Malware & Launch Agents

Posted by

One of the main ways malware affects the Mac is through the Launch Agents Folders. This is not always the case, but more often than not malware puts something in one of these folders which then performs some type of harmful activity on your Mac. Recently, I discovered a cool way to monitor these folders, it involves an old standby App I have been using for years.

Hazel To The Rescue

The Launch Agents folders are located in the main Macintosh HD level in the Library Folder:

Launch Agent Folders

For now just note there are two folders you will be dealing with here, Launch Agents and Launch Daemons. The other folder is located in your user ~Library Folder:

Library Launch Agents

The idea here is to monitor any additions and/or activity in these folders. This is where good old Hazel comes to the rescue. I have done an overview article on the Hazel App by Noodlesoft if you would like to get a more thorough understanding of how this scheduling app works. 

So, here is how to setup this folder monitoring in Hazel. Open Hazel in the System Preferences:

Hazel System Pref

You can open it from a menubar icon as well. Once you are in there you need to create one rule for each of these three folders. First, click on the plus symbol in the left sidebar, navigate to and add each one of these folders:


Then select one of the folders and click the plus symbol in the right side of the window which brings up the rules area:

Newly Added

What you see in this screenshot above is exactly what you put in your version of Hazel with the exception of the “Name”. You can name it anything you wish. You add this exact same rule to each one of the Launch Agents Folders and you are done. By the way, just look at all the things Hazel can do in the rules area:

Hazel Rules

This may seem complicated, but it really is not. I did not figure this out on my own, I got this idea from another site. Since I have been using it, Hazel has notified me of quite a bit of activity in my Launch Agent Folders. It has been legitimate activity, but it is nice to have this running in the background. Here is Hazel’s Log:

Hazel Log

You can see the Launch Agents activity is constantly being monitored. You just have to set it and forget.


Hazel is such a cool App. I am sure I do not use it to its full potential, but use it I do. The price of Hazel is $32, it has gone up a bit, but so have the features. If you are into automating some of your workflow, I highly recommend it. If you are a “Hazel Master” I would appreciate knowing any ways you use this App.


Leave a Reply

Your email address will not be published. Required fields are marked *