Jump to content

Removing PUP system extensions

Recommended Posts

  • Staff

Recently, Apple has given special entitlements to programs that Malwarebytes detects as Potentially Unwanted Programs (PUPs). For details, see:


Because of this, Malwarebytes for Mac will repeatedly block affected system extensions, but cannot actually remove them. Instructions for removing the system extensions associated with these PUPs are as follows:

1) Restart the Mac in recovery mode (hold down command-R while restarting):


2) In recovery mode, choose Terminal from the Utilities menu:


3) In the Terminal window, enter the following command and press return to disable the System Integrity Protection (SIP) security feature:

csrutil disable

Important: this should only be done temporarily! Be sure to follow the instructions all the way to the end, to turn SIP back on in step 7.

4) Reboot the computer normally

5) Open the Terminal, which is found in the Utilities folder in the Applications folder when not in recovery mode

6) Depending on what program is being blocked, run the appropriate command below


systemextensionsctl uninstall 64424ZBYX5 com.mackeeper.AntivirusEndpointSecurity


systemextensionsctl uninstall 47M7HL5AG8 com.jdi.ss.TotalAV.EndpointExtension


systemextensionsctl uninstall 47M7HL5AG8 net.protected.macos.TotalAV.ESAVExtension


systemextensionsctl uninstall 47M7HL5AG8 com.jdi.ss.ScanGuard.EndpointExtension


systemextensionsctl uninstall 47M7HL5AG8 com.jdi.ss.PCProtect.EndpointExtension

7) Repeat steps 1-3, except this time enter the following command in the Terminal:

csrutil enable


For more information on why we detect these things as PUPs, see:



Edited by treed
  • Like 1
  • Thanks 1
Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.