This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos not completely removed on mac

I uninstalled Sophos with "remove Sophos Endpoint", but every minute I get:

(system) <Warning>: failed lookup: name = com.sophos.xpc.broker, flags = 0x8, requestor = com.sophos.endp[320], error = 3: No such process

in the launchd.log on my MacOS Monterey

Seems to be the same problem as:

https://community.sophos.com/intercept-x-endpoint/f/discussions/131695/error-message

and:

https://community.sophos.com/intercept-x-endpoint/f/discussions/131114/error-message-in-launchd-log

But no working solution

Also I see that there are still sophos files in /Library/SystemExtensions related to

com.sophos.endpoint.networkextension and com.sophos.endpoint.scanextension

I tried this:

https://community.sophos.com/intercept-x-endpoint/big-sur-eap/f/recommended-reads/124391/how-to-remove-system-extensions

But also didn't help.

How do I completely remove sophos?

Thanks



This thread was automatically locked due to age.
Parents
  • I am also getting this kind of stuff in the launchd.log:

    2022-09-11 12:43:30.122170 (2H5GFH3774.com.sophos.endpoint.scanextension) <Notice>: This service is defined to be constantly running and is inherently inefficient.
    2022-09-11 12:43:30.122192 (system/2H5GFH3774.com.sophos.endpoint.scanextension) <Notice>: internal event: WILL_SPAWN, code = 0
    2022-09-11 12:43:30.122195 (system/2H5GFH3774.com.sophos.endpoint.scanextension) <Notice>: service state: spawn scheduled
    2022-09-11 12:43:30.122197 (system/2H5GFH3774.com.sophos.endpoint.scanextension) <Notice>: service state: spawning
    2022-09-11 12:43:30.122234 (system/2H5GFH3774.com.sophos.endpoint.scanextension) <Notice>: launching: speculative
    2022-09-11 12:43:30.122559 (system/2H5GFH3774.com.sophos.endpoint.scanextension [314]) <Notice>: xpcproxy spawned with pid 314
    2022-09-11 12:43:30.122570 (system/2H5GFH3774.com.sophos.endpoint.scanextension [314]) <Notice>: internal event: SPAWNED, code = 0
    2022-09-11 12:43:30.122572 (system/2H5GFH3774.com.sophos.endpoint.scanextension [314]) <Notice>: service state: xpcproxy
    2022-09-11 12:43:30.122648 (system/2H5GFH3774.com.sophos.endpoint.scanextension [314]) <Notice>: internal event: SOURCE_ATTACH, code = 0

  • Thank you for the logs Sholia, 

    Would you be able to provide the output of the below command please ? 

    sudo systemextensionsctl list

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • 3 extension(s)
    --- com.apple.system_extension.network_extension
    enabled    active    teamID    bundleID (version)    name    [state]
    *    *    2H5GFH3774    com.sophos.endpoint.networkextension (10.0.4/221867)    networkextension    [activated enabled]
    --- com.apple.system_extension.endpoint_security
    enabled    active    teamID    bundleID (version)    name    [state]
    *    *    2H5GFH3774    com.sophos.endpoint.scanextension (10.0.4/221861)    com.sophos.endpoint.scanextension    [activated enabled]

    (and a 3rd extention that is unrelated to sophos)

  • Thanks, Sholia.

    The Sophos network extension and the scan extension are not removed from the system completely. 
    From the output, It's very clear that both the extensions are activated and enabled. Will have to find a way to remove that. 
    I am checking this internally. I will reply to this in a few minutes

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • Ok, I think it worked! I used

    https://community.sophos.com/intercept-x-endpoint/big-sur-eap/f/recommended-reads/124391/how-to-remove-system-extensions

    with

    systemextensionsctl uninstall 2H5GFH3774 com.sophos.endpoint.scanextension

    and

    systemextensionsctl uninstall 2H5GFH3774 com.sophos.endpoint.networkextension

    Thanks a lot for your help!

  • I didn't realize that there is a teamID in those extensions. Now running sudo systemextensionsctl list doesn't show sophos.

    Thank you!

Reply Children
No Data