Command Line |
cmd_line |
Recommended |
String |
The command line used to launch the startup application, service, process or job. |
Description |
desc |
Optional |
String |
The description of the startup application. |
Device OS Integrity Protection |
device_os_integrity_protection |
Recommended |
Boolean |
The operating system integrity protection status. |
File |
file |
Recommended |
File |
The startup application file object. |
Name |
name |
Recommended |
String |
The unique name of the startup application. |
Normalized Command LineЕxt |
normalized_cmd_line |
Optional |
String |
The CSIDL normalized command line used to launch the startup application, service, process or job (Windows only). |
State |
run_state_id |
Recommended |
Integer |
The service state.
1 | Stopped | The service is not running. | |
2 | Start Pending | The service is starting. | |
3 | Stop Pending | The service is stopping. | |
4 | Running | The service is running. | |
5 | Continue Pending | The service continue is pending. | |
6 | Pause Pending | The service pause is pending. | |
7 | Paused | The service is paused. | |
8 | Restart Pending | The service needs a restart. | |
|
Start Type |
start_id |
Recommended |
Integer |
The start type of the service or startup application.
0 | Unknown | The startup type is unknown. | |
1 | Auto | Started automatically during system startup. | |
2 | Boot | Started by the system loader. | |
3 | Demand | Started on demand. For example, by the Window service control manager when a process calls the Startservice function. | |
4 | System | Started by the IoInitSystem function. | |
5 | Disabled | Disabled. | |
6 | All Logins | Started on any user login. | |
7 | Specific User Login | Started when on a specific user login. | |
8 | Interactive Login | Started on interactive logins. | |
9 | Scheduled | Stared according to a schedule. | |
10 | System Changed | Started when a system item, such as a file or registry key, changes. | |
|
Subtype IDs |
subtype_ids |
Optional |
Integer Array |
Array of Category Identifiers.
0 | System | Kernel extension naturally supported by Apple. | |
1 | Network | Network extension apps such as content filters, DNS proxies, and VPN clients can be distributed to a user’s Mac as system extensions on macOS. | |
2 | Endpoint Security | ES framework can leverage the EndpointSecurity API to monitor and even block system events to better conform with security policies and protect from potential malicious activity. | |
3 | Driver | DriverKit framework allowing to create drivers for USB, Serial, NIC, and HID devices that users can install on macOS. | |
4 | IO | IOKit allows apps to access hardware devices and drivers from your apps and services. | |
|
Subtypes |
subtypes |
Optional |
String Array |
Array of Category Identifiers. |
Types |
type_ids |
Recommended |
Integer Array |
The startup application type identifiers.
0 | Unknown | The type is unknown. | |
1 | Adapter | Adapter. | |
2 | File System Driver | File system driver. | |
3 | Kernel Driver | Device driver. | |
4 | Recognized Driver | Recognized Driver. | |
5 | Own Process | The application runs in its own process. | |
6 | Shared Process | The application shares a process with other services. | |
7 | Interactive | The service can interact with the desktop. | |
8 | Other | U/X, OS X service. | |
9 | Autoload | The Mac OS X Autoload Application. | |
10 | System Extension | System extension on macOS enables 3rd party to extend the capabilities of macOS. | |
11 | Kernel Extension | Kernel extension on macOS includes Apple provided pre-installs and 3rd party installs which enables support for specific hardware or software features not natively suported by macOS. | |
|
Vendor |
vendor |
Recommended |
String |
ID of the Vendor who signed the system extesion. |