Is this always possible using systemextensionsctl by root? Is there a way to prevent root from removing an Endpoint Security Extension? The use case is for a Mac managed by AirWatch.
Last I checked the uninstall command only works if you disable SIP:
% sw_vers
ProductName: macOS
ProductVersion: 15.2
BuildVersion: 24C101
% systemextensionsctl list
1 extension(s)
--- com.apple.system_extension.network_extension (…)
enabled active teamID bundleID (version) …
* * SKMME9E2Y8 com.example.apple-samplecode.QNE2FilterMac.SysEx …
% sudo systemextensionsctl uninstall SKMME9E2Y8 com.example.apple-samplecode.QNE2FilterMac.SysEx
At this time, this tool cannot be used if System Integrity Protection is enabled.
This limitation will be removed in the near future.
Please remember to re-enable System Integrity Protection!
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
