2022-10-14 18:19:13 +00:00
|
|
|
-- Find unexpected 3rd-party kernel extensions
|
|
|
|
--
|
|
|
|
-- false positives:
|
|
|
|
-- * none known
|
|
|
|
--
|
2022-10-14 14:18:23 +00:00
|
|
|
-- platform: darwin
|
2022-10-14 18:19:13 +00:00
|
|
|
-- tags: persistent seldom kernel
|
2022-10-14 14:18:23 +00:00
|
|
|
SELECT
|
2023-05-08 17:20:47 +00:00
|
|
|
linked_against,
|
|
|
|
name,
|
|
|
|
path,
|
|
|
|
size,
|
|
|
|
version,
|
2023-02-09 22:54:41 +00:00
|
|
|
path || ',' || name || ',' || version || ',' || linked_against AS exception_key
|
2022-10-14 14:18:23 +00:00
|
|
|
FROM
|
|
|
|
kernel_extensions
|
|
|
|
WHERE
|
|
|
|
path NOT LIKE '/System/Library/Extensions/%'
|
|
|
|
AND NOT (
|
|
|
|
idx = 0
|
|
|
|
AND name = '__kernel__'
|
2023-02-09 22:54:41 +00:00
|
|
|
)
|
2023-05-08 17:20:47 +00:00
|
|
|
AND exception_key NOT IN (
|
2023-08-15 22:13:06 +00:00
|
|
|
'/Library/StagedExtensions/Library/Extensions/CalDigitUSBHubSupport.kext,com.CalDigit.USBHubSupport,1,<3>',
|
|
|
|
'/Library/StagedExtensions/Library/Filesystems/kbfuse.fs/Contents/Extensions/13/kbfuse.kext,com.github.kbfuse.filesystems.kbfuse,2113.21,<1 3 4 5 7>'
|
2023-05-08 17:20:47 +00:00
|
|
|
)
|
2023-02-18 20:02:40 +00:00
|
|
|
AND exception_key NOT LIKE '/Library/StagedExtensions/Library/Extensions/ufsd_NTFS.kext,com.paragon-software.filesystems.ntfs,%'
|
|
|
|
AND exception_key NOT LIKE '/Library/StagedExtensions/Library/Filesystems/macfuse.fs/Contents/Extensions/12/macfuse.kext,io.macfuse.filesystems.macfuse,%'
|
|
|
|
AND exception_key NOT LIKE '/Library/StagedExtensions/Library/Extensions/ufsd_ExtFS.kext,com.paragon-software.filesystems.extfs,%'
|