "Macintosh HD" and it'll ask your passphrase to unlock your encrypted APFS volume.

@harmonk

This comment has been minimized.

Copy link

@harmonk harmonk commented Dec 2, 2019

This is wonderful. Thank you!

@mtunjic

This comment has been minimized.

Copy link

@mtunjic mtunjic commented Dec 10, 2019

Great one! I was looking for solution like this, because lets be hones - there is bunch of useless processes that uses enormous RAM and CPU. What is worst - nobody really knows what they have been done nor are doing. For me almost everything is working, just found one issue - somehow Music App use entire CPU when i disable all services. I could skip using this App, but because i have iPad, sometimes i need to sync music across devices. So i temporarely enabled all services and Music App started behave normal. I cant say which one is responsible. Maybe something related to iCloud? If someone knows, please let me know. Thanks.

@xube if you use Music app this services needs to be enabled for Music (iTunes) to work properly.
Otherwise, it will "melt" your CPU

iTunes

TOENABLE+=('com.apple.AOSPushRelay'
'com.apple.AOSHeartbeat'
'com.apple.AMPArtworkAgent')

@ballo

This comment has been minimized.

Copy link

@ballo ballo commented Dec 31, 2019

I'm subbing hoping someone releases a script that disables the agents (nicely) rather than deleting plists which could easily come back and do weird shit.

Until then, I'll use LaunchControl to disable these agents

@ballo

This comment has been minimized.

Copy link

@ballo ballo commented Dec 31, 2019

WTF is remindd? The man page is hilarious

@blakeperdue

This comment has been minimized.

Copy link

@blakeperdue blakeperdue commented Jan 1, 2020

@ballo LaunchControl looks really nice, but you still need a solid list of what you can disable. Does LaunchControl provide any guides, similar to what pwnsdx put together here of what you can safely disable depending on your needs?

@ballo

This comment has been minimized.

Copy link

@ballo ballo commented Jan 1, 2020

Um, I basically took this list and added/removed some stuff. For example I added com.apple.accessibility.AXVisualSupportAgent so I could ctrl-zoom again, and removed amsaccountsd which I didn't need.

What we really need is a go-to site for identifying WTF all these deamons do since everyone needs a customized list. A lot (most?) are missing man files.

@Wyvern

This comment has been minimized.

Copy link

@Wyvern Wyvern commented Jan 10, 2020

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.systemstats.daily.plist
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.systemstats.analysis.plist
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.systemstats.microstackshot_periodic.plist

to disable periodical sysstats generation .

@b0gdanw

This comment has been minimized.

Copy link

@b0gdanw b0gdanw commented Jan 14, 2020

@pwnsdx The system.log shows this kind of messages at every boot
Jan 14 05:28:21 localhost com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.0): Failed to bootstrap path: path = /System/Library/LaunchAgents/com.apple.icloud.searchpartyuseragent.plist.bak, error = 108: Invalid path

@x8x

This comment has been minimized.

Copy link

@x8x x8x commented Jan 20, 2020

First, I'd like to thank @pwnsdx for this!

Regarding Music.app high CPU from @mtunjic suggested items to leave enabled:
/System/Library/LaunchAgents/com.apple.AOSPushRelay.plist
/System/Library/LaunchAgents/com.apple.AOSHeartbeat.plist

Had to leave these enabled as well (didn't check if both are required):
/System/Library/LaunchAgents/com.apple.mediaremoteagent.plist
/System/Library/LaunchDaemons/com.apple.mediaremoted.plist

No more high CPU!

@Picallo-svg

This comment has been minimized.

Copy link

@Picallo-svg Picallo-svg commented Jan 24, 2020

It's amazing script! Thanks @pwnsdx for this!

@Picallo-svg

This comment has been minimized.

Copy link

@Picallo-svg Picallo-svg commented Jan 24, 2020

@pwnsdx May be you can write the same scrypt, that enables apple sandbox for apps which was downloaded not from appstore.
By default only appstore apps rans in sandbox (in Catalina). If you want to do this, i can send all info about this, what i found in google (to save your time).

Thank you!

@nuche

This comment has been minimized.

Copy link

@nuche nuche commented Feb 2, 2020

@pwnsdx what do you think about adding a comment per line or in the header (or footer) to explain in more detail what each service line item for disablement is? I'd be happy to help add this if you're interested.

@blakeperdue

This comment has been minimized.

Copy link

@blakeperdue blakeperdue commented Feb 3, 2020

@nuche That's a great idea! I would love that and would also volunteer to help. Do you want to create a new gist that we can add comments to then pwnsdx could use that to update his gist here?

@nuche

This comment has been minimized.

Copy link

@nuche nuche commented Feb 3, 2020

@blakeperdue you're welcome to create it and kickstart the effort. I'm a bit tied down with some things right now to assume it as a kind of personal project, but I'd be happy to collaborate!

One other thing I think would be helpful would be to isolate XPC service or what items in this list are XPC since we frequently have so many messages that are obfuscated behind this little wall and it might be nice to simply be able to disable some of these things as a sanity check.

One more thing I really would love to see is to not have to edit TWO lists. I think we should have a single script that "just works"® and then a config file that we just feed entries in with comments. That would make this commenting and documentation process SO much simpler!!!!!

@nuche

This comment has been minimized.

Copy link

@nuche nuche commented Feb 9, 2020

It may be important to note which service controls system logging. While playing around with these I believe com.apple.diagnosticd (which you DO NOT disable or mention) might enable and disable general system logging.

@macouella

This comment has been minimized.

Copy link

@macouella macouella commented Feb 17, 2020

Thanks for the script!
I use multiple languages in my machine (e.g. Japanese). Disabling 'com.apple.imklaunchagent' broke that. Just a heads up!

@sqowlz

This comment has been minimized.

Copy link

@sqowlz sqowlz commented Mar 27, 2020

Issue with line 25 - the name is actually "com.apple.cloudphotosd" (add an S to photos)

Added LaunchAgents:

com.apple.keyboardservicesd
com.apple.AddressBook.SourceSync
com.apple.telephonyutilities.callservicesd
com.apple.mobileassetd
com.apple.CalendarAgent
com.apple.knowledge-agent

Added LaunchDaemon:

com.apple.icloud.findmydeviced

Considering removing:

com.apple.akd

@pwnsdx

This comment has been minimized.

Copy link
Owner Author

@pwnsdx pwnsdx commented Apr 1, 2020

Thanks for the new entries, @sqowlz! I added them, though, disabling "com.apple.icloud.findmydeviced" seems to be prevent Disk Utility from doing some operations properly like erasing a drive… 🤨

@mightysashiman

This comment has been minimized.

Copy link

@mightysashiman mightysashiman commented Apr 2, 2020

Does this script interfere with having an apple account logged in system wise ? (for access to the system updater and appstore) ?

@pwnsdx

This comment has been minimized.

Copy link
Owner Author

@pwnsdx pwnsdx commented Apr 2, 2020

Well, it does not disturb App Store or System Updates but system-wide logging is unrelated to these 2 actually and yes it will interfere so better logout from your Apple account in the settings before doing it

@mightysashiman

This comment has been minimized.

Copy link

@mightysashiman mightysashiman commented Apr 2, 2020

Well, it does not disturb App Store or System Updates but system-wide logging is unrelated to these 2 actually and yes it will interfere so better logout from your Apple account in the settings before doing it

thank you Sir 🎩

@mightysashiman

This comment has been minimized.

Copy link

@mightysashiman mightysashiman commented Apr 2, 2020

It is definitively more difficult than it should to look up what an apple system background daemon's function is. Your script idea and knowledge to come up with such list would be a wonderful opportunity to set up a collaborative database of these damn daemons (if only a google sheet) to document alledged functions, ports and remote addresses reached, even maybe interactions with other system agents? Apple should definitively be the one to publish this, until then...
ps: I'm seeing a number of forks. Each are more or less trying to document these damn processes on their side. While I admire the opensource spirit, wouldn't federation of efforts be better than individualism ?

@bernuli

This comment has been minimized.

Copy link

@bernuli bernuli commented Apr 4, 2020

Thanks for the improved #$!@ ! Nice to be able to leave SIP enabled and just run this from recovery. Works like a charm!

Some comments:

Line 145. For me, it did not like the comma. So I changed to:
TODISABLE+=('com.apple.analyticsd' 'com.apple.icloud.findmydeviced')

Line 25. On my installation of 10.15.4 needs be no s, just a singular com.apple.cloudphotod so.:
'com.apple.cloudphotod' \

Line 131, com.apple.mobileassetd is in LaunchDaemons so I moved to that section.

Also, maybe should have separate arrays for TODISABLE. One for Agents and one for Daemons. Easier for debugging?

Thanks again!

@ellipticaldoor

This comment has been minimized.

Copy link

@ellipticaldoor ellipticaldoor commented Apr 18, 2020

Sharing files from AirDrop doesn't works anymore, my laptop doesn't appears to others.

Which process should I enable? @pwnsdx

@ellipticaldoor

This comment has been minimized.

Copy link

@ellipticaldoor ellipticaldoor commented Apr 18, 2020

I enabled 'com.apple.sharingd' and AirDrop works again :)

@ballo

This comment has been minimized.

Copy link

@ballo ballo commented Apr 18, 2020

I don't suppose anyone knows what's preventing dictionaries from being downloaded

@Mediajake

This comment has been minimized.

Copy link

@Mediajake Mediajake commented Apr 23, 2020

Hello guys, I just read this whole todisable.sh. Well, I imm very new to all of this and I stumbled across it while searching for a way to stop my Mac from using up so much RAM. I consistently have only maybe 100mb available out of 8GB running Catalina 15.4 on my iMac. I would love to try this out, but I am fairly new to using the terminal also. I am currently learning it though and think I could pull this off. However, I just want to ask a few questions before I get started trying it out.

  1. Is there a list, as mentioned previously in this topic by someone? 2. If I understand correctly,, I can pick and choose which services to leave alone and which ones to leave enabled correct? 3. Would someone mind writing out a To Do list for this. Like Step 1. Sign out of iCloud. Step 2. Open Terminal. Etc... I would be so appreciative. Thank you all for coming up with this. Its magnificent. You guys are great.
@varenc

This comment has been minimized.

Copy link

@varenc varenc commented Apr 23, 2020

@bernuli

This comment has been minimized.

Copy link

@bernuli bernuli commented Apr 23, 2020

Agree with varenc. If you are new to terminal then this script might be more trouble that it is worth. Disabling some of these services might free up some Memory but not more than a couple hundred megabytes. I have been able to achieve a 500MB Wired Memory reduction but not without some instability / functionality compromises.

Also, in your case, 100mb free is not necessarily a bad thing. If macOS is Swapping out to disk that is when I would say you are running out of RAM. Have a look at Swap Used in Activity Monitor. Varies case by case but I would like to see the Swap Used under 500MB

@kainankidd

This comment has been minimized.

Copy link

@kainankidd kainankidd commented Apr 26, 2020

Does anyone know why my Spotlight/Finder would become unusable after disabling these services, below? I've attempted to avoid disabling anything related to the Finder/Spotlight. However, for example, when searching in Finder, it will just continuously show "Loading". Spotlight Search will just not show file results. If anyone could help me, I would greatly appreciate it! Thank you 👍

Image of Error

Launch Agents

com.apple.SafariBookmarksSyncAgent.plist.bak
com.apple.SafariCloudHistoryPushAgent.plist.bak
com.apple.accessibility.AXVisualSupportAgent.plist.bak
com.apple.accessibility.dfrhud.plist.bak
com.apple.accessibility.heard.plist.bak
com.apple.AirPortBaseStationAgent.plist.bak
com.apple.amp.mediasharingd.plist.bak
com.apple.AOSHeartbeat.plist.bak
com.apple.AOSPushRelay.plist.bak
com.apple.ap.adprivacyd.plist.bak
com.apple.appleseed.seedusaged.plist.bak
com.apple.ap.adservicesd.plist.bak
com.apple.appleseed.seedusaged.postinstall.plist.bak
com.apple.assistant_service.plist.bak
com.apple.assistantd.plist.bak
com.apple.CommCenter-osx.plist.bak
com.apple.DiagnosticReportCleanup.plist.bak
com.apple.familycircled.plist.bak
com.apple.familycontrols.useragent.plist.bak
com.apple.familynotificationd.plist.bak
com.apple.gamed.plist.bak
com.apple.helpd.plist.bak
com.apple.homed.plist.bak
com.apple.java.InstallOnDemand.plist.bak
com.apple.KeyboardAccessAgent.plist.bak
com.apple.macos.studentd.plist.bak
com.apple.Maps.pushdaemon.plist.bak
com.apple.mediaremoteagent.plist.bak
com.apple.mediaanalysisd.plist.bak
com.apple.parentalcontrols.check.plist.bak
com.apple.parsec-fbf.plist.bak
com.apple.parsecd.plist.bak
com.apple.remindd.plist.bak
com.apple.RemoteDesktop.plist.bak
com.apple.ReportCrash.plist.bak
com.apple.ReportGPURestart.plist.bak
com.apple.ReportPanic.plist.bak
com.apple.Safari.SafeBrowsing.Service.plist.bak
com.apple.screensharing.agent.plist.bak
com.apple.screensharing.menuextra.plist.bak
com.apple.ScreenTimeAgent.plist.bak
com.apple.screensharing.MessagesAgent.plist.bak
com.apple.sidecar-hid-relay.plist.bak
com.apple.sidecar-relay.plist.bak
com.apple.Siri.agent.plist.bak
com.apple.siriknowledged.plist.bak
com.apple.spindump_agent.plist.bak
com.apple.suggestd.plist.bak
com.apple.touristd.plist.bak
com.apple.TrustEvaluationAgent.plist.bak
com.apple.UsageTrackingAgent.plist.bak
com.apple.videosubscriptionsd.plist.bak
com.apple.voicememod.plist.bak
com.apple.VoiceOver.plist.bak
com.apple.WebKit.PluginAgent.plist.bak

Launch Daemons

com.apple.awdd.plist.bak
com.apple.CrashReporterSupportHelper.plist.bak
com.apple.diagnosticd.plist.bak
com.apple.diagnosticextensions.osx.getmobilityinfo.helper.plist.bak
com.apple.diagnosticextensions.osx.timemachine.helper.plist.bak
com.apple.diagnosticextensions.osx.wifi.helper.plist.bak
com.apple.InstallerDiagnostics.installerdiagd.plist.bak
com.apple.familycontrols.plist.bak
com.apple.InstallerDiagnostics.installerdiagwatcher.plist.bak
com.apple.osanalytics.osanalyticshelper.plist.bak
com.apple.preferences.timezone.admintool.plist.bak
com.apple.ReportCrash.Root.plist.bak
com.apple.rtcreportingd.plist.bak
com.apple.sysdiagnose_helper.plist.bak
com.apple.sysdiagnose.plist.bak

@Mediajake

This comment has been minimized.

Copy link

@Mediajake Mediajake commented Apr 27, 2020

@varenc

This comment has been minimized.

Copy link

@varenc varenc commented Apr 27, 2020

@kainanakidd are you sure the mds service is running? It's not in your list, though it also looks like your list is only including user services and not global services? mds builds the index that Spotlight uses for searching. (man mds for slightly more context). For spotlight to work the com.apple.metadata.mds service and a bunch of mdworker services should all appear when you run sudo launchctl list.

You can run sudo mdutil -a -s to check indexing status. It should show the indexing is enabled for /: and/or /System/Volumes/Data. If that all checks out just fine then you can reindex a specific folder by following Apple's instructions, or for the nuclear option use the -E option on mdutil to erase and rebuild the index, but it might take a long time.

@Mediajake, mac os memory is complicated these days and I find it hard to know when memory is really slowing me down. I have one machine with 32GB of RAM and even when there's plenty of free memory I'll still see 1-2GB of swap being used and things are totally fine. Wired, Active, Compressed, and Inactive memory also complicate things making it tricky to know if memory is really constraining you. To try a simplify things, Activity Monitor has a "memory pressure" graph which tries boil everything down to one metric. Even if your memory/swap looks full, if Activity Monitor shows you memory pressure is in the green, then lack of memory probably isn't your problem. Another roundabout test is to open one (or 3) Chrome tabs to Google Earth, or do anything else that takes a lot of memory, and see if your swap usage spikes.

@emikaadeo-git

This comment has been minimized.

Copy link

@emikaadeo-git emikaadeo-git commented Apr 28, 2020

I'm subbing hoping someone releases a script that disables the agents (nicely) rather than deleting plists which could easily come back and do weird shit.

Until then, I'll use LaunchControl to disable these agents

Hi, did you try disabling com.apple.followupd with LaunchControl?
Is it work?

@varenc

This comment has been minimized.

Copy link

@varenc varenc commented Apr 29, 2020

For people trying to us this to reduce background CPU/Memory usage..

Some of these services aren't persistent background processes. They'll certainly startup under some conditions and take up resources when they do that, but since they're not persistent, my guess is that their effect on resource consumption will be pretty minimal. (Also some of these may be persistent for you but not for me, depending on your configuration)

I wrote a little script to check the status of each of these jobs and these are all the ones that aren't running in the background on my computer.

NOT RUNNING com.apple.AOSHeartbeat
NOT RUNNING com.apple.AOSPushRelay
NOT RUNNING com.apple.AddressBook.SourceSync
NOT RUNNING com.apple.AddressBook.abd
NOT RUNNING com.apple.AirPortBaseStationAgent
NOT RUNNING com.apple.DiagnosticReportCleanup
NOT RUNNING com.apple.KeyboardAccessAgent
NOT RUNNING com.apple.ManagedClient
NOT RUNNING com.apple.ManagedClient.cloudconfigurationd
NOT RUNNING com.apple.ManagedClient.enroll
NOT RUNNING com.apple.RemoteDesktop
NOT RUNNING com.apple.RemoteDesktop.PrivilegeProxy
NOT RUNNING com.apple.ReportPanic
NOT RUNNING com.apple.TrustEvaluationAgent
NOT RUNNING com.apple.VoiceOver
NOT RUNNING com.apple.WebKit.PluginAgent
NOT RUNNING com.apple.accessibility.dfrhud
NOT RUNNING com.apple.amp.mediasharingd
NOT RUNNING com.apple.ap.adservicesd
NOT RUNNING com.apple.appleseed.fbahelperd
NOT RUNNING com.apple.appleseed.seedusaged
NOT RUNNING com.apple.appleseed.seedusaged.postinstall
NOT RUNNING com.apple.eapolcfg_auth
NOT RUNNING com.apple.exchange.exchangesyncd
NOT RUNNING com.apple.familycontrols.useragent
NOT RUNNING com.apple.familynotificationd
NOT RUNNING com.apple.findmymacmessenger
NOT RUNNING com.apple.gamed
NOT RUNNING com.apple.helpd
NOT RUNNING com.apple.iCloudUserNotifications
NOT RUNNING com.apple.java.InstallOnDemand
NOT RUNNING com.apple.mediaanalysisd
NOT RUNNING com.apple.parentalcontrols.check
NOT RUNNING com.apple.parsec-fbf
NOT RUNNING com.apple.photoanalysisd
NOT RUNNING com.apple.preferences.timezone.admintool
NOT RUNNING com.apple.quicklook
NOT RUNNING com.apple.quicklook.ui.helper
NOT RUNNING com.apple.screensharing
NOT RUNNING com.apple.screensharing.MessagesAgent
NOT RUNNING com.apple.screensharing.agent
NOT RUNNING com.apple.screensharing.menuextra
NOT RUNNING com.apple.security.keychain-circle-notification
NOT RUNNING com.apple.syncdefaultsd
NOT RUNNING com.apple.touristd
NOT RUNNING com.apple.videosubscriptionsd
NOT RUNNING com.apple.voicememod
@xma

This comment has been minimized.

Copy link

@xma xma commented Apr 29, 2020

usb_format

I'm unable to format an usb drive
log:
Disk Utility: (FindMyDeviceUI) [com.apple.icloud.FindMyMacUI:_] -[FMDUIFMMController disableFMMForRemoveDiskVolumes:hostWindow:usingCallback:]

@varenc

This comment has been minimized.

Copy link

@varenc varenc commented May 1, 2020

@xma As the error message says, that error is likely happening because Disk Util has a dependency on the Find My Device services. (for some reason...)

Enable com.apple.icloud.findmydeviced.findmydevice-user-agent and com.apple.icloud.fmfd and it might work. Though other icloud services like icloudd might be required as well.

@b0gdanw

This comment has been minimized.

Copy link

@b0gdanw b0gdanw commented May 4, 2020

@pwnsdx com.apple.imklaunchagent is not related to iMessage, "imklaunchagent is automatically invoked to launch input methods that are selected via direct user interaction." Disabling it can trigger frequent PAH_Extension assertion failed errors.

@sneak

This comment has been minimized.

Copy link

@sneak sneak commented May 6, 2020

@sneak

This comment has been minimized.

Copy link

@sneak sneak commented May 7, 2020

For those of you trying to partition/format disks and having trouble, I just tested it and diskutil partitionDisk still works fine in the terminal.

Run diskutil partitionDisk without any further arguments for the syntax explainer, which works out to something roughly like: diskutil partitionDisk disk2 1 GPT jhfs+ usbstick R. diskutil list will give you your disk numbers.

@kikieri

This comment has been minimized.

Copy link

@kikieri kikieri commented May 11, 2020

any possibility to "test" this script....
how can I undo the changes when something is not working?

@varenc

This comment has been minimized.

Copy link

@varenc varenc commented May 20, 2020

@kikieri

there's 2 scripts in this gist. You run the 2nd one, enable.sh, to re-enable everything. Though of course there's no guarantees. If you don't feel comfortable digging in and debugging things I wouldn't recommend doing this.

@mmitchellg5

This comment has been minimized.

Copy link

@mmitchellg5 mmitchellg5 commented May 20, 2020

@Xenthio

This comment has been minimized.

Copy link

@Xenthio Xenthio commented May 21, 2020

this can be ran outside recovery by doing sudo mount -uw /

@mmitchellg5

This comment has been minimized.

Copy link

@mmitchellg5 mmitchellg5 commented May 21, 2020

Meant to come back in and edit that last part out, figured out how to run it.

@Wyvern

This comment has been minimized.

Copy link

@Wyvern Wyvern commented May 23, 2020

Anybody knows how to disable xpc service such as com.apple.PerformanceAnalysis.animationperfd in macos?

@ellipticaldoor

This comment has been minimized.

Copy link

@ellipticaldoor ellipticaldoor commented May 24, 2020

anybody knows how to disable the menubar process?

@Mediajake

This comment has been minimized.

Copy link

@Mediajake Mediajake commented Jun 2, 2020

@varenc

This comment has been minimized.

Copy link

@varenc varenc commented Jun 2, 2020

@Wyvern it looks like that process is referenced in this launchd plist: /System/Library/LaunchDaemons/com.apple.jetsamproperties.Mac.plist

found that by searching all the launchd directories for plists that mentioned that process with this very ugly shell cmd:

$ find /System/Library/Launch* /Library/Launch* ~/Library/Launch* -print -exec plutil -p {} \;   | grep "animationperfd\|/Launch" | grep -B1 animationperfd

/System/Library/LaunchDaemons/com.apple.jetsamproperties.Mac.plist
        "com.apple.PerformanceAnalysis.animationperfd" => {
        "com.apple.PerformanceAnalysis.animationperfd" => {

@OmerWow

This comment has been minimized.

Copy link

@OmerWow OmerWow commented Jun 8, 2020

Yes you need to mount the user partition in the disk utility

Hi, can you please tell me how to do that? I'm having the same problem and I can't find a solution online

@junkblocker

This comment has been minimized.

Copy link

@junkblocker junkblocker commented Jun 8, 2020

@pwnsdx - Every time I see non-technical people totally confused about the implications of running this or worse affected and unable to undo it, I wonder if you should add a scary disclaimer and make it stand out near the very top.

@OmerWow

This comment has been minimized.

Copy link

@OmerWow OmerWow commented Jun 17, 2020

@pwnsdx - Every time I see non-technical people totally confused about the implications of running this or worse affected and unable to undo it, I wonder if you should add a scary disclaimer and make it stand out near the very top.

I just got my first mac ever (I'm almost 22) a few days prior to reading this post and I wasn't familiar with anything.
Anyway, found the answer and ran my customized script a few hours later, thanks tough.

@naryfa

This comment has been minimized.

Copy link

@naryfa naryfa commented Jun 24, 2020

Uhm...

Is it possible that one of these that I disabled is causing the Photos app to hang forever on quit? I tend to think that some daemons/services are inter-dependent...

/System/Library/LaunchAgents
com.apple.CoreLocationAgent.plist
com.apple.UsageTrackingAgent.plist
com.apple.ap.adprivacyd.plist
com.apple.ap.adservicesd.plist
com.apple.bluetooth.PacketLogger.plist
com.apple.bluetoothUIServer.plist
com.apple.familycircled.plist
com.apple.familycontrols.useragent.plist
com.apple.familynotificationd.plist
com.apple.findmymacmessenger.plist
com.apple.iTunesHelper.launcher.plist
com.apple.icloud.findmydeviced.findmydevice-user-agent.plist
com.apple.locationmenu.plist
com.apple.macos.studentd.plist
com.apple.parentalcontrols.check.plist
com.apple.progressd.plist
com.apple.spindump_agent.plist

/System/Library/LaunchDaemons
com.apple.IOBluetoothUSBDFU.plist
com.apple.SubmitDiagInfo.plist
com.apple.analyticsd.plist
com.apple.bluetoothReporter.plist
com.apple.bluetoothaudiod.plist
com.apple.bluetoothd.plist
com.apple.diagnosticextensions.osx.bluetooth.helper.plist
com.apple.familycontrols.plist
com.apple.findmymac.plist
com.apple.findmymacmessenger.plist
com.apple.icloud.findmydeviced.plist
com.apple.locationd.plist
com.apple.spindump.plist
com.apple.tailspind.plist

This is the output from the console:

default 10:07:49.535538 -0400 Photos 27366555: RECEIVED OUT-OF-SEQUENCE NOTIFICATION: 164 vs 173, 513,
default 10:07:50.583042 -0400 dasd Attempting to suspend based on triggers: ( "com.apple.duetactivityscheduler.photospolicy.appchanged" )
default 10:07:50.584862 -0400 dasd Ignoring trigger com.apple.duetactivityscheduler.photospolicy.appchanged because conditions are deteriorating


EDIT:

OK, my apologies. I found the problem. It was none of the above. Turns out that the Photos app is dependent on:
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc
which I have also removed, but since I put it back, the Photos app quits normally.

@abhimanyu123456

This comment has been minimized.

Copy link

@abhimanyu123456 abhimanyu123456 commented Jul 9, 2020

@ALL : Can anyone let me know if i can disable Finder from the Mac Catalina .

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jul 17, 2020

Thanks, working great!

@kikieri

This comment has been minimized.

Copy link

@kikieri kikieri commented Jul 17, 2020

When I did a system update, I have to run the script again? (went to 10.15.6)

@keithbarrett

This comment has been minimized.

Copy link

@keithbarrett keithbarrett commented Jul 17, 2020

Can you place comments in the sections to list the things the daemon/agent disables? This will create a growing knowledge base, making it easier for people to self determine what they want. For example; the "Quicklook" section also disables icons and previews for images displaying the image instead of a white icon.

@pr3jker

This comment has been minimized.

Copy link

@pr3jker pr3jker commented Jul 21, 2020

control

I'm subbing hoping someone releases a script that disables the agents (nicely) rather than deleting plists which could easily come back and do weird shit.

Until then, I'll use LaunchControl to disable these agents

I tried too, but only a few agents and daemons can be disabled this way. For 99%, I get the "Failed to write plist" error, because Catalina system is read-only.
So i presume only rununing this script from recovery will do.

@joostvgh

This comment has been minimized.

Copy link

@joostvgh joostvgh commented Aug 6, 2020

Thanks, my mac is working way faster.

Just one issue: starting spotlight has about 500ms delay. Anyone knows which daemon/agent I should enable?

@pleasejustgo

This comment has been minimized.

Copy link

@pleasejustgo pleasejustgo commented Aug 17, 2020

@pwnsdx Just curious if you're going to make a "disable bunch of sh*t in Big Sir" post. Thanks!

@Jaxiea

This comment has been minimized.

Copy link

@Jaxiea Jaxiea commented Aug 23, 2020

Is anyone else's battery notification gone? Or is it just me?

@joostvgh

This comment has been minimized.

Copy link

@joostvgh joostvgh commented Aug 23, 2020

Is anyone else's battery notification gone? Or is it just me?

not for me.

media buttons on touchbar stopped working though

@fxfactorial

This comment has been minimized.

Copy link

@fxfactorial fxfactorial commented Sep 7, 2020

Just ran it , great script, one service seems to have moved. We should probably add WeatherKit to the list, waste of resource

@pwnsdx

This comment has been minimized.

Copy link
Owner Author

@pwnsdx pwnsdx commented Sep 10, 2020

Unfortunately, since macOS Big Sur is now using SSV (Signed System Volume) on the entire boot volume, this script will not work with future versions of macOS. It was a great fun developing it and hopefully someone can find a workaround to disable the #$!@ in Big Sur ;)

@pwnsdx

This comment has been minimized.

Copy link
Owner Author

@pwnsdx pwnsdx commented Sep 10, 2020

@pleasejustgo

@pwnsdx Just curious if you're going to make a "disable bunch of sh*t in Big Sir" post. Thanks!

https://gist.github.com/pwnsdx/1217727ca57de2dd2a372afdd7a0fc21#gistcomment-3448419

@fxfactorial

This comment has been minimized.

Copy link

@fxfactorial fxfactorial commented Sep 10, 2020

@pwsdx what about running it in recover mode (SIP stuff disabled) that will also not apply in big sur?

@thegranddesign

This comment has been minimized.

Copy link

@thegranddesign thegranddesign commented Sep 10, 2020

Considering all of the issues people have been having with finding disable-able services, I've created a gist based on this that will allow you to bisect your services. Although realizing that Big Sur is not allowing this means I probably just wasted quite a bit of time 😂

https://gist.github.com/thegranddesign/fef254a615c6d1bf67f83c176da8869d

@thegranddesign

This comment has been minimized.

Copy link

@thegranddesign thegranddesign commented Sep 10, 2020

Looks like you can modify the boot volume in Big Sur, you just need to run some additional commands to disable root system volume authentication and recalculate the "blessed" snapshot.

csrutil authenticated-root disable
sudo bless --folder /[mountpath]/System/Library/CoreServices --bootefi --create-snapshot

https://eclecticlight.co/2020/06/25/big-surs-signed-system-volume-added-security-protection/

Note that this effectively disables this additional security mechanism (authenticated boot volumes by signing), which truth be told for most users is valuable, but pro users should have the option of disabling if they choose to.

@pwnsdx

This comment has been minimized.

Copy link
Owner Author

@pwnsdx pwnsdx commented Sep 25, 2020

Looks like you can modify the boot volume in Big Sur, you just need to run some additional commands to disable root system volume authentication and recalculate the "blessed" snapshot.

csrutil authenticated-root disable
sudo bless --folder /[mountpath]/System/Library/CoreServices --bootefi --create-snapshot

https://eclecticlight.co/2020/06/25/big-surs-signed-system-volume-added-security-protection/

Note that this effectively disables this additional security mechanism (authenticated boot volumes by signing), which truth be told for most users is valuable, but pro users should have the option of disabling if they choose to.

Good catch. I might create a version for Big Sur after all but that will make the process more complicated and it's now certain that it must be done after each update.

@lukey204

This comment has been minimized.

Copy link

@lukey204 lukey204 commented Oct 20, 2020

hello can someone that knows tell me why familycircled pops up on my network traffic and how I can get rid of it. Thank you kindly

@coypu23

This comment has been minimized.

Copy link

@coypu23 coypu23 commented Nov 16, 2020

Summary of experience
Upgrading the system will break some software and tweaking the system could disable one's Mac. Both are solved by cloning a system into a partition on an external SSD. Even with claimed USB bottleneck, it is much faster than the internal HD on this Mac Mini. It also allows the user to choose a newer or older version of MacOS on different partitions on the SSD.
Rather than a script, I turned off agents and daemons a few at a time by moving them to Off folders, to test effects.
Turning off agents and daemons has freed up RAM and has further improved speed and responsiveness. Startup from chime to desktop is 25 seconds. Initial RAM with 10.10 as a test bed, use 850 Mb; after a minute idle, 840 Mb RAM.
Explanations of agent and daemon purpose have been very helpful.
I also turned off spotlight and all the associated mds functions; I use Easy Find instead.
I turned off iCloud functions; many agents and daemons otherwise activate even if cloud is turned off in system preferences.
After some tweaks, com.apple.dock.extra became launched and then became unresponsive but did not consume CPU. The following terminal commands fixed the problem.
cd /System/Library/CoreServices/Dock.app/Contents/XPCServices
mv com.apple.dock.extra.xpc /Users/username/Desktop/com.apple.dock.extra.xpc
then move it from desktop to a disabled folder
No need for screen sharing, other sharing or sync services with devices so those were turned off too.
MacOS 10.15 has some advantages: it detected that starting VPN triggers permission settings. GlobalProtect wants access to desktop, documents, even external disks. Just say no. Nevertheless it works fine.
MacOS 10.15 has some disadvantages: it will not allow one to save modified versions of documents on an external USB drive using text edit or most other software. One must either change the name to do that; alternatively save it on the system drive but then there is the versioning feature / bug that cannot be turned off. Open office does allow one to save modified versions of documents on an external USB drive.

@ecompayment

This comment has been minimized.

Copy link

@ecompayment ecompayment commented Nov 18, 2020

here what i did so far for BigSur

  1. Disable csrutil and csrutil authenticated-root
    from Terminal mkdir mnt (it will be in /Users/youname/
  2. Create root account
  3. Login as root
    check your mount disk by mount
    in my case it is /dev/disk2s5s1
    from terminal
    sudo mount -o nobrowse -t apfs /dev/disk2s5 mnt/
    Omit "s1"
    edit network extention to remove apple files, so little snitch can see them
    sudo nano mnt/System/Library/Frameworks/NetworkExtension.framework/Versions/A/Resources/Info.plist

once done
yoou can remove unneeded services one by one using the following
sudo mv mnt/System/Library/LaunchAgents/com.apple.cloudpaird.plist mnt/System/Library/LaunchAgents/com.apple.cloudpaird.plist.bak
sudo mv mnt/System/Library/LaunchAgents/com.apple.cloudphotod.plist mnt/System/Library/LaunchAgents/com.apple.cloudphotod.plist.bak
etc.
once finish you need to bless volumes
sudo bless --folder mnt/System/Library/CoreServices --bootefi --create-snapshot && sudo reboot

@pleasejustgo

This comment has been minimized.

Copy link

@pleasejustgo pleasejustgo commented Nov 21, 2020

Can anyone confirm what is the difference between doing it this way vs using an app like LaunchControl to do it? Like I mean, would you still have to go through all those hoops if it's done through the app?

@490398290

This comment has been minimized.

Copy link

@490398290 490398290 commented Nov 21, 2020

Unfortunately, since macOS Big Sur is now using SSV (Signed System Volume) on the entire boot volume, this script will not work with future versions of macOS. It was a great fun developing it and hopefully someone can find a workaround to disable the #$!@ in Big Sur ;)

Try this and see if its working:

In recovery just type:

mount -uw /
nvram boot-args= "no_compat_check"
csrutil disable
csrutil authenticated-root disable
reboot

@eggplanting

This comment has been minimized.

Copy link

@eggplanting eggplanting commented Nov 22, 2020

Thanks for the last suggestions, which are trying to make this script compatible with Big Sur.

Sadly I don't know how to proceed, since the commands only show a part of what has to be done. Would be great if someone could write a small guide with all commands needed to get this script running with Big Sur.

Hopefully this script goes on, I loved it on my Catalina setup. Best privacy addition to MacOS by far!

@cynecx

This comment has been minimized.

Copy link

@cynecx cynecx commented Nov 22, 2020

@eggplanting @ecompayment's steps are pretty self-explaining. Perhaps this will help:

# Boot into recovery mode; open a terminal and run the following commands
# (disabling sip and allowing booting from an unauthenticated root disk):

csrutil disable
csrutil authenticated-root disable
reboot

# You should be out of recovery mode now. Mount the root disk and apply the modifications (`disk2s5` may vary):
cd ~ && mkdir mnt
sudo mount -o nobrowse -t apfs /dev/disk2s5 $(pwd)/mnt

cd ./mnt # the disable script needs cwd at the mount root
sudo ../disable.sh # the disable.sh is located at $HOME aka `~`
cd ..

# finally run bless
sudo bless --folder $(pwd)/mnt/System/Library/CoreServices --bootefi --create-snapshot
sudo umount $(pwd)/mnt

# reboot
sudo reboot
@ecompayment

This comment has been minimized.

Copy link

@ecompayment ecompayment commented Nov 23, 2020

Well. Big sur has 2 problem. First it is hiding own app from any firewall (Little snitch , LULU, etc)
to fix it this is the step require
from terminal
mkdir mnt
sudo mount -o nobrowse -t apfs /dev/disk1s5 mnt/
(change disk if different)
sudo nano mnt/System/Library/Frameworks/NetworkExtension.framework/Versions/A/Resources/Info.plist

Remove anything between , under ContentFilterExclusionList.
save
sudo bless --folder mnt/System/Library/CoreServices --bootefi --create-snapshot && sudo reboot

once done Little Snitch see everything as usual.
Screen Shot 2020-11-21 at 10 15 44 AM
Screen Shot 2020-11-21 at 10 14 27 AM

Next to disable services like i explained above.
I am still trying to see what can be disable safe, since BigSur change many services and remove some while adding some.
Some services that were disable OK under Catalina and Mojave, causing BigSur proble. For example, when i disable all siri including assisantd, it create loading problem for Security and privicy. It will not open, etc
if somebody interested, i can show the services i disable so far and system working fine.

Another observation, some service can be disabled under my iMac 2017( No T2 chip), but if i try to disable the same services on macbook with T2 chip, system have problem.

@eggplanting

This comment has been minimized.

Copy link

@eggplanting eggplanting commented Nov 23, 2020

@cynecx Wanted to leave feedback, followed every step and got the script working. Thanks!

I ran the whole script on Big Sur and don't see issues so far, except an error notification when I open "Security & Privacy" in settings, because the Apple adservice cannot be loaded. I guess this is the normal behavior since it's disabled. Going to check how it works in the long run.

@ecompayment I don't see issues so far with my Macbook Pro 13" (2018), Security & Privacy is working fine with the mentioned error notification. Thanks for adding your steps to change the firewall behavior.

@pwnsdx Would be great if the script could indeed be optimized for Big Sur, with added instructions to get it running. Thanks for making this script and it's not over yet! :)

@eggplanting

This comment has been minimized.

Copy link

@eggplanting eggplanting commented Nov 23, 2020

I killed my location services, I'm not able to activate them via "Privacy & Security" (no error notification, the checkmark isn't showing up):

Anyone knows how to fix this?

grafik

EDIT:

Thanks to @cynecx problem solved, after enabling:
com.apple.locate and com.apple.locationd

@cynecx

This comment has been minimized.

Copy link

@cynecx cynecx commented Nov 23, 2020

@eggplanting You could perhaps bisect which service needs to be enabled again? Like try enabling half of the services and so on until Ortungsdienste is working again.

EDIT:

com.apple.locate and com.apple.locationd perhaps?

@stlimtat

This comment has been minimized.

Copy link

@stlimtat stlimtat commented Nov 25, 2020

I have found the experience interesting. Steps I have taken:

  1. Disable fileVault before reboot
    Verify that encryption is disabled before reboot by running diskutil apfs list. You should see the various devices listed as "FileVault: No" or "FileVault: No (Encrypted at rest)".
  2. Sign out of iCloud before shut down - choose shutdown instead of reboot.
  3. Download a copy of the disable script into your home folder. example /Users/xxx/disable.sh

Recovery mode 1st time

  1. Boot into recovery mode by holding Cmd+R and holding till the apple logo appears and a bit longer.
  2. Select in the top menu bar - Utilities -> Terminal
  3. Run the following commands
csrutil disable
csrutil authenticated-root disable
  1. Shut down again

Recovery mode 2nd time

  1. In my case, my root filesystem was in disk2s1 when booting up, and already mounted when boot up.
  2. Run the following command
mount -uw /Volumes/Macintosh\ HD
  1. Figure out where your copy of the disable script is.
/Volumes/Macintosh\ HD-Data/Users/xxx/disable.sh
  1. Assuming you did not edit the disable.sh file, you will want to do the following, because the script assumes relative path
cd /Volumes/Macintosh\ HD
sh /Volumes/Macintosh\ HD-Data/Users/xxx/disable.sh
  1. Edit the file to reveal all the services for Little Snitch
nano /Volumes/Macintosh\ HD/System/Library/Frameworks/NetworkExtension.framework/Versions/A/Resources/Info.plist
  1. Bless the boot partition
bless --folder /Volumes/Macintosh\ HD/System/Library/CoreServices --bootefi --create-snapshot
  1. Reenable csrutils again. You will never be able to get csrutil authenticated-root back again
csrutil enable
  1. Reboot, cross your fingers

Back in normal OS

  1. Reenable filevault and sign back into icloud if you want to.
  • Filevault does not work and returns an error - Error: A problem occurred while trying to enable FileVault. (-69596) when running sudo fdesetup enable
@stlimtat

This comment has been minimized.

Copy link

@stlimtat stlimtat commented Dec 5, 2020

Has anyone been able to get file vault working after disabling all the services?

@dreiada

This comment has been minimized.

Copy link

@dreiada dreiada commented Dec 13, 2020

Greetings!
Would it be possible to suggest how to do this on Mojave? I tried running this script with csrutil disabled and ended up getting rapportd and homed processes showing up (huge CPU load) - very little info on how to get rid of them, I am not experienced enough to compile a proper terminal command specific to a process myself (I looked up similar issues with photoanalysisd)
would be great if I could fully utilise this script (Mojave 10.14.5 and 10.14.6 installed on 2 partitions, MBP mid 2014)
Many thanks!

@jamespurnama1

This comment has been minimized.

Copy link

@jamespurnama1 jamespurnama1 commented Dec 16, 2020

Well. Big sur has 2 problem. First it is hiding own app from any firewall (Little snitch , LULU, etc)
to fix it this is the step require
from terminal
mkdir mnt
sudo mount -o nobrowse -t apfs /dev/disk1s5 mnt/
(change disk if different)
sudo nano mnt/System/Library/Frameworks/NetworkExtension.framework/Versions/A/Resources/Info.plist

Remove anything between , under ContentFilterExclusionList.
save

@ecompayment does this have any side effects on your OS? I tried it with mine it seems mac apps are having trouble connecting to my Apple account. Keeps getting stuff like The verify credentials call failed & The request timed out in the console. Wondering if this caused it.

@ecompayment

This comment has been minimized.

Copy link

@ecompayment ecompayment commented Dec 16, 2020

it is hard to test for me, since i removed all Apple accounts, services, and cloud related stuff from my computer.
I cannot test it

@dreiada

This comment has been minimized.

Copy link

@dreiada dreiada commented Dec 17, 2020

hi could someone please suggest a script to block rapportd and homed processes/daemons on Mojave - these HomeKit things really eat up battery many thanks!!!

@dreiada

This comment has been minimized.

Copy link

@dreiada dreiada commented Dec 18, 2020

hi all maybe I figured my own question out
(disable rapportd on Mojave, csrutil must be disabled then reenabled)

launchctl disable gui/$UID/com.apple.rapportd && launchctl kill -TERM gui/$UID/com.apple.rapportd

I also ran same for homed process

credits:
https://dev.to/gjbianco/controlling-photoanalysisd-3j2a

hope this helps, cheers

UPDATE when csrutil is enabled the process comes back at 145-230% CPU load

@whenmusicattacks

This comment has been minimized.

Copy link

@whenmusicattacks whenmusicattacks commented Dec 19, 2020

hello everyone, i have been tryn to solve this issue for a while: i disabled some crash report related stuff, but now that i actually had a system hang (too many drives plugged when shutting down the system, had to force shut down) i get a message " computer restarted because of a problem" at every boot. is there any way to disable the message for the time being ?
I tried to clean nvram with no luck; i think the issue is related to all the diagnostic services i disabled and the panic not being sent back / cleaned, but doing the enable script did not solve the issue, i would also love to actually get rid of whatever process is actually checking and sending the report

@loadedfoxx

This comment has been minimized.

Copy link

@loadedfoxx loadedfoxx commented Dec 29, 2020

Hey @whenmusicattacks what version of macOS are you running? I had similiar issues, and went through the paces trying to figure out the issue. Thought it was a conflict with Little Snitch. Once I installed 10.15.7, I no longer received that message.

@whenmusicattacks

This comment has been minimized.

Copy link

@whenmusicattacks whenmusicattacks commented Dec 29, 2020

I am on catalina and using Lulu, i solved this by removing some logs folders in the computer. As stated, i would like to get to the root of the problem. Is there any thread on the internet where to discuss this script that can be maintained better , where people can helpwrite a huge first post with all the experiences and stuff ?

@loadedfoxx

This comment has been minimized.

Copy link

@loadedfoxx loadedfoxx commented Dec 29, 2020

@whenmusicattacks Maybe some folders got cleaned up when I upgraded to Catalina 10.15.7...? Hence fixing my problem. Never underestimate Apple's doing's. That problem started happening for me a little while after an update and then seemed to be fixed with the next.. There's quite a lot of gems through out this thread on updates and thoughts. You could get the script up and start scanning through replies to see how you can add comments to many of the agents and daemons. Then based on what you need personally or what you're trying to accomplish you can comment out some of the lines, etc. If there's undsirable effects, it can always be reenabled.

Your thoughts are valid, it's just that these type of tweaks are very specific -- one person uses icloud but hates the extra analytics or somone may want it locked down as much as possible with notion that they are giving up or breaking serevices . It's kind of like the saying: "Your mileage may vary"

@whenmusicattacks

This comment has been minimized.

Copy link

@whenmusicattacks whenmusicattacks commented Dec 30, 2020

Well yeah, but there is a lot to be written that can be useful to research how different services interact with each other. A good wiki post with description of some major "offending" services and such. I'd love to have such a thread, maybe there is already one somewhere, macrumors? Insanelymac?

@johnstonesnow

This comment has been minimized.

Copy link

@johnstonesnow johnstonesnow commented Jan 4, 2021

Sorry for my ignorance. Couple of questions:

  1. Will this work on El Capitan and High Sierra?
  2. I have no clue how to use github, I am no developer :). Are there some idiot proof instructions how to install this on my macs?
    thanks
@coypu23

This comment has been minimized.

Copy link

@coypu23 coypu23 commented Jan 6, 2021

One can certainly turn off unwanted agents and daemons in other versions of MacOS. It is wise to become familiar with the command line before doing so. One needs a path to turn some of them back on if a function you actually use has been disabled by the effort. As for prior query by whenmusicattacks I have searched for such a resource but have not found any.

@terry9873

This comment has been minimized.

Copy link

@terry9873 terry9873 commented Jan 8, 2021

Thanks very much. I am just learning a bit about CLI, got my first linux machine and enjoying it so far.
I don't know what these bash scripts are, but I assume (please confirm) I just copy the entire code in that top post (disable.sh) and paste that into terminal, to disable all those functions. Is that right?
Don't worry, I am doing this on a test machine (spare Macbook).
I may remove a few bits if I need to, but at the moment I would REALLLLLLLLLLLLLY like to stop damn callouts to Apple servers. I have always used LittleSnitch for this in the past but it's not easy researching every damn process/connection. I think this may be just what I am after, as I use NO apple services whatsoever, even closing my icloud email and paying for a third party provider. I just want OUT of the apple ecosystem/walled garden, but I want the hardware and basic OS :)
thanks again, grateful if you could confirm how I run it

PS - I have a choice of El Capitan or Catalina. Am I right in suspecting that El Cap is less privacy invasive/intrusive than Catalina?

@terry9873

This comment has been minimized.

Copy link

@terry9873 terry9873 commented Jan 8, 2021

I have just been reading about BigSur privacy concerns. I can't believe I am reading that Apple designed stuff to bypass VPNs, but then of course I CAN totally believe when I think more about it. Plus hashing and calling out to apple servers when apps are opened/closed etc. I am SO sick of this privacy invasion, even from the 'bastions of privacy' that apple claims to be. Yeah, if by privacy they mean 'we will make sure nobody ELSE gets your data' (except government)!

@rraallvv

This comment has been minimized.

Copy link

@rraallvv rraallvv commented Jan 11, 2021

Does anyone know how to disable Apple Media Services? For some reason Apple is constantly logging me off and I'm getting a warning all the time saying "This Mac can't connect to Apple Media Services" 😠

@gotjoshua

This comment has been minimized.

Copy link

@gotjoshua gotjoshua commented Jan 30, 2021

doing some operations properly like erasing a drive…

I also noticed this (microSD in an external USB reader fails to format on OSX Catalina 10.5.7) ...
com.apple.icloud.Find My Device error 13
wtf does formatting need find my mac for?

although diskutil manages to do the format just fine from the command line:
sudo diskutil eraseDisk exfat yourVolumeName GPTFormat /dev/disk#

i'm comfy on the commandline, but still I do like the option to use Disk Utility so i re-enabled it:

as @Xenthio said above

this can be ran outside recovery by doing sudo mount -uw /

and then:
sudo mv /System/Library/LaunchDaemons/com.apple.icloud.findmydeviced.plist.bak /System/Library/LaunchDaemons/com.apple.icloud.findmydeviced.plist

@coypu23

This comment has been minimized.

Copy link

@coypu23 coypu23 commented Feb 4, 2021

---Some functions fail even in unmodified installation of 10.15 Catalina; it will not allow one to save modified versions of documents on an external USB drive using text edit or most other software. A work around for text files is to use TextMate.
---In response to prior query by terry9873, earlier versions of MacOs are less intrusive.
---One can remove daemons and agents without a script, one at a time or a few at a time, then test after a reboot.
---It has to be done from the terminal. The finder itself is blocked from making changes in 10.15 even with SIP off.
--- In terminal window, activate administrator mode
sudo su
---give password
----Make disk writeable.
mount -uw /
---Change directory to library within system
cd /System/Library
---Make directories for disabled daemons and agents
mkdir LaunchDaemonsOff
mkdir LaunchAgentsOff
---Turn off Spotlight assuming you do not want it; similarly with others you want to remove
mv LaunchAgents/com.apple.Spotlight.plist LaunchAgentsOff
---Turn it back on if, after a reboot, you decide it is needed
mv LaunchAgentsOff/com.apple.Spotlight.plist LaunchAgents
***Make sure you have a duplicate system on another drive or partition. Any errors or removing the wrong item can hose your MacOs.

@cyberprimate

This comment has been minimized.

Copy link

@cyberprimate cyberprimate commented Feb 14, 2021

Would it be possible that someone have the kindness of writing a more explicit process for a relative newbie? I've been enquiring on mac forums about how to just disable Quicklook on my iMac (Catalina), removing the content of the Quicklook folder didn't do it (although it did disable certain functions of quicklook), and now I find this web page but it's slightly above my experience with Terminal… I'm sure we're many in this situation. Could anyone help?

@johnstonesnow

This comment has been minimized.

Copy link

@johnstonesnow johnstonesnow commented Feb 17, 2021

I would like to second the above comment. I DESPERATELY want to limit Apple's spying and betrayal of its userbase. If I could leave Apple completely I would, I already have with my phone. But I can't for business as I use Macs in my office and have apps I have been using for many years, changing isn't an option. I am hanging fire with High Sierra and Mojave, but what I have read about Catalina and even worse, Big Slur, makes me feel quite sure is nobody's friend any more, except its shareholders.

I wish there was a beginner guide for the above, I would not hesitate to install it if I could be confident in how to do it and how to undo it, in layman's speak. :) There is no obligation to do so, and its GREAT to see someone creating something like this. But making it easier for those of us who know nothing about CLI, that would be even more great!

@coypu23

This comment has been minimized.

Copy link

@coypu23 coypu23 commented Feb 17, 2021

Sorry I do not know a way without familiarity with the terminal. I have several external solid state drives, one with a fresh install of 10.15 Catalina and another one with a heavily trimmed MacOs. To recover the trimmed OS if it becomes messed up involves copying the requisite files using terminal and keeping track of volumes and such. With 10.15 and presumably others with system integrity protection (SIP), the finder will not work even with SIP off. Terminal commands are needed.

One option is simply use an older Mac with older OS. Many professional tasks can be done this way; another laptop does not take up much space. The Web can be a challenge because modern browsers are not available for older OS. Water fox is a decent choice back to 10.8, 10.6.

As for quick look, I have not removed it, but the contents of the LaunchAgents folder show some agent names that begin with quick look. That would be a place to start. Near the top of this page, some are listed.

@cyberprimate

This comment has been minimized.

Copy link

@cyberprimate cyberprimate commented Feb 17, 2021

As for quick look, I have not removed it, but the contents of the LaunchAgents folder show some agent names that begin with quick look. That would be a place to start. Near the top of this page, some are listed.

I've emptied the whole Quicklook folder, and removed all the Quicklook agents from LaunchAgents folder, Quicklook is still active… When I press the spacebar for the first time on a video file I can see that it's taking a while before the playing happens and becomes immediate from then on, as if it was loading the underlying app to play it. It's got the same limits as QuickTime Player (hates mkv, AVI…).

@coypu23

This comment has been minimized.

Copy link

@coypu23 coypu23 commented Feb 20, 2021

I use quick look on occasion so it is left on, but I had a similar experience with iCloud. After removing the plists, there was still activity. Eventually I removed iCloudHelper.xpc - this was on 10.10. There might be a similar one for quick look. Moving these can be risky. It could hose your system. Backups are -highly- recommended.

@nisc

This comment has been minimized.

Copy link

@nisc nisc commented Feb 28, 2021

$ man launchctl

 enable | disable service-target
          Enables or disables the service in the requested domain. Once a service is disabled, it cannot be
          loaded in the specified domain until it is once again enabled. This state persists across boots of
          the device. This subcommand may only target services within the system domain or user and user-login
          domains.

@pwnsdx what's the difference between using launchctl disable $service and the approach that you're proposing (renaming the .plist files)? The former seems safer to me. Does disable not work for all daemons/agents?

@terry9873

This comment has been minimized.

Copy link

@terry9873 terry9873 commented Mar 23, 2021

@coypu23 - Thanks for your attempts to guide me above :)
I have used terminal, I would say I am "familiar" with it, but i don't know much about what's going on behind the scenes. I am conversant with backups and routinely take both TM and CCC backups which I keep in a fire safe. So I am happy to take some risks, then test, as I can roll back the entire machine (clone) if needed.
I have a few questions and would be extremely grateful for any replies.

  1. The biggest question is, I am still stumped on how to actually run the script shown at the top of this page. Words like "vars" etc mean nothing to me. I THINK I am right in saying the process goes along the lines of booting in recovery mode, running terminal commands, rebooting. But there is clearly a lot more to it than that, and I don't understand how to remove some elements of the script. For example I do use QuickLook a fair bit (although since other people want to avoid it, I would be interested to know why, as I am now obsessive about privacy and if this is a privacy intrusion I will learn to live without that). I don't even know how to download the script, github has always confused me because everything on it is designed for those who understand both code, and github! Not a criticism, I know you can't make stuff like this accessible to, say, my grannie :D - But I do think I should be able to find my way through it, been using Macs for 10-15 years and have run many terminal commands, pings, traceroutes, and stuff like that, so I should be able i think.

  2. Encryption - My HDD is encrypted, and I have done it WITHOUT Apple's incredibly sneaky manipulation by forcing you to encrypt AFTER setting up user account. I avoided this sneaky trick by cloning from an older OS High Sierra clone (which I keep for this purpose) as that can be cloned to an encrypted drive, meaning Apple doesn't get to take a copy of my encryption key which I am SURE they are doing with all post Mojave users. I won't explain why, but I spent days testing this and investigating it and I am 100% sure they do store this information (and I don't mean just in keychain). If anyone finds that hard to believe, just ask yourself (google it) why Apple agreed with CCP China to store ALL users data on servers physically located in China. Anyway... I have an encrypted drive which has to be decrypted during boot (imac) BEFORE i get to log in screen, my login passwords do NOT decrypt the drive. Filevault is on and I won't turn it off, as the process of turning it on means the user password and/or drive encryption key has to be entered BEFORE the encryption takes place, and this is where I am sure it all 'leaks' to Apple. My point here is that someone above mentioned you have to go decrypted before doing the above disable commands. If that's still the case, I am not sure I can use the script at all.

  3. I have tried using Little Snitch to stop all these invasive Apple processes doing things I dont want, like "analysing my photos" (Thanks Apple, but NO thanks!). But my machine has slowed, and I think it's because the processes are still trying to connect but LS is blocking them. So I am back looking at this script, I REALLY need to block all this junk in Mojave, and I will NEVER use BigSur, I will be fully over to Linux by the time updates force my hand in that regard. Apple is finished in this house, but for now the HW is good and I will take it as far as I can!

  4. Above you write a generous post trying to explain to me what to do. But it looks like you suggest one line at a time, disabling one thing at a time. I have read through the script and I am really looking for a "just works" approach, quick and simple. I don't mind being a bit aggressive and undoing things later, but I don't see much (if anything) in the script which will cause me a problem. I use NO apple services at all that I know of, not willingly anyway ;). The only possible exception is where someone above said "if you use Music app this services needs to be enabled for Music (iTunes) to work properly.
    TOENABLE+=('com.apple.AOSPushRelay'
    'com.apple.AOSHeartbeat'
    'com.apple.AMPArtworkAgent')”

I use iTunes JUST to play LOCAL library. I don’t do any sharing or downloading and certainly no buying! If I disable this will my local library still play, or should I not disable it? (I could actually move to a third party music player, if I really had to, but it would take some work as I have tons of tracks and playlists etc, but I don't want ANY conection to the internet at all in iTunes, so I use LS for that currently)

I would really like to find the simplest way to run this script and kick Apple out of my machine as much as possible. I still genuinely don't know how to do it, and I wish I did :(

Thanks for any replies.

@coypu23

This comment has been minimized.

Copy link

@coypu23 coypu23 commented Mar 24, 2021

1 I do not use the script; I disabled processes a few at a time followed by restart and testing. The commands used can be copied and pasted into a terminal window.
2 I do not know about the effect of encryption; have not tried it. Nothing private, though, is kept on a computer running 10.15; I use removable drives. If more concerned, turn off internet while working on them. If even more concerned, use an old Mac.
3 Outgoing firewalls can cause problems (I use radio silence). Turning off the process will help. For example, assuming the Off folder has been created as in prior note. If I need a process, I let it through the firewall.
mv LaunchAgents/com.apple.photoanalysisd.plist LaunchAgentsOff
4 Everyone has different needs. For example everything connected with Spotlight is off for me but some people like it. Having not used it, I cannot help with the script.

@terry9873

This comment has been minimized.

Copy link

@terry9873 terry9873 commented Mar 25, 2021

Thanks very much for that. I had never heard of Radio Silence, looks interesting!
I only use Mojave and older OS's. As I use macs for busines as well as personal, using an old one isn't an option for business but it is for personal. I like your approach. The last few versions of OSX are outright privacy nightmares in my view, and how Apple continues spewing the mantra of being "privacy respecting" is beyond me, but clearly not beyond the masses who just trust anything Apple by default, the only people they care about and create products for these days.
Sadly I don't know how to pull out individual commands from the script above so I am unable to try blocking any of these processes. If anyone comes along here and has the time and inclination to help spread this great script to the less technically gifted of us, I would be very grateful. I may even pay if someone can help with a guide/PDF or similar - would gladly part with $10-20 for something written specifically for less terminal-savvy users. If anyone fancies that, feel free to email me! terry@stanford13.33mail.com

@Picallo-svg

This comment has been minimized.

Copy link

@Picallo-svg Picallo-svg commented Mar 28, 2021

com.apple.iCloudUserNotifications need to change to com.apple.iCloudUserNotificationsd
com.apple.cloudphotoSd to com.apple.cloudphotod

@wolfen-stein

This comment has been minimized.

Copy link

@wolfen-stein wolfen-stein commented Apr 6, 2021

@pwnsdx is spctl an option to disable launch daemons on Big Sur without giving up SSV? E.g. disabling com.apple.cloudd with sudo spctl -add --label "DeniedApps" /System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd? What about killing the processes as soon they spawn, maybe using the Endpoint Security Framework (see e.g. https://objective-see.com/blog/blog_0x47.html)?

@moe123

This comment has been minimized.

Copy link

@moe123 moe123 commented Apr 15, 2021

@nisc yes, launchctl list | cut -f3 | grep quicklook | while read target_service; do echo "sudo launchctl disable ${target_service}"; done this thread is insanity at best.

@gcpmusic

This comment has been minimized.

Copy link

@gcpmusic gcpmusic commented Apr 22, 2021

I was using similar concept to move Agents Daemons and even some extensions to a disabled folder a few years ago from El Capitan to Mojave. After evaluating all the pro and cons I reached a conclusion that instead to mess with the system flow processes, is much better secure simple and safe to block all the unwanted connection from these process but at DNS level as any firewall such LS ,Lulu ect.. attempt to block them is not not enough.

In the end, the goal is the some, just to avoid these processes to communicate with the outside wold. For this, I use the excellent DNSCrypt-Proxy filter after the firewall leaks.

Since using this approach my machine run faster, dont have to bother in re-do all the disabling on every OS update a part to found any eventually new sneaky hole.

Below are the DNS Apple block I have set on Big Sur. The block list actually is quite long as also include ads domain, google etc.. etc..

-- Apple Block --
*.apple.com
*.apple.remoted
*.appcenter.ms
.apple-cloudkit.
ocsp.apple.com
gs.apple.com
.itunes.apple.com
configuration.apple.com
.apple.news
.ls.apple.
radarsubmissions.apple.com
.smp-device-content.apple.com
fides-pol.apple.com
internalcheck.apple.com
.aaplimg.
.icloud.
crl.apple.

.xp.apple.
.ess.apple.
cds.apple.

gsa.apple.

.push.apple.
.sandbox.push.apple.
iphone-wu.apple.com
mesu.apple.com
pancake.apple.com
smp-device-content.apple.com
appleid.apple.com
init-p01md.apple.

@johnstonesnow

This comment has been minimized.

Copy link

@johnstonesnow johnstonesnow commented Apr 22, 2021

Not sure I understand what you are doing fully, but it sure sounds like a much easier alternative for someone like me who isn't capable of running a script like this above. Does it not cause problems with updating 3rd party software or other problems running Max OSX if you block all those hosts?

@gcpmusic

This comment has been minimized.

Copy link

@gcpmusic gcpmusic commented Apr 22, 2021

Basically is the some idea but with a different approach. Instead to disable Agents and Daemon which anyhow interfere with the OS flow, just block only the process connections and not only from Apple but also for any Apps and Browsers as you wish !!

As I said I use DNSCrypt-proxy downloadable here: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/installation#installing-dnscrypt-proxy-on-macos-as-a-system-service also can be installed via Homebrew.

@johnstonesnow

This comment has been minimized.

Copy link

@johnstonesnow johnstonesnow commented Apr 22, 2021

I see, I just looked at that page and it's just as difficult for me as this script, perhaps more so. So i will hold out and hope one day I can work out how to run this one, or hope that someone might make it idiot proof for the masses instead of just the github brainboxes. :)

@gcpmusic

This comment has been minimized.

Copy link

@gcpmusic gcpmusic commented Apr 22, 2021

johnstonesnow, both methods are very simple. If you haven't enough basic knowledge for this, I suggest to not mess with your OS for your benefit. Following others idea without understanding will just lead you, if not immediately, surely in the long run to a disaster.

@ecompayment

This comment has been minimized.

Copy link

@ecompayment ecompayment commented Apr 23, 2021

This method work fine on Mojave and Catalina, but moving to Big Sur, it will require to dance with mounting writable disk, since you need to change plist of com.apple.mDNSResponder and then it will require to bless folder and loosing security. I gues it is time to get hardware firewall and put it in front where the blocked list can be created once and for all.

@hronro

This comment has been minimized.

Copy link

@hronro hronro commented Apr 24, 2021

Just find a way to disable SSV in Big Sur, so is it possible to make this script works in Big Sur?

csrutil authenticated-root disable

Reference: https://eclecticlight.co/2020/06/25/big-surs-signed-system-volume-added-security-protection/

@hronro

This comment has been minimized.

Copy link

@hronro hronro commented Apr 25, 2021

UPDATE:
I can verify it works in my Big Sur, and here's a simple tutorial:

# turn off FileVault, then reboot to Recovery by holding command + R, then open terminal in Recovery

csrutil authenticated-root disable   # turn off SSV

mount     # check which disk in mounted at /Volumes/Macintosh\ HD, for me it's /dev/disk2s5

umount /dev/disk2s5     # replace /dev/disk2s5 to yours

# remount /Volumes/Macintosh\ HD to make it writable
mkdir /Volums/Macintosh\ HD
mount -t apfs /dev/disks2s5 /Volums/Macintosh\ HD

# you can run the script now
cd /Volumes/Macintosh\ HD && sh /Volumes/Macintosh\ HD/Users/sabri/Desktop/disable.sh

# IMPORTANT!  you need to create a new snapshot for the modified volume
bless --folder /Volumes/Macintosh\ HD/System/Library/CoreServices --bootefi --create-snapshot

csrutil authenticated-root enable   # turn on SSV

reboot

# enjoy
@foliovision

This comment has been minimized.

Copy link

@foliovision foliovision commented Apr 29, 2021

@pwnsdx Do you recommend this version or the Sierra version for use with OS X 10.14.6 Mojave?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment