The “Managed by your organization” message in Chrome is supposed to indicate legitimate IT control on a corporate network. But if you’re seeing it on a personal Mac — and your homepage, search engine, or new tab page has changed without your permission — adware is almost certainly the cause. This guide walks you through removing it completely.

What Is the Chrome “Managed by Your Organization” Virus on Mac?

The “Managed by your organization” alert is a built-in Chrome feature that lets IT administrators enforce enterprise browser policies. It becomes a problem when adware — not your IT department — is the one enforcing those policies.

Mac adware families like SearchMine, Safe Finder, and Search Marquis abuse Chrome’s enterprise policy mechanism to lock your homepage, search engine, and new tab page to their own URLs. Because the settings are applied as policies, Chrome grays them out — you can’t change them manually. SearchMine points everything to searchmine.net, Safe Finder redirects to search.safefinder.com, and Search Marquis funnels traffic through searchmarquis.com or searchbaron.com before landing on Bing.

If you type chrome://management in your address bar and see “Your browser is managed. Your administrator can change your browser setup remotely,” that confirms a policy is active. On a personal Mac with no IT department, that policy was installed by malware.

The adware typically arrives bundled with fake Adobe Flash Player update popups on compromised websites. The installer quietly promotes a browser hijacker alongside whatever the user thought they were installing. Beyond locking Chrome settings, these infections also drop a malicious configuration profile — often named “Chrome Settings” or similar — that gives the adware another layer of control over your Mac.

Removing the configuration profile is a required step — not optional. Without it, the adware policies will keep coming back even after you’ve cleaned up everything else. The steps below cover the full removal process, including profiles, launch agents, and browser resets. If you’re also concerned about broader Apple account security practices, it’s worth reviewing those alongside this cleanup.

Manual Removal of the “Managed by Your Organization” Virus on Mac

Manual removal requires working through several system locations in a specific order. Skipping steps — especially the configuration profile — means the infection will likely return. Follow each step carefully.

The “Managed by your organization” virus can re-infect your Mac if any fragments remain hidden in the system. Using a dedicated tool like Intego Mac alongside these manual steps can significantly reduce cleanup time.

Step 1: Kill the Malicious Process in Activity Monitor

1. Open Finder, click the Go menu in the menu bar, and select Utilities.

2. Double-click Activity Monitor to open it.

3. Look for any unfamiliar, resource-intensive process. The name won’t always match the adware’s visible behaviour, so use your judgement. When you spot a suspicious entry, select it and click the Stop (✕) button in the upper-left corner.

4. When the confirmation dialog appears, click Force Quit.

Step 2: Remove Malicious Launch Agents and Daemons

1. In Finder, go to Go → Go to Folder (or press Command+Shift+G).

2. Type /Library/LaunchAgents and click Go.

3. Scan the folder for recently added .plist files that look out of place. Known malicious examples include com.pcv.hlpramc.plist, com.updater.mcy.plist, com.avickUpd.plist, and com.msp.agent.plist. Drag any suspicious files to the Trash.

4. Use Go to Folder again and navigate to ~/Library/Application Support (the tilde is required — it points to your user home directory).

5. Look for recently created folders that have no connection to Apple products or apps you intentionally installed. Known malicious folder names include ProgressSite, IdeaShared, and ExtraBrowser. Move any suspects to the Trash.

6. Open Go to Folder once more and enter ~/Library/LaunchAgents.

7. This shows LaunchAgents in your personal home directory. Apply the same logic as before — look for recently added, unfamiliar .plist files and drag them to the Trash.

8. Go to Go to Folder and type /Library/LaunchDaemons.

9. Check for persistence files used by the malware. Known examples are com.pplauncher.plist, com.startup.plist, and com.ExpertModuleSearchDaemon.plist. Delete anything suspicious immediately.

Step 3: Delete the Malicious Application

1. In Finder, click Go → Applications.

2. Find any app that you don’t recognise or didn’t intentionally install. Drag it to the Trash. Enter your admin password if prompted.

Step 4: Remove Login Items and the Malicious Configuration Profile

1. Click the Apple menu () and open System Preferences.

2. Go to Users & Groups and click the Login Items tab. Find any entry linked to the adware and click the – (minus) button to remove it.

3. Back in System Preferences, click Profiles. In the left sidebar, look for any suspicious configuration profile — common malicious profile names include ChromeSettings, TechSignalSearch, MainSearchPlatform, and AdminPrefs. Select it and click the – button at the bottom to delete it.

With the configuration profile gone, Chrome’s enterprise policies will no longer be enforced by the adware. Now you can proceed to reset your browsers. This is also a good moment to review your broader iCloud account activity to check for any signs of further compromise.

Reset Your Browsers to Remove Remaining Adware Effects

Even after removing the adware and its configuration profile, each browser may still carry hijacked settings. Resetting them to defaults clears any leftover policies, extensions, and homepage changes the infection put in place.

Reset Google Chrome

1. Open Chrome and click the three-dot More menu (⋮) in the top-right corner. Select Settings.

2. Scroll down and click Advanced to expand the full settings panel.
3. Scroll to the bottom and click Restore settings to their original defaults.
4. In the confirmation dialog, click Reset settings. This removes all custom settings, extensions, pinned tabs, and startup pages set by the adware.

Reset Safari

1. Open Safari and click Safari in the menu bar, then choose Preferences.

2. Under the General tab, reset your homepage to your preferred URL.
3. Go to the Extensions tab and uninstall any extension you don’t recognise.
4. Click the Privacy tab and select Manage Website Data, then click Remove All to clear stored site data.
5. Finally, go to History in the menu bar and select Clear History. Choose all history from the dropdown and confirm.

Reset Firefox

1. Open Firefox and click the Help menu (or the three-line menu, then Help).

2. Select Troubleshooting Information from the Help submenu.
3. On the page that opens, click Refresh Firefox… in the top-right corner.
4. Confirm by clicking Refresh Firefox again in the dialog box. Firefox will restart with all settings restored to defaults, removing the adware’s changes.

How the “Managed by Your Organization” Adware Gets onto Your Mac

This adware almost always arrives through software bundles. The most common delivery method is a fake Adobe Flash Player update popup displayed on a hacked or low-quality website. The installer looks legitimate but quietly installs a browser hijacker like SearchMine alongside whatever the user thought they were getting.

The key pattern is a push toward unnecessary software updates or “free” utilities through splash screens on dubious sites. If a website is insisting you update Flash Player, a codec, or a media player before you can view content, close the tab. Adobe ended Flash support in December 2020 — there’s no legitimate reason for those popups to exist.

Avoiding app bundles from unverified sources is your best defence. Download software only from the Mac App Store or directly from a developer’s official site. Apple’s security ecosystem continues to evolve — you can follow upcoming macOS changes that may introduce additional protections at the OS level.

Use a Mac Security Scanner to Catch Hidden Threats

Manual removal covers the most common locations adware hides in, but some infections drop files in unexpected places. A dedicated Mac security scanner picks up what manual inspection misses and confirms when your system is actually clean.

Intego VirusBarrier is a well-regarded option for Mac-specific threats. It’s built specifically for macOS and reliably detects adware families like SearchMine, Safe Finder, and Search Marquis.

1. Download and install Intego VirusBarrier from Intego’s official website.
2. Open the app and click Start Scan to run a full system scan.

3. Wait for the scan to complete. VirusBarrier will examine all system locations, including the ones covered in the manual steps above.

4. If threats are detected, click Quarantine or Remove to deal with each flagged item. Review the results before confirming removal.

Running a security scan after any manual cleanup is good practice. It gives you a second layer of verification and catches any remnants the manual process may have missed. Given how frequently adware tactics evolve — and how Apple’s platform continues to expand — keeping a security tool active on your Mac is increasingly sensible.

Frequently Asked Questions