Remote Shell Commands for Mac Endpoints

Use the available remote shell commands to investigate Mac endpoints.

Command

Description

Syntax

Example

Supported on

cat

Output the content of the selected file (max size 1MB)

cat <file_location>

  • To output the content of the example.txt file located in the current directory (/Users/admin/Downloads):

    Downloads>cat example.txt

  • To output the content of the example.txt file located in the /tmp directory:

    Downloads>cat /tmp/example.txt

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

cd

Change the current working directory

cd [path]

Note:

For the <path>, specify the absolute or relative path.

cd /Users

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

clear

Clear screen

clear

clear

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

cp

Copy a file or directory to specific destination

cp <source_object> <destination_object> [--force]

  • To copy the Finances directory in the current directory /Users/admin/Downloads to /tmp and overwrite the existing directory:

    Downloads>cp Finances /tmp --force

  • To copy the example.txt file in the directory /var to /tmp and overwrite the existing example.txt file:

    Downloads>cp /var/example.txt /tmp --force

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

env

List environment variables

env

env

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

fileinfo

List detailed file properties

fileinfo <file_location_and_extension>

  • To list the file properties of the example.txt file in the current directory /Users/admin/Downloads :

    Downloads>fileinfo example.txt

  • To list the file properties of the example.txt file located in the /tmp directory:

    Downloads>fileinfo /tmp/example.txt

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

get

Collect a specific file and upload to Trend Micro Vision One

Maximum file size: 4 GB

get <file_location_and_extension>

  • To collect the file example.txt file in the current directory /Users/admin/Downloads :

    Downloads>get example.txt

  • To collect the file example.txt file located in the /tmp directory:

    Downloads>get /tmp/example.txt

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

help

Display help information

help

help

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

ipconfig

Display network configuration information

ipconfig

ipconfig

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

kill

Terminate a running process

kill <PID>

kill 1234

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

ls

List contents of the directory

ls [path]

Note:

For the <path>, specify the absolute or relative path.

ls

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

memdump

Create a process memory dump available as an encrypted archive from the Trend Micro Vision One console

memdump --pid <pid>

memdump --pid 1234

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

mkdir

Create a new directory

mkdir <path>

  • To create the Finances directory in the current directory /Users/admin/Downloads :

    Downloads>mkdir Finances

  • To create the Finances directory in the /tmp directory:

    Downloads>mkdir /tmp/Finances

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

mv

Move a file or directory to specific destination

mv <source_object> <destination_object> [--force]

  • To move the Finances directory in the current directory /Users/admin/Downloads to /tmp and overwrite the existing directory:

    Downloads>mv Finances /tmp --force

  • To move the example.txt file in the directory /var to /tmp and overwrite the existing example.txt file:

    Downloads>mv /var/example.txt /tmp --force

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

netstat

List network statistics and active connections

netstat

netstat

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

ps

List running process information

ps

ps

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

pwd

Display current directory

pwd

pwd

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

rm

Delete a file or directory (and all sub-directories)

rm <source_object> [--force]

  • To delete the Finances directory in the current directory /Users/admin/Downloads :

    Downloads>rm Finances

  • To delete the example.txt file in the directory /var :

    Downloads>rm /var/example.txt

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

run

Execute a previously uploaded script

run <script_name_and_extension> [arguments]

run demo.sh 1 "22 33" 44

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

service list

List service information

service list

service list

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

systeminfo

List system information

systeminfo

systeminfo

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

user info

List account properties

user info <username>

user info john_doe

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

user list

List local user accounts

user list

user list

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)

zip

Compress a file or directory in a zip archive and optionally encrypt the archive with a password

zip <source_object1> [<source_object2...> <source_objectn>] <destination_object> [--password <password>] [--force]

  • To zip the contents of the Finances directory in the current directory /Users/admin/Downloads to /tmp/directoryArchive.zip , set password to "P@ssw0rd" and overwrite the existing file:

    Downloads>zip Finances /tmp/directoryArchive.zip --password P@ssw0rd --force

  • To zip the example.txt file in the directory /var to /tmp/exampleArchive.zip and overwrite the existing file:

    Downloads>zip /var/example.txt /tmp/exampleArchive.zip --force

  • XDR Endpoint Sensor

  • Deep Security Agent (managed by Cloud One - Endpoint & Workload Security)