Endpoint Security Extension removal by root

App & System Services Core OS
pnelson OP
Created Jan ’25
Replies 3
Boosts 0
Views 414
Participants 3

Is this always possible using systemextensionsctl by root? Is there a way to prevent root from removing an Endpoint Security Extension? The use case is for a Mac managed by AirWatch.

Replies  3
Boosts  0
Views  414
Participants  3
DTS Engineer OP
Apple
Jan ’25
Accepted Answer
Recommended

Last I checked the uninstall command only works if you disable SIP:


% sw_vers
ProductName:            macOS
ProductVersion:         15.2
BuildVersion:           24C101
% systemextensionsctl list
1 extension(s)
--- com.apple.system_extension.network_extension (…)
enabled active  teamID          bundleID (version)                               …
*       *       SKMME9E2Y8      com.example.apple-samplecode.QNE2FilterMac.SysEx …
% sudo systemextensionsctl uninstall SKMME9E2Y8 com.example.apple-samplecode.QNE2FilterMac.SysEx
At this time, this tool cannot be used if System Integrity Protection is enabled.
This limitation will be removed in the near future.
Please remember to re-enable System Integrity Protection!

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Etresoft OP
Jan ’25

Did you check the new uninstall functionality in Sequoia System Settings?

0
pnelson OP
Jan ’25

The right to change these switches is com.apple.system-extensions.admin

1
Endpoint Security Extension removal by root
First post date Last post date
 
 
Q