MAC 14.2 Install script Automation Issue

Hi James,

Thanks for reaching out to the Sophos Community Forum. 

May I ask if you're using the "Install Sophos Script.txt" from the download package? 

If you're having issues executing the script using MDM specifically, I suggest checking if other scripts deployed through Manage Engine work as desired.

I am using a modified version of the script:

#!/bin/bash
cd /Users/Shared

# Installing Sophos
curl -L -O "link"
unzip SophosInstall.zip
chmod a+x Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer
chmod a+x Sophos\ Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --quiet 
exit 0

Any other script we push through the MDM works great, just this one stops the install partway through for some reason.

Hello James, 

I suppose you are not using MDM profiles to deploy the Sophos Agent but rather directly push the script.
Since we know that the installation stops midway. 

I have modified the installation script to include comprehensive logging. This should help us better understand whether the issue lies with the script execution or with the Sophos installation itself.

Deploy this script with MDM and please send me the Sophos_install.log file. You can find the log file named Sophos_install.log in the /Users/Shared directory. The contents of this log will provide us with valuable insights into the installation process and help us identify any potential issues. 

Make sure to change the download URL in script. 

#!/bin/bash
cd /Users/Shared

# Define log file
LOG_FILE="/Users/Shared/sophos_install.log"

# Redirect all output to log file
exec > $LOG_FILE 2>&1

echo "Starting Sophos Installation"

# Check if the Sophos installer file exists
INSTALLER_FILE="SophosInstall.zip"
if [ -f "$INSTALLER_FILE" ]; then
    echo "Installer file already exists. Deleting existing file."
    rm -f "$INSTALLER_FILE"
fi

# Download Sophos Installer
echo "Downloading Sophos Installer..."
curl -L -O "https://your-sophos-download-link/SophosInstall.zip"
if [ $? -ne 0 ]; then
    echo "Download failed"
    exit 1
fi

# Unzip and Check
echo "Unzipping Sophos Installer..."
unzip SophosInstall.zip
if [ $? -ne 0 ]; then
    echo "Unzip failed"
    exit 1
fi

# Change Permissions
echo "Changing permissions..."
chmod a+x Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer
if [ $? -ne 0 ]; then
    echo "chmod failed on Sophos Installer"
    exit 1
fi

chmod a+x Sophos\ Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
if [ $? -ne 0 ]; then
    echo "chmod failed on com.sophos.bootstrap.helper"
    exit 1
fi

# Install Sophos
echo "Installing Sophos..."
Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --quiet
if [ $? -ne 0 ]; then
    echo "Installation failed"
    exit 1
fi

echo "Sophos installed successfully"

# End of script
echo "Script execution completed"

Here is the output, everything is fine until it attempts the Installation:

Starting Sophos Installation
Downloading Sophos Installer...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 4443k 0 4443k 0 0 4206k 0 --:--:-- 0:00:01 --:--:-- 4203k
100 6998k 0 6998k 0 0 5022k 0 --:--:-- 0:00:01 --:--:-- 5020k
Unzipping Sophos Installer...
Archive: SophosInstall.zip
inflating: Sophos Installer.app/Contents/CodeResources
inflating: Sophos Installer.app/Contents/Info.plist
inflating: Sophos Installer.app/Contents/PkgInfo
inflating: Sophos Installer.app/Contents/_CodeSignature/CodeResources
inflating: Sophos Installer.app/Contents/MacOS/Sophos Installer
inflating: Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
inflating: Sophos Installer.app/Contents/Resources/ps_rootca.crt
inflating: Sophos Installer.app/Contents/Resources/ico_header_cloud.png
inflating: Sophos Installer.app/Contents/Resources/ico_st_alert.png
inflating: Sophos Installer.app/Contents/Resources/ico_device_encryption.png
inflating: Sophos Installer.app/Contents/Resources/rootca384.crt
inflating: Sophos Installer.app/Contents/Resources/InvalidDataIcon.tiff
inflating: Sophos Installer.app/Contents/Resources/ico_st_cancel.png
inflating: Sophos Installer.app/Contents/Resources/ico_st_error.png
inflating: Sophos Installer.app/Contents/Resources/ico_sophos_sheild.png
inflating: Sophos Installer.app/Contents/Resources/SophosBootstrap.icns
inflating: Sophos Installer.app/Contents/Resources/ico_xdr.png
inflating: Sophos Installer.app/Contents/Resources/build-info.plist
inflating: Sophos Installer.app/Contents/Resources/SophosBootstrap-Options.plist
inflating: Sophos Installer.app/Contents/Resources/ico_st_success.png
inflating: Sophos Installer.app/Contents/Resources/ico_mtr.png
inflating: Sophos Installer.app/Contents/Resources/ico_ztna.png
inflating: Sophos Installer.app/Contents/Resources/ico_enduser_protection.png
inflating: Sophos Installer.app/Contents/Resources/de.lproj/MainMenu.strings
inflating: Sophos Installer.app/Contents/Resources/de.lproj/Localizable.strings
inflating: Sophos Installer.app/Contents/Resources/de.lproj/InfoPlist.strings
inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/ja.lproj/MainMenu.strings
inflating: Sophos Installer.app/Contents/Resources/ja.lproj/Localizable.strings
inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InfoPlist.strings
inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/en.lproj/InfoPlist.strings
inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/es.lproj/MainMenu.strings
inflating: Sophos Installer.app/Contents/Resources/es.lproj/Localizable.strings
inflating: Sophos Installer.app/Contents/Resources/es.lproj/InfoPlist.strings
inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/it.lproj/MainMenu.strings
inflating: Sophos Installer.app/Contents/Resources/it.lproj/Localizable.strings
inflating: Sophos Installer.app/Contents/Resources/it.lproj/InfoPlist.strings
inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/certificates/sophosca4.der
inflating: Sophos Installer.app/Contents/Resources/certificates/sophosca3.der
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/background.tif
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/AlertCautionIcon.tiff
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/Success.tiff
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/Localizable.strings
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/MainMenu.nib
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InfoPlist.strings
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/blue_bullet.png
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/fr.lproj/MainMenu.strings
inflating: Sophos Installer.app/Contents/Resources/fr.lproj/Localizable.strings
inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InfoPlist.strings
inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
inflating: Sophos Installer.app/Contents/Library/LaunchServices/com.sophos.macendpoint.Installer.HelperTool
inflating: Sophos Installer.app/Contents/Frameworks/libswift_Concurrency.dylib
inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/CodeResources
inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/Info.plist
inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/PkgInfo
inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/_CodeSignature/CodeResources
inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/MacOS/SophosCBR
inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/Resources/com.sophos.sophoscbr.plist
inflating: Deployment Tools/Install Sophos Script.txt
inflating: Deployment Tools/Sophos Endpoint Sonoma v2.1.mobileconfig
inflating: Deployment Tools/Sophos Endpoint Monterey v2.1.mobileconfig
inflating: Deployment Tools/Sophos Endpoint Ventura v2.1.mobileconfig
inflating: Deployment Tools/Sophos Endpoint Big Sur v2.1.mobileconfig
inflating: Deployment Tools/Read Me First.rtfd/e6dc22ea-b3af-4239-b194-6d00ba05f409.png
inflating: Deployment Tools/Read Me First.rtfd/TXT.rtf
inflating: Sophos Installer Components/SophosCloudConfig.plist
Changing permissions...
Installing Sophos...
2024-01-19 08:15:52.450 Sophos Installer[19460:1084216] Starting Sophos Bootstrap Installer.
2024-01-19 08:19:04.786 Sophos Installer[19460:1084216] Installation failed with: The installation failed. (1). See SophosDiagnostics for detailed information.
Installation failed

Thank you for sharing the log. 

As per the log entry,  we need to collect some logs using SDU and send it to us.

You can download and run the standalone SDU using the below link 
https://support.sophos.com/support/s/article/KB-000033508?language=en_US#:~:text=Sophos%20submission%20method.-,Running%20the%20SDU%20tool%20on%20macOS%20devices,-For%20macOS%2010.6

Thak you. 

DT6794_20240119_083811_SDU.zip

Thank You for the logs James. I'll update you soon. 

Hi James, 

From the SDU logs , I have identified some permission issues, where the SDU was unable to copy the system.log 

Failure: Unable to copy source at system.log -> Error Domain=NSCocoaErrorDomain Code=513 "“system.log” couldn’t be copied because you don’t have permission to access “system”." UserInfo={NSSourceFilePathErrorKey=/var/log/system.log, NSUserStringVariant=(
    Copy
), NSDestinationFilePath=/var/folders/hw/ddgm2w8n4534xyfl6jz0zflr0000gp/T/DT6794_20240119_083811_SDU/system/system.log, NSFilePath=/var/log/system.log, NSUnderlyingError=0x600002d3f3c0 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied"}}

1 extension(s)
--- com.apple.system_extension.endpoint_security
enabled	active	teamID	bundleID (version)	name	[state]
*	*	TZ824L8Y37	com.manageengine.protectord (1/1)	Protectord	[activated enabled]

There are a couple of key points to consider:

1. Permission Issues with System.log: The inability to copy system.log due to permission errors indicates that the script or the process running the script might not have sufficient privileges. This could be a part of the problem, especially if the Sophos installation requires access to system logs or similar resources.

2. System Extension Conflict: The presence of the ManageEngine Protectord as a system extension registered for endpoint security might be conflicting with the Sophos installation. Endpoint security solutions often operate at a low level within the system and can interfere with each other, especially if they try to access or modify similar system resources.

After some researching we found that the manageengine.protectord system extension is another form of Endpoint security:
https://www.manageengine.com/products/desktop-central/endpoint-security-features.html

As a test, please remove this software/extension, perform a reboot and attempt to push the script again. 

Please let me know the results of this test.

Thank You.

Hi James, Just to add.

Although we have this manage engine extension  present in the machine, I wouldn't suspect it completely. The test we are doing is "just in case". I could see a lot of internal tickets raised for the same where installation  is failing if the manage engine extension is found to be present.

Moreover, If we are suspecting this extension is the cause, I am wondering if the installation  will succeed even if the script is run directly on the machine.

With that being said, I have few questions, but i'll ask after the test results cuz that would make more sense. 

Thank you for your time and patience.

Appreciate it. 

I have not been able to test yet without the extension but I can tell you that if I run the script directly on the machine it runs just fine and installs without any issues.  It is just failing when I am pushing the script from ManageEngine