Ghost Hunter
Cleanup review with evidence, not casual deletion advice.
Ghost Hunter is a review-first audit surface for stale devices, zero-scope policies, empty groups, scripts without current policy linkage, and related cleanup candidates. It is designed to stay conservative when coverage is incomplete.
Safe Candidate stays narrowUnknown when coverage is incompleteCoverage notes remain visible
Finding lanes
- Safe Candidate
- Likely Candidate
- Review Required
- Unknown
The Safe Candidate lane is intentionally narrow. If a finding depends on downstream-reference validation and that validation is incomplete or unsupported, the result is downgraded to Unknown rather than presented as cleanup-safe.
Supported checks in the current release
- Zero-scope policies
- Current policy-linked script usage where supported
- Current device inventory state for lifecycle review
- Supported policy and macOS configuration profile group reference relationships
Important limits
- Duplicate-object detection is intentionally unsupported.
- Empty-group downstream reference checks are limited to supported policy and macOS configuration profile scope or exclusion relationships.
- Unused script means no current policy reference found in completed supported checks. It does not imply the script is never used manually or outside Jamf policy linkage.
- Device lifecycle findings are operationally useful, but they do not model retirement intent, reassignment, or off-platform asset processes.
What Unknown means
Unknown is not a weak version of Safe Candidate. It means Ghost Hunter does not have enough supported completed coverage to let the result read cleanup-safe.
How to act on findings
Use Ghost Hunter to narrow the review set, then inspect the evidence and coverage notes for the individual item. For supported downstream relationship review before deletion, pair Ghost Hunter with Blast Radius Analyzer.