What is the process EscrowSecurityAlert in Activity Monitor?
I'm a little worried about a process I see in Activity Monitor called 'EscrowSecurityAlert'
Descriptions provided other forums ranges from it being a sign of malware:
The threat to your Mac is CleanMyMac. Delete it.
through to it being harmless:
This should be perfectly fine as something
and descriptions I don't understand (I can't think of anything I use that requires 'data escrow'):
Escrow is a data security measure in which acryptographic key is entrusted to a third party (i.e., kept in escrow). Under normal circumstances, the key is not released to someone other than the sender or receiver without proper authorization. Key escrow systems can be considered a security risk at the user puts access to information into the hands of the escrow agent holding the cryptographic key; however, key escrow systems are used to ensure that there is a backup of the cryptographic key in case the parties with access to key lose the data through a disaster or malicious intent.
Question
Regarding the 'EscrowSecurityAlert' process - is this something that ships with macOS or have I installed it myself somehow?
Yes, it's part of macOS & has been since perhaps Mavericks.
Wikipedia lists it in List of macOS components but provides no description -
The iPhone Wiki gives a brief description
This application works with the iCloud Keychain servers. It manages the password uploads and anything that keychain tools does.
By definition an escrow service is one who acts as a middle-man in a complex or expensive process. It is often used when buying/selling a house. The escrow company holds both the deeds and the money until all parties have completed the legal requirements to transfer the property, preventing either one from 'running off with the money'.
In computing terms it is an arbitrator between two not-necessarily-yet-trusted 'clients'. It prevents any data from one leaking to the other until full trust is established. In effect, it doesn't let anything 'run off with the money'.
This is, in effect, a less mind-numbing version of your last link & quote.
/System/Library/CoreServices/EscrowSecurityAlert.app
is part of macOS and is involved in the configuration and maintenance of the iCloud Keychain security code.
For example, prompts for entering the code to configure a new device with access to the Keychain.
If you've ever seen one of these messages, it's a dialog from this app:
-
ESCROW_ELE_ALERT_MESSAGE
Create New iCloud Security Code
A new security code must be created because of a change to iCloud Keychain servers.(Apple wrote a support article about this message: If you're asked to create a new iCloud security code)
-
RECORD_BURNED_ALERT_MESSAGE
Update Your iCloud Security Code
Your security code was incorrectly entered too many times on one of your other devices and can no longer be used. -
RESET_CONFIRMATION_MESSAGE
Reset and Turn Off iCloud Keychain?
All passwords in iCloud Keychain will be deleted, and iCloud Keychain will be turned off on all your devices.