How To: Remove Previously User-Approved KEXT

tthurman
Contributor III

So, I'm trying to find a way to remove a previously user-approve KEXT from a machine.

The /var/db/SystemPolicyConfiguration/KextPolicy database is read-only and likely protected by SIP anyway - so, deleting a row out of this wouldn't work.

Has anyone found a way to do this?

--
TJ

3 REPLIES 3

tthurman
Contributor III

bump

dgary1
New Contributor

Run the following as an admin through Terminal:
sudo kextunload /System/Library/Extensions/{ThirdParty}.kext

Or if that doesn't work, you can use

sudo kextunload /Library/Extensions/{ThirdParty}.kext

Make sure that the KEXT is not being used and it should be unloaded that way. Then verify its been unloaded through kextstat or the /var/db/SystemPolicyConfiguration/KextPolicy

tthurman
Contributor III

Unfortunately, I don't believe this has worked. To my knowledge, the KEXT that I have in my approved KEXT list is not loaded. However, it still shows up in the kext_policy table in the KextPolicy db.

--
TJ