Apple invented System Integrity Protection, usually referred to as SIP, to keep your Mac protected from any harmful modifications. This security feature is designed to make it even more difficult for malware to modify system processes, locations, and Kernel extensions.

SIP prevents malware attacks from completion. Disabling it will instantly raise macOS vulnerability. Note that this is for experienced users or developers, and you normally shouldn’t turn SIP off. 

But like anything that creates restrictions, this security feature has its drawbacks. So, if you need to disable System Integrity Protection to fix an issue, there is a way to do that.

What is System Integrity Protection?

System Integrity Protection is a security technology developed to guard files and folders on your Mac against potentially malicious software.  

Before the SIP release, the root user account had full access to the entire operating system: any system folder or app on your Mac. Malware that got root permission could use it to destroy the low-level operating system files.

Today, Mac System Integrity Protection, also known as ‘rootless,’ restricts the root user and won’t allow it to perform specific actions, such as adding code into system processes or managing protected locations. This is good news. Software with granted root permission can no longer tamper with system files.

Parts of the system protected by SIP

System Integrity Protection is effective at defending the following system locations:

  • /System
  • /usr
  • /bin
  • /sbin
  • /var
  • Apps that come preinstalled with macOS

If you try to tamper with one of such protected parts, you’ll see the message: “Operation not permitted.” Only Apple-signed processes, such as authorized Apple installers or software updates, have privileges to write to system files. 

Tip:

Find the full list of protected locations at: /System/Library/Sandbox/rootless.conf

Why you may need to disable System Integrity Protection

The most common issue with ‘rootless’ is it breaks apps. Some apps might fail to install or function correctly, even after they are installed. That’s when users see the “Cannot attach to process due to System Integrity Protection” message. 

These app-specific errors are largely a thing of the past. Since that time, most developers have updated their software to comply with the latest macOS versions. Of course, there are still exceptions.

Note that the blame for these problems doesn’t lie on SIP alone. It’s also the responsibility of developers who failed to adjust their apps properly.

Note:

There is also a problem related to emptying Trash on Mac. If you get an error, “Some items in the trash cannot be deleted because of System Integrity Protection,” use the instruction below.

Is it safe to turn off SIP?

Although Apple recommends keeping System Integrity Protection turned on all the time, it can be disabled and enabled as needed. Remember that this may cause serious security issues. 

Before turning SIP off, make a Time Machine backup of your Mac to restore your computer just in case something goes wrong. Double-check that the software you want to install comes from a reliable source.

To be on the safe side while SIP is disabled, it’s a good practice to use a reputable malware protection tool. We always rely on CleanMyMac X since Apple notarized it. That means it was submitted for checking and officially doesn’t contain viruses itself.

With its Malware Removal module, you can perform a deep scan and eliminate any malware you may have caught in the past.

Malware removal module of CleanMyMac

Here is how it works:

  1. Grab a copy of CleanMyMac X and open it — here, you can get a version.
  2. Go to Malware Removal from the sidebar.
  3. Click Scan and wait for a few seconds.
  4. If anything suspicious is found, click Remove to get rid of it.

To activate the non-stop scan, allow the real-time monitor to run in the background. Go to CleanMyMac X menu > Settings > Protection and select the box next to the features named “Enable Malware monitor” and “Look for threats in the background”.

How to disable System Integrity Protection and enable it

SIP on the latest macOS has minor differences from the previous versions, but the basics of turning it on/off remain the same. Let’s see how to do that.

Warning:

Once again, don’t disable SIP unless you have a solid reason to do that. Make sure you’ve activated some alternative protection layer for your Mac.

First, you need to boot into recovery mode. Follow the steps for your Mac. 

Mac with Apple silicon:

  1. When turning on your Mac, press and hold the Power button.
  2. Keep it pressed until you see startup options.
  3. Click the Gears icon (Options) and hit Continue.
  4. If asked, select your user and enter admin credentials. Click Next.

Intel-based Mac:

  1. Click the Apple logo on the Menu bar > Restart.
  2. Hold down Command-R as your Mac starts up to reboot into recovery mode.

Once your Mac booted into recovery mode, follow these steps:

  1. Go to Utilities > Terminal from the menu bar.
  2. Type csrutil disable and press Return on the keyboard.
  3. Click the Apple logo > Restart.

Once you fix an issue, turn on System Integrity Protection right away.

How to enable System Integrity Protection

To switch  SIP back to its full power, follow these steps:

  1. Once again, restart your Mac in recovery mode by following the steps above.
  2. Open Terminal.
  3. Paste in: csrutil enable
  4. Press Return.
  5. Restart your Mac.

Most apps and their installers run smoothly with SIP turned on. Still, there might be situations when disabling it is the only option. If so, we’ve just told you what to do. Always keep your macOS updated and pick a malware protection app for your Mac if you haven’t got one yet. We are using CleanMyMac X, but there are many other good options, too.