| Command Line |
cmd_line |
Recommended |
String |
The command line used to launch the startup application, service, process or job. |
| Description |
desc |
Optional |
String |
The description of the startup application. |
| Device OS Integrity Protection |
device_os_integrity_protection |
Recommended |
Boolean |
The operating system integrity protection status. |
| File |
file |
Recommended |
File |
The startup application file object. |
| Name |
name |
Recommended |
String |
The unique name of the startup application. |
| Normalized Command LineЕxt |
normalized_cmd_line |
Optional |
String |
The CSIDL normalized command line used to launch the startup application, service, process or job (Windows only). |
| State |
run_state_id |
Recommended |
Integer |
The service state.
| 1 | Stopped | The service is not running. | |
| 2 | Start Pending | The service is starting. | |
| 3 | Stop Pending | The service is stopping. | |
| 4 | Running | The service is running. | |
| 5 | Continue Pending | The service continue is pending. | |
| 6 | Pause Pending | The service pause is pending. | |
| 7 | Paused | The service is paused. | |
| 8 | Restart Pending | The service needs a restart. | |
|
| Start Type |
start_id |
Recommended |
Integer |
The start type of the service or startup application.
| 0 | Unknown | The startup type is unknown. | |
| 1 | Auto | Started automatically during system startup. | |
| 2 | Boot | Started by the system loader. | |
| 3 | Demand | Started on demand. For example, by the Window service control manager when a process calls the Startservice function. | |
| 4 | System | Started by the IoInitSystem function. | |
| 5 | Disabled | Disabled. | |
| 6 | All Logins | Started on any user login. | |
| 7 | Specific User Login | Started when on a specific user login. | |
| 8 | Interactive Login | Started on interactive logins. | |
| 9 | Scheduled | Stared according to a schedule. | |
| 10 | System Changed | Started when a system item, such as a file or registry key, changes. | |
|
| Subtype IDs |
subtype_ids |
Optional |
Integer Array |
Array of Category Identifiers.
| 0 | System | Kernel extension naturally supported by Apple. | |
| 1 | Network | Network extension apps such as content filters, DNS proxies, and VPN clients can be distributed to a user’s Mac as system extensions on macOS. | |
| 2 | Endpoint Security | ES framework can leverage the EndpointSecurity API to monitor and even block system events to better conform with security policies and protect from potential malicious activity. | |
| 3 | Driver | DriverKit framework allowing to create drivers for USB, Serial, NIC, and HID devices that users can install on macOS. | |
| 4 | IO | IOKit allows apps to access hardware devices and drivers from your apps and services. | |
|
| Subtypes |
subtypes |
Optional |
String Array |
Array of Category Identifiers. |
| Types |
type_ids |
Recommended |
Integer Array |
The startup application type identifiers.
| 0 | Unknown | The type is unknown. | |
| 1 | Adapter | Adapter. | |
| 2 | File System Driver | File system driver. | |
| 3 | Kernel Driver | Device driver. | |
| 4 | Recognized Driver | Recognized Driver. | |
| 5 | Own Process | The application runs in its own process. | |
| 6 | Shared Process | The application shares a process with other services. | |
| 7 | Interactive | The service can interact with the desktop. | |
| 8 | Other | U/X, OS X service. | |
| 9 | Autoload | The Mac OS X Autoload Application. | |
| 10 | System Extension | System extension on macOS enables 3rd party to extend the capabilities of macOS. | |
| 11 | Kernel Extension | Kernel extension on macOS includes Apple provided pre-installs and 3rd party installs which enables support for specific hardware or software features not natively suported by macOS. | |
|
| Vendor |
vendor |
Recommended |
String |
ID of the Vendor who signed the system extesion. |