From what I've been reading a person cannot delete the "com.kaspersky.kav.sysext.systemextension" unless a full reintall is done. Since Kaspersky was listed as security risk and was banned from government computers, I would like to ask if Apple could provide a solution for removing the file(s).
iMac 21.5″ 4K, macOS 12.5
As for uninstalling being complete, that's always a reasonable concern and rare is any uninstall that is actually complete, but if one is, its probably the developers own uninstaller or a security companies removal tool. Launch Kaspersky and click on "help" "support" "uninstall". If you don't want to launch Kaspersky the uninstaller usually resides at /Library/Application Support/Kaspersky Lab/KAV/Applications/Kaspersky Uninstaller.app
[Edited by Moderator]
It's complicated. There is a way to remove it, but it can be dangerous and requires procedures that are not allowed to be posted here in the forums.
I don't know what your particular situation is, but the official Kaspersky uninstall should work fine. If you didn't follow the official procedures, then you can contact Kaspersky for support and they can walk you through those procedures I mentioned above.
Thank you for your quick reply. Of course, my mind goes toward the idea of a fox guarding the chicken coop - if the company is deemed a security risk, how can it be trusted to uninstall their software? But thank you for your honesty and I sure the complications of anything political, financial, and the threat of law can limit your official response.
Consider this a feature request. :)
Suche60 wrote:
if the company is deemed a security risk, how can it be trusted to uninstall their software?
Who says it is a security risk? The government? Who runs the government? Politicians? Are you sure you want politicians doing your tech support?
I sure the complications of anything political, financial, and the threat of law can limit your official response.
There are no complications. I'm not telling you to do anything illegal. I'm not telling you to install Kaspersky. I'm telling you how to uninstall it.
I generally don't recommend any 3rd party antivirus software. I have seen many more cases of people who can't uninstall Norton than people who can't uninstall Kaspersky.
Interesting. I tend to remove Kaspersky before each OS update and in the past that extension was removed as soon as I restarted the system after running the Kaspersky uninstaller. Its actually MacOS that installs and uninstalls extensions like that as they are on the SIP read-only side. installers and uninstallers just stage the extension and request the OS put it where it goes or remove it during next reboot.
The time honored and bold or painful method of removing something that you normally can't on the SIP side is to:
1: turn SIP off
2: delete what offends using if need be root or sudo authority.
3: turn SIP back on as it is important for security and privacy.
4: Scan system load, read some cryptic warnings in console if desired and estimate if your getting an average volume of warnings then use the system hopefully, or restore it from scratch and backups
On a modern Mac, launch it in restore mode by holding the power button longer on Apple silicon or holding a fancy keystroke on an intel machine, do what is required to get far enough in to launch the utility "Terminal" from the restore side menu bar. "csrutil" which on the restore side will launch the manual for the command. Personally I suggest ALWAYS reading the manual for the command by typing just the command from the restore environment or if booted normally by typing "man WhateverCommandSomeoneIsSuggesting". Unix commands are obedient and do what you told them to do for good or ill.
anyway you would end up if determined rebooting into restore, sticking in passwords, launching terminal typing in the "csrutil" command and one space then "disable", press return, type y for yes after you read warning, put in password...
reboot normally or if you want to get fancy type "reboot" into terminal and press return.
Once rebooted normally, navigate to the extension, delete it which is straightforward now but if needed you can escalate yourself to root or sudo permissions and whalla, with very rare exceptions whatever you wanted gone is gone even if the results are catastrophic.
I don't know if the extension has dependencies or dependents nor if when it doesn't uninstall after running uninstall and rebooting has already done everything else and the OS hangs instead of removing it or if some less easily fixable thing is happening.
REBOOT into the restore side, launch terminal type in "csrutil" and read about the command, then if desired and I personally believe it's of paramount importance, type "csrutil enable". do the y or n thing and put in password. Be thorough type "csrutil status" into Terminal after rebooting and logging in normally and confirm it is in the state you want it which should nearly always be "enabled". Personally I turn off the radios, aka blootooth and wifi before disabling sip and leave them off till it's re-enabled out of habit, no idea if it's a best practice.
This is an advanced or at least bold method but in reality it mostly comes down to depth and quality of backups.
Kaspersky kernal removal
