Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Disable bunch of #$!@ in Catalina - Note about Big Sur: https://gist.github.com/pwnsdx/1217727ca57de2dd2a372afdd7a0fc21#gistcomment-3448419
#!/bin/bash
# IMPORTANT: Don't forget to logout from your Apple ID in the settings before running it!
# IMPORTANT: You will need to run this script from Recovery. In fact, macOS Catalina brings read-only filesystem which prevent this script from working from the main OS.
# This script needs to be run from the volume you wish to use.
# E.g. run it like this: cd /Volumes/Macintosh\ HD && sh /Volumes/Macintosh\ HD/Users/sabri/Desktop/disable.sh
# WARNING: It might disable things that you may not like. Please double check the services in the TODISABLE vars.
# Get active services: launchctl list | grep -v "\-\t0"
# Find a service: grep -lR [service] /System/Library/Launch* /Library/Launch* ~/Library/LaunchAgents
# Agents to disable
# 'com.apple.speech.speechdatainstallerd' 'com.apple.speech.speechsynthesisd' 'com.apple.speech.synthesisserver' will freeze Edit menus
# 'com.apple.bird' will prevent saving prompt from being shown
TODISABLE=()
# iCloud
TODISABLE+=('com.apple.security.cloudkeychainproxy3' \
'com.apple.iCloudUserNotifications' \
'com.apple.icloud.findmydeviced.findmydevice-user-agent' \
'com.apple.icloud.fmfd' \
'com.apple.icloud.searchpartyuseragent' \
'com.apple.cloudd' \
'com.apple.cloudpaird' \
'com.apple.cloudphotosd' \
'com.apple.followupd' \
'com.apple.protectedcloudstorage.protectedcloudkeysyncing')
# Safari useless stuff
TODISABLE+=('com.apple.SafariBookmarksSyncAgent' \
'com.apple.SafariCloudHistoryPushAgent' \
'com.apple.WebKit.PluginAgent')
# iMessage / Facetime
TODISABLE+=('com.apple.imagent' \
'com.apple.imautomatichistorydeletionagent' \
'com.apple.imklaunchagent' \
'com.apple.imtransferagent' \
'com.apple.avconferenced')
# Game Center / Passbook / Apple TV / Homekit...
TODISABLE+=('com.apple.gamed' \
'com.apple.passd' \
'com.apple.Maps.pushdaemon' \
'com.apple.videosubscriptionsd' \
'com.apple.CommCenter-osx' \
'com.apple.homed')
# Ad-related
TODISABLE+=('com.apple.ap.adprivacyd' \
'com.apple.ap.adservicesd')
# Screensharing
TODISABLE+=('com.apple.screensharing.MessagesAgent' \
'com.apple.screensharing.agent' \
'com.apple.screensharing.menuextra')
# Siri
TODISABLE+=('com.apple.siriknowledged' \
'com.apple.assistant_service' \
'com.apple.assistantd' \
'com.apple.Siri.agent' \
'com.apple.parsec-fbf')
# VoiceOver / accessibility-related stuff
TODISABLE+=('com.apple.VoiceOver' \
'com.apple.voicememod' \
'com.apple.accessibility.AXVisualSupportAgent' \
'com.apple.accessibility.dfrhud' \
'com.apple.accessibility.heard')
# Quicklook
TODISABLE+=('com.apple.quicklook.ui.helper' \
'com.apple.quicklook.ThumbnailsAgent' \
'com.apple.quicklook')
# Sidecar
TODISABLE+=('com.apple.sidecar-hid-relay' \
'com.apple.sidecar-relay')
# Debugging process
TODISABLE+=('com.apple.spindump_agent' \
'com.apple.ReportCrash' \
'com.apple.ReportGPURestart' \
'com.apple.ReportPanic' \
'com.apple.DiagnosticReportCleanup' \
'com.apple.TrustEvaluationAgent')
# Screentime
TODISABLE+=('com.apple.ScreenTimeAgent' \
'com.apple.UsageTrackingAgent')
# Others
TODISABLE+=('com.apple.telephonyutilities.callservicesd' \
'com.apple.photoanalysisd' \
'com.apple.parsecd' \
'com.apple.AOSPushRelay' \
'com.apple.AOSHeartbeat' \
'com.apple.AirPlayUIAgent' \
'com.apple.AirPortBaseStationAgent' \
'com.apple.familycircled' \
'com.apple.familycontrols.useragent' \
'com.apple.familynotificationd' \
'com.apple.findmymacmessenger' \
'com.apple.sharingd' \
'com.apple.identityservicesd' \
'com.apple.java.InstallOnDemand' \
'com.apple.parentalcontrols.check' \
'com.apple.security.keychain-circle-notification' \
'com.apple.syncdefaultsd' \
'com.apple.appleseed.seedusaged' \
'com.apple.appleseed.seedusaged.postinstall' \
'com.apple.CallHistorySyncHelper' \
'com.apple.RemoteDesktop' \
'com.apple.CallHistoryPluginHelper' \
'com.apple.SocialPushAgent' \
'com.apple.touristd' \
'com.apple.macos.studentd' \
'com.apple.KeyboardAccessAgent' \
'com.apple.exchange.exchangesyncd' \
'com.apple.suggestd' \
'com.apple.AddressBook.abd' \
'com.apple.helpd' \
'com.apple.amp.mediasharingd' \
'com.apple.mediaanalysisd' \
'com.apple.mediaremoteagent' \
'com.apple.remindd' \
'com.apple.keyboardservicesd' \
'com.apple.AddressBook.SourceSync' \
'com.apple.telephonyutilities.callservicesd' \
'com.apple.mobileassetd' \
'com.apple.CalendarAgent' \
'com.apple.knowledge-agent')
for agent in "${TODISABLE[@]}"
do
mv ./System/Library/LaunchAgents/${agent}.plist ./System/Library/LaunchAgents/${agent}.plist.bak
echo "[OK] Agent ${agent} disabled"
done
# Daemons to disable
TODISABLE=()
# iCloud
TODISABLE+=('com.apple.analyticsd', 'com.apple.icloud.findmydeviced')
# Others
TODISABLE+=('com.apple.netbiosd' \
'com.apple.preferences.timezone.admintool' \
'com.apple.remotepairtool' \
'com.apple.security.FDERecoveryAgent' \
'com.apple.SubmitDiagInfo' \
'com.apple.screensharing' \
'com.apple.appleseed.fbahelperd' \
'com.apple.apsd' \
'com.apple.ManagedClient.cloudconfigurationd' \
'com.apple.ManagedClient.enroll' \
'com.apple.ManagedClient' \
'com.apple.ManagedClient.startup' \
'com.apple.locate' \
'com.apple.locationd' \
'com.apple.eapolcfg_auth' \
'com.apple.RemoteDesktop.PrivilegeProxy' \
'com.apple.mediaremoted')
for daemon in "${TODISABLE[@]}"
do
mv ./System/Library/LaunchDaemons/${daemon}.plist ./System/Library/LaunchDaemons/${daemon}.plist.bak
echo "[OK] Daemon ${daemon} disabled"
done
#!/bin/bash
# IMPORTANT: Don't forget to logout from your Apple ID in the settings before running it!
# IMPORTANT: You will need to run this script from Recovery. In fact, macOS Catalina brings read-only filesystem which prevent this script from working from the main OS.
# This script needs to be run from the volume you wish to use.
# E.g. run it like this: cd /Volumes/Macintosh\ HD && sh /Volumes/Macintosh\ HD/Users/sabri/Desktop/disable.sh
# Get active services: launchctl list | grep -v "\-\t0"
# Find a service: grep -lR [service] /System/Library/Launch* /Library/Launch* ~/Library/LaunchAgents
# Agents to enable
TOENABLE=()
# iCloud
TOENABLE+=('com.apple.security.cloudkeychainproxy3' \
'com.apple.iCloudUserNotifications' \
'com.apple.icloud.findmydeviced.findmydevice-user-agent' \
'com.apple.icloud.fmfd' \
'com.apple.icloud.searchpartyuseragent' \
'com.apple.cloudd' \
'com.apple.cloudpaird' \
'com.apple.cloudphotosd' \
'com.apple.followupd' \
'com.apple.protectedcloudstorage.protectedcloudkeysyncing')
# Safari useless stuff
TOENABLE+=('com.apple.SafariBookmarksSyncAgent' \
'com.apple.SafariCloudHistoryPushAgent' \
'com.apple.WebKit.PluginAgent')
# iMessage / Facetime
TOENABLE+=('com.apple.imagent' \
'com.apple.imautomatichistorydeletionagent' \
'com.apple.imklaunchagent' \
'com.apple.imtransferagent' \
'com.apple.avconferenced')
# Game Center / Passbook / Apple TV / Homekit...
TOENABLE+=('com.apple.gamed' \
'com.apple.passd' \
'com.apple.Maps.pushdaemon' \
'com.apple.videosubscriptionsd' \
'com.apple.CommCenter-osx' \
'com.apple.homed')
# Ad-related
TOENABLE+=('com.apple.ap.adprivacyd' \
'com.apple.ap.adservicesd')
# Screensharing
TOENABLE+=('com.apple.screensharing.MessagesAgent' \
'com.apple.screensharing.agent' \
'com.apple.screensharing.menuextra')
# Siri
TOENABLE+=('com.apple.siriknowledged' \
'com.apple.assistant_service' \
'com.apple.assistantd' \
'com.apple.Siri.agent' \
'com.apple.parsec-fbf')
# VoiceOver / accessibility-related stuff
TOENABLE+=('com.apple.VoiceOver' \
'com.apple.voicememod' \
'com.apple.accessibility.AXVisualSupportAgent' \
'com.apple.accessibility.dfrhud' \
'com.apple.accessibility.heard')
# Quicklook
TOENABLE+=('com.apple.quicklook.ui.helper' \
'com.apple.quicklook.ThumbnailsAgent' \
'com.apple.quicklook')
# Sidecar
TOENABLE+=('com.apple.sidecar-hid-relay' \
'com.apple.sidecar-relay')
# Debugging process
TOENABLE+=('com.apple.spindump_agent' \
'com.apple.ReportCrash' \
'com.apple.ReportGPURestart' \
'com.apple.ReportPanic' \
'com.apple.DiagnosticReportCleanup' \
'com.apple.TrustEvaluationAgent')
# Screentime
TOENABLE+=('com.apple.ScreenTimeAgent' \
'com.apple.UsageTrackingAgent')
# Others
TOENABLE+=('com.apple.telephonyutilities.callservicesd' \
'com.apple.photoanalysisd' \
'com.apple.parsecd' \
'com.apple.AOSPushRelay' \
'com.apple.AOSHeartbeat' \
'com.apple.AirPlayUIAgent' \
'com.apple.AirPortBaseStationAgent' \
'com.apple.familycircled' \
'com.apple.familycontrols.useragent' \
'com.apple.familynotificationd' \
'com.apple.findmymacmessenger' \
'com.apple.sharingd' \
'com.apple.identityservicesd' \
'com.apple.java.InstallOnDemand' \
'com.apple.parentalcontrols.check' \
'com.apple.security.keychain-circle-notification' \
'com.apple.syncdefaultsd' \
'com.apple.appleseed.seedusaged' \
'com.apple.appleseed.seedusaged.postinstall' \
'com.apple.CallHistorySyncHelper' \
'com.apple.RemoteDesktop' \
'com.apple.CallHistoryPluginHelper' \
'com.apple.SocialPushAgent' \
'com.apple.touristd' \
'com.apple.macos.studentd' \
'com.apple.KeyboardAccessAgent' \
'com.apple.exchange.exchangesyncd' \
'com.apple.suggestd' \
'com.apple.AddressBook.abd' \
'com.apple.helpd' \
'com.apple.amp.mediasharingd' \
'com.apple.mediaanalysisd' \
'com.apple.mediaremoteagent' \
'com.apple.remindd' \
'com.apple.keyboardservicesd' \
'com.apple.AddressBook.SourceSync' \
'com.apple.telephonyutilities.callservicesd' \
'com.apple.mobileassetd' \
'com.apple.CalendarAgent' \
'com.apple.knowledge-agent')
for agent in "${TOENABLE[@]}"
do
mv ./System/Library/LaunchAgents/${agent}.plist.bak ./System/Library/LaunchAgents/${agent}.plist
echo "[OK] Agent ${agent} disabled"
done
# Daemons to enable
TOENABLE=()
# iCloud
TOENABLE+=('com.apple.analyticsd', 'com.apple.icloud.findmydeviced')
# Others
TOENABLE+=('com.apple.netbiosd' \
'com.apple.preferences.timezone.admintool' \
'com.apple.remotepairtool' \
'com.apple.security.FDERecoveryAgent' \
'com.apple.SubmitDiagInfo' \
'com.apple.screensharing' \
'com.apple.appleseed.fbahelperd' \
'com.apple.apsd' \
'com.apple.ManagedClient.cloudconfigurationd' \
'com.apple.ManagedClient.enroll' \
'com.apple.ManagedClient' \
'com.apple.ManagedClient.startup' \
'com.apple.locate' \
'com.apple.locationd' \
'com.apple.eapolcfg_auth' \
'com.apple.RemoteDesktop.PrivilegeProxy' \
'com.apple.mediaremoted')
for daemon in "${TOENABLE[@]}"
do
mv ./System/Library/LaunchDaemons/${daemon}.plist.bak ./System/Library/LaunchDaemons/${daemon}.plist
echo "[OK] Daemon ${daemon} disabled"
done
@estmortis
Copy link

estmortis commented Jan 10, 2022

curious why CoreLocationAgent & Geod is not on this list.

if i disable AirPlayXPCHelper can i still use WiFI ?

@elesto
Copy link

elesto commented Jan 17, 2022

I think a big problem most people are having is the format of this project. Nobody really wants to go back and read 500 lines of separate conversations to find out that someone already answered their question 30 lines up. Knowledge is found and then lost in the sea of neverending posts and nobody knows whats happening. I for one dont know if this project even works on monterey or its drawbacks and its near impossible for me to piece together if it does or not without just flat out asking and therefore contributing to the endless stream of "does anyone know if X does Y" I appreciate the project and I use some bits for myself but we really need a better wiki style format

@neofright
Copy link

neofright commented Jan 17, 2022

@elesto In my opinion it would require someone to make the script as part of a repo and not just a gist. Then we can all more easily collaborate on pull requests and issues.

For me, not being able to keep FileVault enabled is a deal breaker. If someone can explain a way of keeping FileVault enabled (Disk Password—based DEK. may work - has anyone tested this?) then I'll happily create a repo for this, otherwise I can see little utility to maintaining such a project.

@elesto
Copy link

elesto commented Jan 18, 2022

So.. I hate to be that guy but ive been eyeing the upgrade from catalina for two years and im wondering does the disabling of agents work on monterey?

@ink-splatters
Copy link

ink-splatters commented Jan 18, 2022

@elesto
the following applicable for M1 (I don’t have Intel, so it must be verified):

i̶t̶ ̶_̶d̶o̶e̶s̶_̶ ̶w̶i̶t̶h̶ ̶S̶I̶P̶ ̶t̶u̶r̶n̶e̶d̶ ̶o̶f̶f̶.̶
I̶f̶ ̶f̶a̶n̶c̶y̶ ̶r̶u̶n̶n̶i̶n̶g̶ ̶i̶O̶S̶ ̶a̶p̶p̶s̶,̶ ̶c̶h̶a̶n̶g̶e̶ ̶s̶e̶c̶u̶r̶i̶t̶y̶ ̶p̶o̶l̶i̶c̶y̶ ̶t̶o̶ ̶“̶r̶e̶d̶u̶c̶e̶d̶ ̶s̶e̶c̶u̶r̶i̶t̶y̶”̶ ̶(̶a̶n̶d̶ ̶a̶l̶l̶o̶w̶ ̶k̶e̶x̶t̶s̶ ̶i̶f̶ ̶n̶e̶e̶d̶e̶d̶)̶ ̶b̶u̶t̶ ̶ ̶_̶a̶f̶t̶e̶r̶ ̶d̶i̶s̶a̶b̶l̶i̶n̶g̶ ̶s̶t̶u̶f̶f̶_̶.̶ ̶ ̶A̶v̶o̶i̶d̶ ̶“̶f̶u̶l̶l̶ ̶s̶e̶c̶u̶r̶i̶t̶y̶”̶ ̶a̶s̶ ̶i̶t̶ ̶w̶o̶u̶l̶d̶ ̶r̶o̶l̶l̶ ̶e̶v̶e̶r̶y̶t̶h̶i̶n̶g̶ ̶b̶a̶c̶k̶.̶ ̶T̶h̶a̶t̶ ̶a̶l̶s̶o̶ ̶i̶m̶p̶l̶i̶e̶s̶ ̶n̶o̶t̶ ̶r̶u̶n̶n̶i̶n̶g̶ ̶̶c̶s̶r̶u̶t̶i̶l̶ ̶e̶n̶a̶b̶l̶e̶̶ ̶a̶s̶ ̶i̶t̶ ̶m̶i̶g̶h̶t̶ ̶t̶r̶i̶g̶g̶e̶r̶ ̶“̶f̶u̶l̶l̶ ̶s̶e̶c̶u̶r̶i̶t̶y̶”̶.̶ ̶ ̶I̶’̶m̶ ̶n̶o̶t̶ ̶s̶u̶r̶e̶ ̶p̶e̶r̶s̶i̶s̶t̶e̶n̶c̶e̶ ̶i̶s̶ ̶c̶o̶n̶s̶i̶s̶t̶e̶n̶t̶,̶ ̶b̶u̶t̶ ̶c̶u̶r̶r̶e̶n̶t̶l̶y̶ ̶i̶t̶ ̶w̶o̶r̶k̶s̶ ̶f̶o̶r̶ ̶m̶e̶.̶ ̶ ̶A̶l̶w̶a̶y̶s̶ ̶b̶a̶c̶k̶u̶p̶ ̶̶/̶p̶r̶i̶v̶a̶t̶e̶/̶v̶a̶r̶/̶d̶b̶/̶c̶o̶m̶.̶a̶p̶p̶l̶e̶.̶x̶p̶c̶.̶l̶a̶u̶n̶c̶h̶d̶̶ ̶b̶e̶f̶o̶r̶e̶ ̶a̶n̶y̶ ̶u̶p̶d̶a̶t̶e̶ ̶a̶s̶ ̶i̶t̶ ̶w̶i̶l̶l̶ ̶w̶i̶p̶e̶ ̶i̶t̶.̶ ̶ ̶M̶i̶g̶h̶t̶ ̶b̶e̶ ̶m̶o̶r̶e̶ ̶l̶o̶c̶a̶t̶i̶o̶n̶s̶ ̶t̶o̶ ̶b̶a̶c̶k̶u̶p̶ ̶i̶f̶ ̶d̶i̶s̶a̶b̶l̶i̶n̶g̶ ̶f̶o̶r̶ ̶u̶s̶e̶r̶s̶ ̶o̶t̶h̶e̶r̶ ̶t̶h̶a̶n̶ ̶0̶ ̶a̶n̶d̶ ̶5̶0̶1̶ ̶(̶f̶i̶n̶d̶ ̶/̶ ̶g̶r̶e̶p̶ ̶i̶t̶,̶ ̶I̶ ̶h̶a̶v̶e̶n̶’̶t̶ ̶h̶a̶d̶ ̶c̶h̶a̶n̶c̶e̶ ̶t̶o̶ ̶d̶o̶ ̶i̶t̶ ̶y̶e̶t̶)̶

Please disregard this post, it was the "Survivalist bias" of working thing just on my machine, probably to a bug in earlier versions of OS.

@490398290
Copy link

490398290 commented Jan 22, 2022

Could the script be adapted to use the new commands like

sudo launchctl bootout system/com.apple.spindump
sudo launchctl disable system/com.apple.spindump
sudo launchctl bootout system/com.apple.tailspind
sudo launchctl disable system/com.apple.tailspind

This way, services can be disabled even with SIP on.

@elesto
Copy link

elesto commented Jan 22, 2022

@kikieri
Copy link

kikieri commented Apr 5, 2022

anyone used this on monterey?

@terry9873
Copy link

terry9873 commented May 8, 2022

@johnstonenow It does look like the future is Linux for secure computing. I'm considering stopping at Mojave and using Mojave for another five years for AV work. Office work and portable work would be on Linux and probably not Canonical. Debian is hardcore but usable. Mint and Ubuntu are built on Debian

I am so sorry Alec, I didnt get a ping for this reply. I am at that point right now. Running Mojave but when trying to upgrade to Catalina I notice my drive encryption password is DEMANDED by Catalina OS. For YEARS now I have always formatted my drives and stored that complex password in ONE place (my head!). It doesnt exist anywhere else. How am I to believe;

  1. That it's more secure to let Catalina/FileVault FORCE my user password to be able to unlock my disk?
  2. That Apple isn't (maybe, just maybe) FORCING all of this for one reason - To get a copy of everyone's disk passwords so, should the need arise (secret warrant perhaps), they can unlock anyone's drive.

Am I being irrational in having such concerns?

I now fear it's time for Linux, although I have no choice re business work as I still have to use Mac for that. So do i stick to Mojave (unsupported = risks), or do I 'comply' with Catalina forcing me to allow user password to unlock my drive? Would love your opinion on this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment