See what non-Apple kernel extensions are loaded

14 February 2015, 08:32

Here’s a command that reports any kernel extensions that aren’t Apple’s own, which on most Macs should be very few (and probably zero). It’s a nice way for the security paranoid to ensure they don’t have any malware installed. You’ll need to open a Terminal window (it’s in the Utilities folder of Applications) and then type the following:

kextfind -loaded -not -b -s com.apple

If nothing appears in the results then, that’s fine, and you’ve no kernel modules loaded that aren’t Apple’s own. However, if you’ve Little Snitch installed, then you’ll see the following:

/Library/Extensions/LittleSnitch.kext

This is fine. I also saw some other results. The following two:

/Library/Extensions/AVFrameBuffer.kext
/Library/Extensions/AVVideoCard.kext

… are apparently left over from an AirDisplay installation and can be removed as follows:

sudo rm -rf /Library/Extensions/AVFrameBuffer.kext /Library/Extensions/AVVideoCard.kext

You’ll also need to reboot. I also saw the following:

/System/Library/Extensions/intelhaxm.kext

… which I believe is installed as part of the Android SDK. I could probably remove it because I don’t use the SDK, but it appears to be doing no harm right now.

Be cautious about any modules you don’t fully understand. Googling them is a terrific idea.

Know better?

 
---