SOPHOS/SIP error kext rejected due to insecure location

Hello,

I assume that if you’ve turned off SIP, you would be willing to try some command-line utilities. Try the following:

ls -laO /Library/StagedExtensions/

The result should look like this:

total 0

drwxr-xr-x@  3 root  wheel  restricted   96  3 Nov 16:13 .

drwxr-xr-x+ 67 root  wheel  sunlnk     2144  3 Nov 16:10 ..

drwxr-xr-x   3 root  wheel  restricted   96  3 Nov 16:13 Library

If it doesn’t, you can try the following to fix it (while booted from recovery):

chflags -R restricted /V*/*/Library/StagedExtensions

I found this information here: https://stackoverflow.com/questions/50897253/macos-kext-with-valid-signature-rejected-after-2nd-installation-high-sierra

My results aren’t quite the same as listed in the link. I strongly suggest a backup before doing anything.

If you don’t have that restricted flag (and after turning off SIP, who knows what you have) then I think it might be a good idea to follow Sophos’ advice and do a wipe and reinstall. Something looks fishy about your system.

That being said, I don’t disagree with the advice you received so far. The macOS operating system already includes multiple layers of malware protection. You don’t need anything else. But if you ask anyone in the security industry, they will tell you the exact opposite. It has become trendy in certain circles to proclaim Apple’s malware protection as being a complete failure. You can see some of that misinformation right here in this thread. Don’t fall for it.

Uninstall SOPHOS. You do not need a third party app that claims to protect, clean, manage, boost performance, etc.

I think this is a permission thing with SIP and the file locations?

In a sense, yes. As of High Sierra, all third party kernel extensions must in the /Library/Extensions/ folder, and they must be code signed by the vendor. Sophos is writing to what is now considered an illegal location.

Plus, as noted, you don't need it.

No. You don't need Sophos, or anything even remotely like it. There are no actual viruses to stop in the Mac OS. There are plenty of Trojans (software you have to install, knowingly or unknowingly) that blow right past all AV software since there's nothing to detect until it's already been installed. Even then, most don't notice anything is wrong.

Any of us can say we are an expert in any domain. Please name one virus out in the wild that can run on a Mac.

Macs do not act as transport devices for Windows devices. Windows virus' can be included in emails etc sent to Mac users and then the email can be forwarded to a Windows user but it is the responsibility of Windows users to not send virus' and then to defend against them. It is not the responsibility of Mac to intercept Windows virus'. Why should Mac users use system resources and tools that provide no benefit while potentially harming a Mac trying to protect Windows users?

No, I am interested in educating myself. as demonstrated by my question to you. You are not as interested by your refusal to learn that running third party anti virus apps on Macs is of no value, provides no benefit, and uses system resources needlessly. And in fact these third party apps may cause problems on a Mac.

You came here seeking assistance and you have been provided some. But because you have a preconceived erroneous idea of security of Macs from virus' you refuse to accept what you are told.

I am a senior information assurance officer and a CISSP. There are viruses and malware that affect the MacOS. ...

Macs can act as a transport device for windows viruses to move through your network and systems. ...

try googling Mac iOS malware and do a little research on your own

There are no viruses that affect macOS. There are a handful of crude malware apps, but they have been long-since blocked by Apple and are no threat to Mac users. The idea that there is some kind of “Typhoid Mac” effect is ludicrous, regardless of how many times people from the security industry repeat it. It is Windows users’ responsibility to keep their machines free from malware. Finally, I’m not sure what a “Mac iOS malware” is. Macs run macOS and other devices run iOS. Running them together like that pretty much eliminates any potential for credibility.

But no matter how careful you try to be or how much you try to educate your users, sh*t happens!

Absolutely! Can't tell you how many times I've read about, and heard IT people complain about the users in almost any company. No matter how many memos they put out telling staff NOT to open unexpected attachments they receive, whether they recognize the sender's name or not, they do it anyway.

The human element is, and always will be the main problem. Both the crooks who create them, and the users who continue to fall for them.

https://support.home.sophos.com/hc/en-us/articles/115005499786-Uninstalling-Sophos-Home-on-Mac-computers