How can I figure out what program is starting and quitting?

macos

Solution 1:

Well the obvious solution is to temporarily disable SIP and run execsnoop as you’ve yourself identified.

There is a cruder and less reliable way which doesn’t require SIP disabled. The next time you see this happen, quickly go into Terminal and run

$ log show —-last 1m —-info —-debug —-predicate='sender contains "launchservicesd"'

That will show you the last 1 minute of breadcrumbs from Launch Services, through which it is likely that your mystery process is being invoked. If it’s not, you won’t see it there. Look for (and/or grep) lines containing CHECKIN and DEATH.

Related

how can i disable switch screen animation in catalina?
Configure terminal dimensions to show as Lines x Columns
Parsing date/time strings which are not 'standard' formats
JUL to SLF4J Bridge
Print Combining Strings and Numbers
How can I override Spring Boot application.properties programmatically?
simple custom event
Meteor: Debug on server side
Angularjs simple file download causes router to redirect
Android WebView with garbled UTF-8 characters.
Multiline search replace with Perl
7 equal columns in bootstrap