How to delete com.kaspersky.kav.sysext.systemextension on macOS Monterey?

I suggest running an EtreCheck report. It should locate any "orphan" Kaspersky files on your Mac so we know where (potentially) this one is located.

Ref: Using EtreCheck to Troubleshoot Potential… - Apple Community

Alternatively, kernel extension files would be located in any of the following "folders" on your Mac:

• /Library/Extensions
• /System/Library/Extensions

You are not going to be able to remove this system extension without some tricky, low-level changes and Terminal commands. These actions can be dangerous and we are not allowed to post instructions here in the forums.

I recommend you contact Apple Support Directly.

diesel_dad wrote:

I have contacted Apple Support. Their brilliant answer was to reformat the drive and install MacOS from scratch as being the only way to remove the file. I asked them to send me something where it said that removing the file was not possible and they said that they could not.

That’s the easy answer, at least as far as they are concerned.

I grew up as a Unix System programmer, so I am comfortable with using Terminal commands but there is something protecting this file that I can't seem to figure out.

It is System Integrity Protection. Unfortunately, the rules of this forum do not allow me to explain how to disable it.

The problem here is that you tried to remove the file yourself. It doesn’t matter how much experience you have. You don’t have the correct entitlements from Apple. The correct answer would have been to use the built-in Kaspersky uninstallation procedure or instructions. But that’s not possible if you’ve already deleted the software. I’m not going to recommend reinstalling either because that might be illegal now. According to the US government, Kaspersky is “an unacceptable risk to the national security of the United States or the security and safety of United States persons”.

If you can find instructions elsewhere, just make sure to re-enable System Integrity Protection when you’re done.

diesel_dad wrote:

I have contacted Apple Support. Their brilliant answer was to reformat the drive and install MacOS from scratch as being the only way to remove the file.

Given what Etresoft has indicated, it seems that only a certified installer/uninstaller can access some of these files, apparently including the one you want to remove. Perhaps Kaspersky has such an uninstaller, but if Kaspersky itself is not trustworthy, would I use their uninstaller? I have actually done a full disk erase and reinstall in the past, it is not that hard and it will result in a clean operating system, not a bad thing. Make sure you have at least two backups, preferably two different types (e.g. Time Machine, clone, cloud-based, etc.) that you have tested, and when you migrate your files back make sure you migrate only user accounts and files, nothing else, so you don't bring that file back. By the way, there could be more than just that one file that you know about, in which case you are better off with the clean reinstall anyway, possibly.

EDITED

As All others have mentioned regarding the Terminal command line would be required in this instance.

If willing to try this Safe Application as last ditch effort and may or may not work.

Suggest restarting in Safe Mode to perform this action.

Doing a Safe Mode boot should insure the extension does not load and make it easier for the FAF Application to find the file location.

Attempt to Drag and Drop the extension to Trash and Empty Trash.

Use the search words associate with the Offending Application

Find Any File (FAF)

diesel_dad wrote:

I have tried the Kaspersky un-installer several times and I have a ticket open with Kaspersky support. I'll wait for their response but at least now I know why I don't have the right privileges to delete.

That’s unfortunate. The manual uninstallation process is well-known. I just can’t mention it here.

Even an erase and reinstall might not help. If you restore from backup, you could restore the system extension.

You'll need to search online on how to remove a system extension. There are ways to do it.

As previously mentioned, without disabling security features and using somewhat arcane command line tools intended for developers, your option would be to backup your data and erase the internal drive entirely and install a clean macOS Monterey then restore your data.

[Edited by Moderator]

Thank you for sharing the course of action taken.

Too bad the real method to the remove the extension can not be openly discussed here.

It may have saved a lot of work on your part instead of the Wipe and Install the OS from scratch.

diesel_dad wrote:

So, never install their Kaspersky malware ...

To be honest, this particular problem is common to many Mac security products. My standard advice to only use official uninstallers or uninstallation instructions provided directly by the developer is becoming more and more useless as those official uninstallers often don't work.

These are security apps. They are supposed to protect us from the most dangerous, state-sponsored, zero-day hacking and ransomware attacks. Yet they can't even figure out how to properly uninstall their own software.

When this happened to me with a stubborn sysext I had to boot into Recovery and temporarily downgrade security level. If I recall correctly the security level is a selection in the menu bar.

I like the app AppCleaner to remove stubborn apps. AV apps are especially heinous in my opinion and removal is not so easily done; the best way is to do as the developer instructs.