I've followed the official instructions and also tried running the official removal tool (which btw hangs) for Sophos anti-virus for Mac but I still see a "Sophos" entry in Keychain Access.
I have also see errors in Console when system services try to open /Library/Sophos Anti-Virus/Sophos.keychain
which is a non-existant file. I've even tried recreating a file in that path followed by sudo security delete-keychain "/Library/Sophos Anti-Virus/Sophos.keychain"
but the entry still remains in the list of keychains.
How can I remove this annoying Sophos leftover?
(can't remember which Sophos edition I originally installed, maybe it was called "Home", maybe that is the only one for Mac)
Best Answer
To fix this you have to manually edit the file
/Library/Preferences/com.apple.security-common.plist
, as root, and delete the corresponding hardcoded<dict>...Sophos...</dict>
entry in there.Great care must be taken because you can totally screw up ? your system(-keychain) if you leave any errors inside this .plist file. The section that needs to be deleted looks as follows:
Upon save, there should no longer be any "Sophos" entry in Keychain Access or as output of
security list-keychains
.I used
vim
and deleted the offending lines as (sudo vim /Library/Preferences/com.apple.security-common.plist
) but you may use any text or plist editor you like - I frankly don't know with one is the most accessible (recommendations welcome).