What Happens When You Run a Security Scan on a Brand New Mac

You just took a new Mac out of the box. You went through the setup wizard, signed into your Apple ID, and everything feels fresh and clean. No apps installed. No files downloaded. Just a pristine machine.

So what happens when you run a security scan on it?

We did exactly that. We set up a brand new MacBook Pro, completed the standard setup process, and immediately ran a full CoreLock scan before installing anything else. The results were genuinely surprising.

What we expected

Honestly, we expected almost nothing. A brand new Mac straight from Apple should be about as clean as a computer gets. We figured the scan would come back mostly empty.

We were wrong.

What the scan actually found

87 running processes on a "fresh" machine

Before you install a single app, your Mac is already running dozens of processes. Most of these are legitimate macOS system services, things like WindowServer, kernel_task, and launchd. They keep your Mac running.

But there were also processes that are worth knowing about. Background update services, analytics daemons, and cloud sync processes that started running the moment we signed into an Apple ID.

None of these are malicious. But most people have no idea they are there, and understanding what is running on your machine is the first step toward real security awareness.

Pre-granted privacy permissions

Here is something that surprised us: even on a fresh install, several Apple apps already had privacy permissions granted. Siri had microphone access. FaceTime had camera access. Safari had access to several categories.

Again, this makes sense. Apple pre-grants permissions to its own apps to provide a smooth out-of-box experience. But it means your "fresh" Mac is not actually starting from a zero-permission state. Apps already have access to your camera, microphone, and more.

23 startup items already configured

Before we installed anything, there were already 23 items configured to run at login or on startup. These are launch agents and launch daemons that macOS installs by default.

Most users never look at these. They do not show up in the Login Items section of System Settings because they are system-level items, not user-level ones. But they are there, and they run every time your Mac boots up.

Network connections on first boot

Within minutes of connecting to Wi-Fi, the fresh Mac was already making network connections to dozens of Apple servers. Software update checks, iCloud sync, analytics reporting, Siri processing, and more.

This is expected behavior, but it is eye-opening to see the volume of network activity that happens immediately on a brand new machine. Your Mac is communicating with remote servers from the very first minute you turn it on.

Default security settings are not maxed out

macOS ships with reasonable default security settings, but they are not the most secure options available. The firewall is off by default. Some privacy protections require manual configuration. Certain security features need to be explicitly enabled.

A brand new Mac is secure enough for most people, but there is room to tighten things up.

What this means for your Mac

To be clear: none of what we found on the fresh Mac was malicious. Apple's default configuration is reasonable and safe.

But here is the point: if a brand new Mac already has this much going on under the hood, imagine what your Mac looks like after months or years of installing apps, granting permissions, and accumulating login items.

Most people have:

• Hundreds of running processes, many from apps they forgot they installed
• Dozens of apps with camera, microphone, and screen recording access
• Login items and launch agents from software they no longer use
• Network connections to servers they have never heard of
• Security settings they have never reviewed

What we recommend for any Mac, new or old

Run a baseline scan

Whether your Mac is brand new or five years old, run a comprehensive security scan to understand your starting point. You cannot protect what you do not understand.

Review your permissions

Go through your privacy permissions and revoke access for any app that does not actively need it. Pay special attention to camera, microphone, screen recording, and full disk access.

Check your startup items

Review what runs when your Mac boots up. Remove startup items for apps you no longer use. Every unnecessary startup item is a potential attack surface and a drain on boot time.

Enable the firewall

If your Mac's firewall is not on, turn it on. System Settings, Network, Firewall. There is almost no reason to leave it off.

Run regular scans

Security is not a one-time event. Your Mac's security posture changes every time you install an app, grant a permission, or download a file. Regular scanning catches problems before they become serious.

Try it yourself

We built CoreLock to make this entire process simple. One scan covers processes, permissions, startup items, network connections, code signatures, and more. Everything is explained in plain English, and you can fix issues with one click.

Curious what your Mac looks like under the hood? Download CoreLock for free at corelock.ai/download and find out. No credit card required. The results might surprise you.