User profile for user: Batman-15
Batman-15 Author
User level: Level 1
30 points

SOPHOS/SIP error kext rejected due to insecure location

Hello World!

I have a macbook running MacOS 10.13.6. I installed SOPHOS home premium on the system. The SOPHOS shield which should be all black is orange and when I click on it, it indicates that the system is not protected for any of its features such as virus scanning, web filtering, etc, etc. I found the following errors in the log files:

kext rejected due to insecure location <Hexadecimal Location> {url = "file:///Library/StagedExtensions/Library/Extensions/SophosFileMonitor.kext/", ID = "com.sophos.kext.sfm"}

kext rejected due to insecure location <Hexadecimal Location> {url = "file:///Library/StagedExtensions/Library/Extensions/SophosFileProtection.kext/", ID = "com.sophos.kext.oas"}

kext rejected due to insecure location <Hexadecimal Location> {url = "file:///Library/StagedExtensions/Library/Extensions/SophosWebProtection.kext/", ID = "com.sophos.kext.swi"}


If I turn off SIP (csrutil disable) from safe mode and then boot the system, SOPHOS works with no issues.

The wonderful tech support at SOPHOS told me to completely reinstall my system starting with a fresh load of the OS to correct this issue.


I think this is a permission thing with SIP and the file locations? Amy help or suggestions on where to look or how to fix this would be greatly appreciated.


Respectfully;

Mark K.

MacBook

Posted on Dec 23, 2018 10:10 AM

Reply
Question marked as Top-ranking reply
User profile for user: Batman-15
Batman-15 Author
User level: Level 1
30 points

Posted on Dec 23, 2018 9:43 PM

Well ladies and Gentlemen:

I was able to fix this issue on my own. I did a comparison of permissions between a working MacBook and the one having issues. On the working MacBook under /Library, there is a sub-directory called StagedExtensions. On the working MacBook, the permissions are as follows:

drwxr-xr-x  4 root  wheel  restricted  128 Dec 10 03:45 StagedExtensions


On the MacBook that was having the issue, the permissions were:

drwxr-xr-x  4 root  wheel  -  1027 Dec 22 11:45 StagedExtensions


I booted the MacBook into recovery mode and disabled SIP (csrutil disable).

I then Booted the system and logged in as Administrator. I changed to /Library and ran the following command:

sudo chflags -R restricted StagedExtensions


I then booted the MacBook into recovery mode again and enabled SIP (csrutil enable).

I then Booted the system and logged in and all is well, Sophos is working correctly.



I know this solution does not answer the question as to why this was happening on this MacBook in the first place, but it is up and running with Sophos and no errors!


I want to thank those of you who responded and wish you all a Very Merry Christmas!

Respectfully;

Mark K.

View in context

Similar questions

21 replies
User profile for user: Batman-15
Batman-15 Author
User level: Level 1
30 points

Dec 23, 2018 4:22 PM in response to BobTheFisherman

my response is based on my experience. It is everyone’s responsibility in a heterogeneous environment to prevent the spread of malware and viruses. That includes Mac users. I included a link in my previous email that was stripped out by the apple forums that listed viruses and malware that affect Macs. Why don’t you try googling Mac iOS malware and do a little research on your own before making in accurate statements.

Reply
User profile for user: Kurt Lang
Kurt Lang
User level: Level 9
68,596 points

Dec 23, 2018 5:28 PM in response to Batman-15

As an "expert", you should know that malware and viruses are one and the same. A virus is a type of malware. As is a Trojan or worm. You can't treat the word malware as if it's some sort of specific threat when it's nothing more than a generic phrase (MALicious softWARE) to describe any app you wouldn't want on your computer. That you don't seem to know this reduces the credibility of your claim. "Virus" is NOT a generic term.


There has yet to be an actual virus that can affect OS X or macOS. They have been no reports of a virus in the wild. Not one.

Reply
User profile for user: Kurt Lang
Kurt Lang
User level: Level 9
68,596 points

Dec 23, 2018 5:33 PM in response to Batman-15

Crossrider is yet another Trojan. YOU have to download and install it. It cannot in any way get onto your Mac on its own. The current circulation method is the now very worn out fake Flash Player update thrown in the user's face by bogus web sites. The download from the site is of course not Flash at all. It's a Trojan, waiting for the unwary to install it. You can download millions of copies of it to your Mac, but not one of them can do anything until you choose to run it.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

SOPHOS/SIP error kext rejected due to insecure location

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up