Mac Monitor

Mac Monitor is a stand‑alone system‑monitoring utility built for macOS security research, malware triage, and general troubleshooting. It uses Apple’s Endpoint Security and System Extension APIs to capture a wide range of events—including process creation, interprocess communication, memory operations, XPC messages, and file activity—then enriches each event with metadata such as code‑signing certificates and quarantine status. The tool presents this telemetry in a graphical interface that lets users filter, mute, and subscribe to specific event types in real time, reducing noise and focusing on relevant activity.

The application is designed for users with varying expertise, from analysts to developers, who need to contextualize low‑level system behavior and construct narratives around suspicious actions. Features include dynamic runtime event subscriptions, fine‑grained path‑muting options, and a right‑click “event facts” window that exposes detailed metadata and filtering controls for any recorded event.

Installation is performed via Homebrew or a downloadable installer, requiring macOS 13.1+ and Full Disk Access for the security extension. The app runs on both Apple Silicon and Intel Macs, and it provides a simple uninstall process that removes the app and its system extension.