macOS devices not protected at all

Hi,

I'm a bit disappointed because Sophos support just don't reply at all.

But the fact is you can pay and invite users, or try to deploy the endpoint protection and think you are protected. But you may not be at all.

My issue with the MDM is I followed this guide, but it's still asking me to access the full disk.
So something is missing there.

Problem: the app states "You are protected" and healthy device in the console. But if you download a virus, you can just do it, open the ZIP too, just not seeing it.

How can IT Admins know if you are protected if the app is not returning the information that he doesn't have access to the files?
I mean, Cisco AMP do it so it's not complicate to do.

Also, still, I hope IT admins are not asking users to install a protection tool and then "hope for the best" and that people are going to check all this boxes in the Security preferences - and well if they have admin rights. Also, I think there is an issue because when I ticked all the boxes, and then re downloaded my virus, finally it was kind of not available to open anymore, but then a NEW app appears in the security for the quarantaine, so it looks like we should ask our users to download a virus first to make sure they also also this agent to protect them…

No seriously I don't get the point there.

  • Hi There, 

    Thank you for reaching us. By any chance, do you have a support case for this already? In addition, do you have intercept X on your device? There are lots of factors that will cause this kind of scenario. Do you have the sample file you use for testing? If you can submit it to us, it would be better for us to see why it's not getting detected. 

    GlennSen 
    Global Community Support Engineer | Global Community Team
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • I've opened a case 2 weeks ago, but after replying with the details I never get any other replies. I've opened another case, but now I have to wait until tomorrow that they forward the case to someone in my timezone ... very efficient!

    Yes I have Sophos Intercept X Advanced.

    You can just download EICAR test files without any issue, as said when users did not completely allow manually all processes.

    It's not getting detected because your app doesn't have access to the disk and your app don't care nor report this fail. Worst than any 0 day vulnerability.