Thread Info
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 25130 views
  • Users 0 members are here
Options
Suggested

HOW TO: Remove System Extensions

RichardP

Please create a new post in the Discussions section for any questions or comments.

In some instances you may need to manually remove the System Extensions. There are two ways available:

  1. Reinstall and drag extension hosting software to trash
    • Reinstall using the “Sophos Installer”
    • Drag the “/Applications/Sophos/SophosWebNetworkExtension” to the trash
    • A dialog is displayed that says
      • “The application “SophosWebNetworkExtension” is hosting
      • system extensions. These extensions will be removed if you
      • continue”
    • Click on continue
    • Authenticate as requested
    • Right click on “/Applications/Sophos/Sophos Scan” and choose “Show Package Contents”
    • Navigate to Contents/MacOS and drag “SophosScanD” to the trash
    • A dialog is displayed that says
      • “The application “SophosScanD” is hosting system extensions.
      • These extensions will be removed if you continue.”
      • Click on continue
    • Authenticate as requested
    • Run “/Applications/Sophos/Remove Sophos Endpoint”
    • Restart the Mac
  2. Disable SIP, use systemextensionctl to unload the extensions, and reenable SIP
    • Disable SIP:
      • Reboot into the recovery partition by holding the command (⌘) key and (R) key down while rebooting
      • Select the volume that contains your copy of Big Sur
      • Enter credentials as requested
      • In the “Recovery” application that comes up, choose the menu item “Utilities | Terminal”
      • Enter the command: “csrutil disable”
      • Restart the Mac and log in
    • Open the Terminal application
      • Enter the command “systemextensionsctl uninstall - com.sophos.endpoint.networkextension”
      • Enter credentials to the dialog that says “systemextensionctl is trying to modify a System Extension”
      • Enter the command “uninstall - com.sophos.endpoint.scanextension”
      • Enter credentials to the dialog that says “systemextensionctl is trying to modify a System Extension”
    • Enable SIP:
      • Reboot into the recovery partition by holding the command (⌘) key and (R) key down while rebooting
      • Select the volume that contains your copy of Big Sur
      • Enter credentials as requested
      • In the “Recovery” application that comes up, choose the menu item “Utilities | Terminal”
      • Enter the command: “csrutil enable”
      • Restart the Mac

Either of these methods should remove the System Extensions from the target machine. 

If you encounter problem after following these steps - please reply below.



.
[edited by: Florentino Sanchez at 8:15 PM (GMT -8) on 8 Mar 2021]

  • Please tell me there is another way to do this.. I uninstalled 10.0.3 as it made me reboot my mac multiple times a day and now I noticed com.sophos.endpoint.scanextension is still loading after a reboot.

    This is the behaviour of a rootkit to be honest..

Unfiltered HTML