User profile for user: darnyill-za
darnyill-za Author
User level: Level 1
10 points

Unable to uninstall 'EndpointSecurityforMac'

Hello,


My old job had me install 'Endpoint Security' and every time I uninstall it via the 'uninstaller' inside the app's folder, it seems to re-install itself after about 30mins.


It's in a folder called 'ManagedAntivirus' – after uninstalling I also delete all files and folders with these names, incl the 'Endpoint Security for Mac' and 'Antivirus for Mac' in the Library/Application Support folder.


But it still seems to come back, without prompt.


I eventually found a Kernel Extension under /System/Library/Extensions labelled EndpointSecurity.kext – is this what's making it reinstall every time? I can't seem to delete this.


From what I can tell the app is part of BitDefender (see attached)


Can anyone help?


MacBook Pro 16″, macOS 12.6

Posted on Apr 27, 2024 11:25 PM

Reply
Question marked as Top-ranking reply
User profile for user: etresoft
etresoft
User level: Level 9
57,002 points

Posted on Apr 28, 2024 7:26 AM

darnyill-za wrote:

It's in a folder called 'ManagedAntivirus'

How "Managed" is it? Did you enrol your computer in their MDM? If so, you don't own the computer anymore. No one should ever BYOD for work. There's too much risk of this kind of problem.


I'm not familiar with MDMs. Check your profiles and see if you still have a profile from them. You might need to contact IT and ask for help.


Most importantly, make a backup of your computer. In theory, it is possible to unenrol a computer from an MDM. But I think that's just theoretical. I don't think it is really possible.


A guaranteed fix/failure test is to erase the hard drive and reinstall the operating system. If it comes up with an MDM lock, then you're off to the store to buy a new computer. And be careful about the restore. I recommend restoring only your user files and user accounts. Do not restore any apps, system settings, or "other files". This is a worst-case scenario. Hopefully it won't come to that. But be prepared.

View in context

Similar questions

10 replies
Question marked as Top-ranking reply
User profile for user: etresoft
etresoft
User level: Level 9
57,002 points

Apr 28, 2024 7:26 AM in response to darnyill-za

darnyill-za wrote:

It's in a folder called 'ManagedAntivirus'

How "Managed" is it? Did you enrol your computer in their MDM? If so, you don't own the computer anymore. No one should ever BYOD for work. There's too much risk of this kind of problem.


I'm not familiar with MDMs. Check your profiles and see if you still have a profile from them. You might need to contact IT and ask for help.


Most importantly, make a backup of your computer. In theory, it is possible to unenrol a computer from an MDM. But I think that's just theoretical. I don't think it is really possible.


A guaranteed fix/failure test is to erase the hard drive and reinstall the operating system. If it comes up with an MDM lock, then you're off to the store to buy a new computer. And be careful about the restore. I recommend restoring only your user files and user accounts. Do not restore any apps, system settings, or "other files". This is a worst-case scenario. Hopefully it won't come to that. But be prepared.

Reply
User profile for user: etresoft
etresoft
User level: Level 9
57,002 points

Apr 28, 2024 8:54 AM in response to darnyill-za

darnyill-za wrote:

This should be something their IT dept could potentially undo though right??

In theory, yes. But I've seen many reports about MDM associations being permanent, even when no one wants them to be.

alternatively do you think a Time Machine rollback would be effective? I’ll copy any files and folders onto a separate hard drive before

You just need to keep trying, taking increasingly drastic measures.


First, examine all of your launchd daemons and agents. This could be something as simple as an MDM (Jamf, Mosyle, etc.) daemon reinstalling the antivirus automatically. You'll need to remove all of that.


Next (at the same time, really), look for any MDM profiles and remove them, if possible.


If the above doesn't work, erase the computer and reinstall the operating system. This is where you could get an MDM lock and you become a proud brick owner. If not, you can try the partial restore I described before.

Reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
148,527 points

Apr 28, 2024 1:24 PM in response to darnyill-za

Your Mac is still being administered.


If it’s “managed”, removing any added MDMs might work, but folks running endpoint security will usually have Jamf or some other similar remote management app loaded and that’ll usually also have to be disabled and removed. And I’d suspect it’s Jamf or some equivalent tool that’s reloading the endpoint security here.


If it’s “supervised”, the folks holding the supervisory lock will need to remove that.

Reply
User profile for user: darnyill-za
darnyill-za Author
User level: Level 1
10 points

Apr 28, 2024 11:28 AM in response to MrHoffman

I haven't seen this! (I previously found this page but the dropdowns kept bugging so I couldn't actually use it, and I think the "easy method" was ineffective anyway). This one you've posted is for PC so there doesnt seem to be a Mac version of their 'Uninstaller' but a few pages down there's a page on using sudo in Terminal to uninstall (which I've never done) and so I did that using the respective path for mine.


As well as sudo rm to remove the LaunchDaemon (which i'm hoping has been the culprit)


Seems to have removed it for now. We'll see if it comes back! 🤷🏼‍♂️

Thank you

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Unable to uninstall 'EndpointSecurityforMac'

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up