Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Listing and unloading installed system extensions?

How to list installed (and presumably already allowed) system extensions? How to unload them?

Posted on Nov 25, 2021 1:44 PM

Reply
Question marked as Top-ranking reply

Posted on Nov 25, 2021 4:53 PM

Mouse07410 wrote:

How to list installed (and presumably already allowed) system extensions?

Use the "kmutil" command to list legacy system (i.e. kernel) extension. For modern system extensions, use "systemextensionsctl". A basic listing is "kmutil find" and "systemextensionsctl list". But from there, things can get complicated really fast.

How to unload them?

Find a can opener, ideally an electric one, and a fresh can-o-worms.


This is not something that anyone, including myself, ever does on a regular basis. Nor would I ever recommend anyone else do that either. The kmutil tool has an unload functionality, but I've never used it and can't commend on it. I have played around a bit with the systemextensionsctl uninstall and, last time I checked, it doesn't work at all. You actually have to disable SIP before you can use that command. At least, that's what the command says. I haven't tried it lately. Maybe that's been fixed.


System extensions are much more closely tied to a containing app. The operating system can automatically unload the extension when you drag the app to the trash. The app's own uninstaller can also properly uninstall it. A 4th party "app zapper" or "clean up" app cannot do this. If you try one of these on a system extension, you are setting up yourself for a trip to Recovery to disable SIP.

8 replies
Question marked as Top-ranking reply

Nov 25, 2021 4:53 PM in response to Mouse07410

Mouse07410 wrote:

How to list installed (and presumably already allowed) system extensions?

Use the "kmutil" command to list legacy system (i.e. kernel) extension. For modern system extensions, use "systemextensionsctl". A basic listing is "kmutil find" and "systemextensionsctl list". But from there, things can get complicated really fast.

How to unload them?

Find a can opener, ideally an electric one, and a fresh can-o-worms.


This is not something that anyone, including myself, ever does on a regular basis. Nor would I ever recommend anyone else do that either. The kmutil tool has an unload functionality, but I've never used it and can't commend on it. I have played around a bit with the systemextensionsctl uninstall and, last time I checked, it doesn't work at all. You actually have to disable SIP before you can use that command. At least, that's what the command says. I haven't tried it lately. Maybe that's been fixed.


System extensions are much more closely tied to a containing app. The operating system can automatically unload the extension when you drag the app to the trash. The app's own uninstaller can also properly uninstall it. A 4th party "app zapper" or "clean up" app cannot do this. If you try one of these on a system extension, you are setting up yourself for a trip to Recovery to disable SIP.

Nov 25, 2021 3:50 PM in response to u257

Suggest downloading the Application Etrecheck directly from a well Respected ASC Contributor. 


Disclaimer: I am not affiliated with nor receive compensation from the Developer.


The application is free or paid from added features. 


Run the application with Full Disc Access ( Security & Privacy - Full Disc Access ).


It will take a Snap Shot -  both the hardware and software.


 The Report will Not Reveal Any Personal Information


Post back the Full Report - copy and paste - using the Additional Text Icon ( 3rd Icon to last )


We can have a look at the report for possible issues and may have possible suggestions to resolve the issues.


Any Third Party Applications that will interfere with the normal operation of the OS, alter, modify, remove or delete or attempt to do so is an invitation for disaster and may require a Reinstallation of the OS.


This includes AntiVirus, Disk Cleaners, Disk Optimizes, UnInstaller etc.


The The Built in Security  is all that is required.

Nov 25, 2021 3:11 PM in response to PRP_53

"kextstat" does work on Big Sur (and, presumably, on Monterey). But it was my understanding that it's for older deprecated *kernel* extensions, rather than the newer *system* extensions?


It's probably not UPload, but UNload [a specific extension that listing showed as loaded and running] - from memory where they're loaded into and running from.


Why - e.g., to validate hypothesis that a given extension is interfering with something, aka - causing trouble. Where to - out of memory.

Nov 25, 2021 4:03 PM in response to PRP_53

Thank you - will check that app. One problem though - it seems that one of the system extensions installed by additional security software packages, prevents access to Internet. So, the solution has to rely only on the OS-provided tools for examining and managing system extensions.


Before somebody suggests it - no, it is not possible to just uninstall that piece of software and be done with the problem and it's likely cause.

Nov 25, 2021 4:10 PM in response to u257

Guessing from the above statement this computer is Enrolled in a MDM Service and computer is Owned by a Company, Schools of University or Organization. That is why the Security Software can not be uninstalled ?


If that is accurate and true - Speak to the Company IT Department about the issue on this computer as they Control the computer.

Nov 25, 2021 5:59 PM in response to etresoft

@etresoft, thanks for the perfect answer.


I played with "kmutil", and successfully unloaded kernel extensions (though some did require a reboot ;).


"systemextensionsctl" indeed listed what I needed. In this case, just knowing what it was, sufficed.


I did not really intend to use "uninstall" on system-system extensions. Do you think that trying to uninstall an extension brought in by a non-Apple-"native" app would force one to go the "Recovery to disable SIP" route?

Nov 25, 2021 7:07 PM in response to Mouse07410

Mouse07410 wrote:

Do you think that trying to uninstall an extension brought in by a non-Apple-"native" app would force one to go the "Recovery to disable SIP" route?

It is just that both kernel extensions and system extensions need other, low-level software running to provide their functionality. So if you remove a particular software package but leave the kernel extension if system extension in place, there is no way to tell how the system will behave.


The standard, safe recommendation is to re-install the app in question and then use the correct uninstallation procedure. But sometimes that won’t work if the installer and/or uninstaller doesn’t anticipate this eventuality. There were some pretty big software developers that released system extensions that their own uninstaller could not remove.


Aside from the SIP factor, system extensions are a little easier to find and remove because they are tightly bundled with the owning app. This is not the case with kernel extensions. It may be impossible to know exactly which 3rd party app installed a given 4th party kernel extension.

Listing and unloading installed system extensions?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.