How To: Diagnose processes running on your Mac

Activity Monitor logoCall me an uber geek but I like to keep a close eye my Mac’s processes. I usually use the iStat Nano widget to keep an eye on the top 5 but OS X’s Activity Monitor gives the most detailed info. Processes are the “engine” behind what’s going on and can be used to quickly identify problems. Every application you use will add another process to your list and of course, your operating system requires to run many processes in order to function.

Anything that doesn’t relate to these is either an impostor which could mean a virus, malware or remnant of an application you have uninstalled. Whatever it is, it will be consuming valuable memory and processing power and could be the source of any number of problems you’ve been having. The problem is, reading a process list is like trying to read hieroglyphics. Processes simply labeled “pboard”, “mdworker” and “launchd” make no sense at all to the average user.

Activity Monitor

However, there is a very simple solution to this. While recently trying to work out what a rogue process was, I discovered a very handy online tool from developers triviware. They have developed a simple process anlyser which can take a look at your system and work out exactly what each process on your system corresponds to. All you have to do is follow a simple terminal command which downloads your processes into a list which you can then upload to the analyser for inspection. This may sound a bit dodgy to some but hey, I’ve got nothing to hide on my system so I gave it a go.

Processes are labelled with either a tick, a question mark or an exclamation mark. A tick indicates that the process is a known Mac OS X component and gives a brief description of what it does. A question mark indicates that the process is not part of OS X and provides you with a link which will Google it for more info. An exclamation mark indicates that the process is known to be malicious and should be removed immediately.

Mac process analyzer

If you do discover a malicious process, your next task is to find what’s causing the darned thing. You can “Force Quit” the process in Activity Monitor but the likelihood is it will only return the next time you start your Mac. The important thing to do is use the “Inspect” button in Activity Monitor. Then, click on the “Open Files and Ports” tab.

activity-dialog1.png

The first entry you see will show the path where the source is coming from. Before you browse to it, “Force Quit” the process and then find the file on your Mac and delete it. Empty the Trash and you’ve got rid of it!

One tip to prevent rogue processes in the first place is to regularly clean old entries in your “Applications Support” folder in the “Applications/Library” folder. Programs and applications very often leave behind folders and “helper agent” processes in this folder that stay on your Mac long after you’ve uninstalled them.

Loading comments