sysdiagnose_helper

executablemacOS1.2 MBx86_64, arm64

MDM client daemon — enforces mobile device management policies and device compliance

Implements mobile device management on macOS by reading MDM configuration profiles and enforcing device policies. Monitors process lifecycle, network configuration, and file system events through Endpoint Security framework to detect policy violations. Manages hardware-level access controls and communicates with MDM servers via network APIs. Exposes three XPC services for system components to query device compliance status and policy settings. Transmits telemetry and diagnostic data about device state and policy enforcement.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 1.2 MB
UUID: 1277884A-21A9-32E9-9DC2-83A7E84EBD8D
Analyzed: 2026-04-09T10:07:29Z
CDHash: d1656817f3b6c81181f81f5ddf819e4fe17f25c3352c76908455fbc5900b0a8f

Capabilities

NetworkNetwork configuration and reachability

/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration

HardwareDirect hardware/driver communication

/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

IpcShared application group container access

com.apple.security.application-groups

group.com.apple.cv3d.dgn

IpcException: access additional Mach services

com.apple.security.exception.mach-lookup.global-name com.apple.intelligenceplatform.Sysdiagnose

SecurityEndpoint Security (process/file/network monitoring)

/usr/lib/libEndpointSecurity.dylib

SystemAccess MDM configuration profiles

com.apple.private.managedclient.configurationprofiles [object Object]

SystemProcess lifecycle management

/System/Library/PrivateFrameworks/RunningBoardServices.framework/Versions/A/RunningBoardServices

SystemMDM configuration profiles

/System/Library/PrivateFrameworks/ConfigurationProfiles.framework/Versions/A/ConfigurationProfiles

Entitlements47

application-identifier com.apple.sysdiagnose_helper

com.apple.aiml.rapidresourcedelivery.read-configtrue

com.apple.corecapture.manager-accesstrue

com.apple.generativeexperiences.sysdiagnosetrue

com.apple.hid.AppleDeviceManagementHIDFilter.entitlementtrue

com.apple.intelligenceplatform.Sysdiagnosetrue

com.apple.managedconfiguration.profiled.profiletrue

com.apple.modelmanager.inferencetrue

com.apple.nearbyd.diagnosticstrue

com.apple.networkrelay.diagnostictrue

com.apple.nfcd.hwmanagertrue

com.apple.nfcd.session.setrue

com.apple.nfcd.session.seloggingtrue

com.apple.polaris.clienttrue

com.apple.private.CoreRepairCore.repairInfotrue

com.apple.private.ZhuGeSupport.CopyValuetrue

com.apple.private.eligibilityd.dumpSysdiagnoseDataToDirtrue

com.apple.private.endpoint-security.xpctrue

com.apple.private.eyecandy.sysdiagnosetrue

com.apple.private.iokit.batterydatatrue

com.apple.private.iokit.batterydataprecisetrue

com.apple.private.libnotify.statecapturetrue

com.apple.private.logging.diagnostictrue

com.apple.private.managedclient.configurationprofilestrue

com.apple.private.notificationcenter-system

com.apple.sysdiagnose_helper

com.apple.private.osanalytics.defaults.allowtrue

com.apple.private.psg.internaltrue

com.apple.private.tcc.allow-prompting

ktccservicesystempolicyallfiles

com.apple.private.wifivelocitytrue

com.apple.proactive.PersonalizationPortrait.Internaltrue

com.apple.proactive.eventtrackertrue

com.apple.runningboard.statecapturetrue

com.apple.security.application-groups

group.com.apple.cv3d.dgn

com.apple.security.exception.mach-lookup.global-name com.apple.intelligenceplatform.Sysdiagnose

com.apple.security.exception.shared-preference.read-only

com.apple.voicetrigger.notbackedup

com.apple.security.iokit-user-client-class

AppleNVMeUpdateUC ASPUserClient AGXDeviceUserClient IOSurfaceRootUserClient

com.apple.security.system-groups

systemgroup.com.apple.powerlog systemgroup.com.apple.ReportMemoryException systemgroup.com.apple.configurationprofiles

com.apple.springboard.statedumptrue

com.apple.sysmond.clienttrue

com.apple.tailspin.dump-outputtrue

com.apple.tailspin.symbolicationtrue

com.apple.trial.status.deployment-environment.allow

com.apple.triald.internaltrue

com.apple.triald.system.internaltrue

com.apple.wifi.manager-accesstrue

com.apple.wifivelocitytrue

com.apple.wirelessinsightsd.manager-accesstrue

Interesting Strings

Bundle IDs(130)

com.apple.modelmanager.inference com.apple.nfcd.session.selogging com.apple.proactive.eventtracker com.apple.security.system-groups0z com.apple.tailspin.symbolication

File Paths(28)

/Library/Preferences/com.apple.security.coderequirements /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics

telemetry(14)

,com.apple.private.osanalytics.defaults.allow /System/Library/PrivateFrameworks/CoreDiagnostics.framework/Versions/A/CoreDiagnostics <key>com.apple.nearbyd.diagnostics</key><key>com.apple.private.osanalytics.defaults.allow</key>AppleDeviceManagementHIDDiagnostics

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

CoreFoundation Foundation

Endpoints(9)

Hostnamesysdiagnose-1527.40.7

Hostname5Bcom.apple.DiagnosticExtensions.sysdiagnose

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

API Usage

DNA Capability Vector

Location

0

Keychain

0

Network

1

Storage

0

Hardware

1

IPC

2

Analytics

0

Security

1

System

3

Behavioral Profile

URL Endpoints

4

Telemetry Strings

14

File Paths

28

Bundle IDs

130

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Codea6c39bc7313422cbc359600c21dc14a984bd0423f9b16c9567bafca217470156

Imports015dac6637762d44d3067ca404ae6e44fd3cc13e2a633d4a271de189bd10c4cd

Frameworksd726afe5a76b14c417ebfb6b51e7ea843bafb909c1eb702dbe477928e12b3f54

Classesc9b222df6dba5ff618942f09ff7b3911a798ed22221d4d5f3187eb096102f191

Entitlementsbc51e7704bea64ce06d54a5b660615fe2d18015669ce38605bca340ae72b6bc7

Symbolsa2ce21a58d0684c0036d5d14750b28e9d8085c9a6b89f4763e278dec8c1da848

Static Libraries0 / 368 functions identified

Functions(368)

0x1000019b8-[SystemDiagnosticPromptOSX promptIfNeeded:withBundleID:]

0x1000029f0sub_1000029f0

0x100002a34-[SystemDiagnosticPromptOSX userNotificationCenter:shouldPresentNotification:]

0x100002a3c-[SystemDiagnosticPromptOSX userNotificationCenter:didDismissAlert:]

0x100002ac4-[SystemDiagnosticPromptOSX userNotificationCenter:didActivateNotification:]

0x100002ca0sub_100002ca0

0x100002ce8sub_100002ce8

0x100003470sub_100003470

0x10000357csub_10000357c

0x1000036c0sub_1000036c0

0x100003844sub_100003844

0x100003900sub_100003900

0x100003a10sub_100003a10

0x100003a54sub_100003a54

0x100003a9csub_100003a9c

0x100003ab8sub_100003ab8

0x100003b2csub_100003b2c

0x100003b7c-[SystemdiagnosticLogAgentOSX _prompt]

0x100003bc0sub_100003bc0

0x100003c00-[SystemdiagnosticLogAgentOSX evaluateGlob:]

Imports299 symbols from 33 dylibs

libSystem.B.dylib150 CoreFoundation41 libobjc.A.dylib25 IOKit17 Foundation16

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

powerexperienced

thermalmonitord

proactiveeventtrackerd