See what non-Apple kernel extensions are loaded

14 February 2015, 08:32

Here’s a command that reports any kernel extensions that aren’t Apple’s own, which on most Macs should be very few (and probably zero). It’s a nice way for the security paranoid to ensure they don’t have any malware installed. You’ll need to open a Terminal window (it’s in the Utilities folder of Applications) and then type the following:

kextfind -loaded -not -b -s

If nothing appears in the results then, that’s fine, and you’ve no kernel modules loaded that aren’t Apple’s own. However, if you’ve Little Snitch installed, then you’ll see the following:


This is fine. I also saw some other results. The following two:


… are apparently left over from an AirDisplay installation and can be removed as follows:

sudo rm -rf /Library/Extensions/AVFrameBuffer.kext /Library/Extensions/AVVideoCard.kext

You’ll also need to reboot. I also saw the following:


… which I believe is installed as part of the Android SDK. I could probably remove it because I don’t use the SDK, but it appears to be doing no harm right now.

Be cautious about any modules you don’t fully understand. Googling them is a terrific idea.



Know better?