Is this always possible using systemextensionsctl by root? Is there a way to prevent root from removing an Endpoint Security Extension? The use case is for a Mac managed by AirWatch.
Last I checked the uninstall
command only works if you disable SIP:
% sw_vers ProductName: macOS ProductVersion: 15.2 BuildVersion: 24C101 % systemextensionsctl list 1 extension(s) --- com.apple.system_extension.network_extension (…) enabled active teamID bundleID (version) … * * SKMME9E2Y8 com.example.apple-samplecode.QNE2FilterMac.SysEx … % sudo systemextensionsctl uninstall SKMME9E2Y8 com.example.apple-samplecode.QNE2FilterMac.SysEx At this time, this tool cannot be used if System Integrity Protection is enabled. This limitation will be removed in the near future. Please remember to re-enable System Integrity Protection!
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"