Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 13 subscribers
  • Views 2484 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos not completely removed on mac

Sholia Natorik

I uninstalled Sophos with "remove Sophos Endpoint", but every minute I get:

(system) <Warning>: failed lookup: name = com.sophos.xpc.broker, flags = 0x8, requestor = com.sophos.endp[320], error = 3: No such process

in the launchd.log on my MacOS Monterey

Seems to be the same problem as:

https://community.sophos.com/intercept-x-endpoint/f/discussions/131695/error-message

and:

https://community.sophos.com/intercept-x-endpoint/f/discussions/131114/error-message-in-launchd-log

But no working solution

Also I see that there are still sophos files in /Library/SystemExtensions related to

com.sophos.endpoint.networkextension and com.sophos.endpoint.scanextension

I tried this:

https://community.sophos.com/intercept-x-endpoint/big-sur-eap/f/recommended-reads/124391/how-to-remove-system-extensions

But also didn't help.

How do I completely remove sophos?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    I am also getting this kind of stuff in the launchd.log:

    2022-09-11 12:43:30.122170 (2H5GFH3774.com.sophos.endpoint.scanextension) <Notice>: This service is defined to be constantly running and is inherently inefficient.
    2022-09-11 12:43:30.122192 (system/2H5GFH3774.com.sophos.endpoint.scanextension) <Notice>: internal event: WILL_SPAWN, code = 0
    2022-09-11 12:43:30.122195 (system/2H5GFH3774.com.sophos.endpoint.scanextension) <Notice>: service state: spawn scheduled
    2022-09-11 12:43:30.122197 (system/2H5GFH3774.com.sophos.endpoint.scanextension) <Notice>: service state: spawning
    2022-09-11 12:43:30.122234 (system/2H5GFH3774.com.sophos.endpoint.scanextension) <Notice>: launching: speculative
    2022-09-11 12:43:30.122559 (system/2H5GFH3774.com.sophos.endpoint.scanextension [314]) <Notice>: xpcproxy spawned with pid 314
    2022-09-11 12:43:30.122570 (system/2H5GFH3774.com.sophos.endpoint.scanextension [314]) <Notice>: internal event: SPAWNED, code = 0
    2022-09-11 12:43:30.122572 (system/2H5GFH3774.com.sophos.endpoint.scanextension [314]) <Notice>: service state: xpcproxy
    2022-09-11 12:43:30.122648 (system/2H5GFH3774.com.sophos.endpoint.scanextension [314]) <Notice>: internal event: SOURCE_ATTACH, code = 0

  • +1 in reply to Sholia Natorik

    Thank you for the logs Sholia, 

    Would you be able to provide the output of the below command please ? 

    sudo systemextensionsctl list

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • 0 in reply to IsmailJaweed

    3 extension(s)
    --- com.apple.system_extension.network_extension
    enabled    active    teamID    bundleID (version)    name    [state]
    *    *    2H5GFH3774    com.sophos.endpoint.networkextension (10.0.4/221867)    networkextension    [activated enabled]
    --- com.apple.system_extension.endpoint_security
    enabled    active    teamID    bundleID (version)    name    [state]
    *    *    2H5GFH3774    com.sophos.endpoint.scanextension (10.0.4/221861)    com.sophos.endpoint.scanextension    [activated enabled]

    (and a 3rd extention that is unrelated to sophos)

Reply
  • 0 in reply to IsmailJaweed

    3 extension(s)
    --- com.apple.system_extension.network_extension
    enabled    active    teamID    bundleID (version)    name    [state]
    *    *    2H5GFH3774    com.sophos.endpoint.networkextension (10.0.4/221867)    networkextension    [activated enabled]
    --- com.apple.system_extension.endpoint_security
    enabled    active    teamID    bundleID (version)    name    [state]
    *    *    2H5GFH3774    com.sophos.endpoint.scanextension (10.0.4/221861)    com.sophos.endpoint.scanextension    [activated enabled]

    (and a 3rd extention that is unrelated to sophos)

Children
Unfiltered HTML