Jump to content

Removing PUP system extensions


Recommended Posts

  • Staff

Recently, Apple has given special entitlements to programs that Malwarebytes detects as Potentially Unwanted Programs (PUPs). For details, see:

https://blog.malwarebytes.com/mac/2020/11/apple-security-hampers-detection-of-unwanted-programs/

Because of this, Malwarebytes for Mac will repeatedly block affected system extensions, but cannot actually remove them. Instructions for removing the system extensions associated with these PUPs are as follows:

1) Restart the Mac in recovery mode (hold down command-R while restarting):

https://support.apple.com/HT201314

2) In recovery mode, choose Terminal from the Utilities menu:

284985681_openTerminalinrecoverymode.thumb.png.428ef3ee07a3e12d7bc5f967973f511a.png

3) In the Terminal window, enter the following command and press return to disable the System Integrity Protection (SIP) security feature:

csrutil disable

Important: this should only be done temporarily! Be sure to follow the instructions all the way to the end, to turn SIP back on in step 7.

4) Reboot the computer normally

5) Open the Terminal, which is found in the Utilities folder in the Applications folder when not in recovery mode

6) Depending on what program is being blocked, run the appropriate command below

MacKeeper:

systemextensionsctl uninstall 64424ZBYX5 com.mackeeper.AntivirusEndpointSecurity

TotalAV:

systemextensionsctl uninstall 47M7HL5AG8 com.jdi.ss.TotalAV.EndpointExtension

ScanGuard:

systemextensionsctl uninstall 47M7HL5AG8 com.jdi.ss.ScanGuard.EndpointExtension

PCProtect:

systemextensionsctl uninstall 47M7HL5AG8 com.jdi.ss.PCProtect.EndpointExtension

7) Repeat steps 1-3, except this time enter the following command in the Terminal:

csrutil enable

 

For more information on why we detect these things as PUPs, see:

https://blog.malwarebytes.com/puppum/2016/08/pup-friday-mackeeper/

https://blog.malwarebytes.com/detections/pup-jdi/

  • Like 1
  • Thanks 1
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.