Rubin Shrestha
Rubin Shrestha
Blog

What is writing to daemon_info.log on macOS and is it dangerous e.g. malware?

by |Published

I’m running macOS Tahoe 26.5 on a Mac mini M4. I found a directory in my Documents directory that I didn’t know what it was, cpsppp. This directory itself seems to be connected with “PowerPanel Personal”, the app that talks to the UPS the Mini is plugged into. This is acceptable.

However, within the cpsppp directory there is a series files named:

daemon_info.log  
daemon_info.log.1  
...  
daemon_info.log.20

Full listing for .log file:

-rw-r--r--@   1 root       staff   6930372 Jun  6 11:02 daemon_info.log

Each of them are about 10 Mbytes. It is writing many lines of what looks like trace statements every 3 seconds. Here is a small example:

2026-06-06 10:41:55,665 - daemon - INFO - ******DriverTransaction request START******  
2026-06-06 10:41:55,667 - daemon - INFO - DriverTransaction cmdStr: -1  328

2026-06-06 10:41:55,667 - daemon - INFO - DriverTransaction cmd: b'-1  
2026-06-06 10:41:55,667 - daemon - INFO - DriverTransaction SET REQUEST TYPE  
2026-06-06 10:41:55,667 - daemon - INFO - DriverTransaction SEND REQUEST  
2026-06-06 10:41:55,668 - daemon - INFO - DriverTransaction PRINT RESPONSE FLAG: True

2026-06-06 10:41:55,668 - daemon - INFO - DriverTransaction GET RESPONSE  
2026-06-06 10:41:55,668 - daemon - INFO - DriverTransaction PRINT RESPONSE BYTES: <ctypes.c_char_Array_4096 object at 0x117ee4040>

/Users/appleuser/Documents/cpsppphead -30 daemon_info.log

2026-06-06 10:41:55,665 - daemon - INFO - ******DriverTransaction request START******  
2026-06-06 10:41:55,667 - daemon - INFO - DriverTransaction cmdStr: -1

I have tried using an lsof command in (a batch job) within the directory continuously and filtering out references that weren’t applicable. I can find only three things referencing these files: Finder, mdworker, and apple.com.

I cannot find any relevant references online to daemon_info.log.

I can’t figure out why whomever is writing this would put it in this particular directory.

Also, there is a directory within cpsppp called update_file that only contains a directory 2.7.0.s but this seems to belong to Power Panel Personal.

What other info do I need. What else might I do to find the possibly offending process?

You may also like