Releases: Pinperepette/MacPersistenceChecker
Releases · Pinperepette/MacPersistenceChecker
MacPersistenceChecker v1.8.1
What's New in v1.8.1
AI-Powered Monitoring
- AI Mode: Claude AI analyzes each persistence change and decides if you should be notified
- Smart Notifications: AI considers full context (signature, LOLBins, behavioral anomalies, timestamps)
- Customizable AI Behavior: Configure prompt options, notification thresholds, custom instructions
UI Improvements
- Menu bar now shows active mode badge (AI/Std)
- Settings button added to toolbar and menu bar
- Startup notification confirms active monitoring mode
Notification System
- Deduplication with configurable cooldown (1-24 hours)
- Prevents notification fatigue from frequently-changing items
Documentation
- Comprehensive README documentation for AI features and customization
- MCP Server documentation with configuration examples
Fixes
- DMG removed from repo (now available only in releases)
Requirements: macOS 13.0+, Universal binary (Apple Silicon & Intel)
If macOS says the app is damaged: xattr -cr /Applications/MacPersistenceChecker.app
MacPersistenceChecker v1.8.0
Show me what stays, explain why it matters, let me decide.
Features
- Complete persistence scanning (20+ locations)
- Risk scoring (0-100) with MITRE ATT&CK mapping
- Launch frequency anomaly detection (Micro-Restart, Aggressive Watchdog, No Throttle Limit)
- Forensic timeline with timestamp anomaly detection
- Interactive graph visualization
- Real-time monitoring
- Snapshot comparison
Installation
- Download
MacPersistenceChecker.dmg - Drag to Applications
- If macOS says damaged:
xattr -cr /Applications/MacPersistenceChecker.app
Requires macOS 13.0+
MacPersistenceChecker v1.5
v1.5 - Enhanced Data Visualization
New Features
- Security Profile Chart - Comprehensive radar chart in item details showing Trust, Signature, Safety, Stability, Transparency, and Age dimensions
- Risk Distribution Histogram - Visual breakdown of items by risk bands (Low, Medium, High, Critical)
- Trust Level Donut Chart - Interactive pie chart showing distribution across trust levels
- Category Breakdown Chart - Horizontal bar chart displaying items per persistence category
- Timeline Visualization - Graphical representation of item lifecycle events
- Graph View Enhancements - Mini radar chart, risk gauge, and risk factors breakdown in node details
- Statistics Dashboard - New dedicated window with comprehensive metrics and charts
- Sidebar Charts - Compact visualizations integrated into the main sidebar
Technical
- Complete overhaul of statistical charts using Swift Charts framework
- Improved performance and visual consistency
- macOS 13+ compatibility with fallback charts for older systems
Download
Download the DMG below and drag the app to your Applications folder.
MacPersistenceChecker v1.4.0
What's New in v1.4.0
App Invasiveness Report
- Analyze installed apps by persistence mechanisms and installation footprint
- Dual scoring system: Persistence Score + Installation Score
- Grade system (A-F) for quick assessment
- Library folder scanning (Application Support, Caches, Preferences, Containers, Logs)
- On-demand size calculation for fast initial scan
- Sortable results by score, size, persistence count, or name
Menu Bar Integration
- Quick access to monitoring controls from macOS menu bar
- Monitoring status indicator
- Start/Stop monitoring, trigger scan
Real-time Monitoring
- FSEvents-based persistence change detection
- Intelligent noise suppression
- Notification system for changes
Safe Containment Mode
- Disable persistence items safely
- Network blocking via socketfilterfw/pfctl
Other Improvements
- Build script (build.sh) for easy compilation
- Improved UI with tabbed detail view
- Enhanced score breakdown visualization
Requirements: macOS 13.0+
Installation: Open the DMG and drag MacPersistenceChecker to Applications.
MacPersistenceChecker v1.3.0
What's New in v1.3.0
Risk Assessment System
- Automatic security risk scoring (0-100) for every persistence item
- Detailed risk factor breakdown
- Items sorted by risk score for quick threat identification
- Severity levels: Low, Medium, High, Critical
Signed-but-Dangerous Detection
- Advanced analysis for signed but potentially malicious software
- Dangerous entitlements detection
- Apple impersonation detection
- Hidden locations flagging
- Developer certificate validation
Timeline & Forensics
- Complete forensic timeline for each item
- File creation, modification, and execution timestamps
- Timestamp anomaly detection (timestomping, file replacement, binary swap)
MITRE ATT&CK Integration
- Every persistence mechanism mapped to ATT&CK tactics and techniques
- Direct links to MITRE documentation
Interactive Graph Visualization
- Full system graph overview
- Per-item focused radial graphs
- Color-coded by trust level
Other Improvements
- Faster, more responsive search
- Enhanced detail view layout
- Better UI organization
Requirements: macOS 13.0+
Note: If macOS says the app is damaged, run:
```
xattr -cr /Applications/MacPersistenceChecker.app
```
MacPersistenceChecker v1.2
Extended Scanners - Advanced Persistence Detection
New Features
- Added 11 new Extended Scanners for advanced persistence detection
- Periodic Scripts scanner (
/etc/periodic/) - Shell Startup Files scanner with suspicious pattern detection
- Login/Logout Hooks scanner
- Authorization Plugins scanner
- Spotlight Importers scanner
- Quick Look Plugins scanner
- Directory Services Plugins scanner
- Finder Sync Extensions scanner
- BTM Database scanner (macOS 13+)
- Dylib Hijacking detection
- TCC/Accessibility permission monitoring
Improvements
- Enable/disable individual scanners in Settings
- Toggle Extended Scanners from toolbar or sidebar
- Improved disable functionality for all item types
- Updated UI with Extended Scanners section
Requirements
- macOS 13.0 or later
- Universal binary (Apple Silicon & Intel)
Note
If the application appears corrupted, run: xattr -cr /path/to/Application.app
MacPersistenceChecker v1.0
MacPersistenceChecker v1.0
Initial Release
Features
- Enumerate all macOS persistence mechanisms
- Code signature verification with color-coded trust levels
- Snapshot and timeline comparison to detect changes
- Disable/Enable items (with admin privileges for system items)
- Native SwiftUI interface
Requirements
- macOS 13.0 or later
- Full Disk Access permission (for complete scanning)
Installation
- Download the DMG file
- Mount and drag MacPersistenceChecker to Applications
- Launch and grant Full Disk Access when prompted