Zombie System Extensions

To clarify, did you run systemextensionsctl after disabling SIP to remove it?

As mentioned above, use systemextensionsctl to uninstall it. See man systemextensionsctl for all the info

First, list it to see that it's running

systemextensionsctl list

Then uninstall by copying the team ID and bundle ID and running this command, with those values replacing the placeholders below.

systemextensionsctl uninstall TEAMID BUNDLEID

I have SIP enabled.

I did all the initial endpoint development with SIP disabled and was launching a command-line version of the program via launchctl. Since re-enabling SIP I have been having to unlearn old habits/workflows and learning new ones.

I had not seen the systemextensionsctl command before. I had mistakenly tried launchctl (which does show the extension running, but couldn't control the extension with the command).

Whew, I am glad systemextensionsctl is there. I just wish I knew about it yesterday. :-)

Thanks

Thanks!

systemextensionsctl is exactly what I needed.

I had been using launchctl which has worked fine when I was launching programs out of LaunchDaemons, but I hadn't known about systemextensionsctl.

I forgot to mention, I usually then do a reboot of my VM to finish removing the extension.

Thanks on this (again)!

I didn't realize I needed to disable SIP again to run the systemextensionsctl command. But now (I think) I have everything fixed, and I cleaned out the 386 extensions registered there! 😯

To clarify, you do want to keep SIP enabled. I was only referring to a current limitation of the systemextensionsctl command. It can only be used to uninstall if you have disabled SIP. Apparently Apple plans to fix that at some point.

Surely this cant be the only answer! - If you have a zombie extension running on a laptop and you can't get to that laptop to disable SIP ( you have to remove it remotely or via a script - is there no way of uninstalling this currently ?

I don't know if that's the only answer, but it's what I've found by reading the forums and experimentation. If you, or anyone, finds some definitive documention, please post a link here. I'd love to read it and let our support team know when we release our product into the wild.

That's the only answer. Don't leave zombie system extensions.

Unfortunately, 3rd party developers have an atrocious track record when it comes to uninstallers. Sometimes they don't include uninstallers at all. Other times, they provide uninstallation instructions that are blatant lies. And, in the end, users think they can uninstall software by dragging apps to the trash.

If you ship a system extension, it must be inside the app and your only uninstallation method must be for the user to drag the app to the trash. No options. Hopefully you won't leave a bunch of launch daemons and agents spinning their wheels on the user's machine for all eternity.