This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MAC 14.2 Install script Automation Issue

We are using a MDM to automate the installation of Sophos Endpoint on MAC 14.2.  We try to use the installation script provided but it always fails to fully install.  The software appears on the Mac but is unable to start.  When I look at the install log output it just says "Installation Failed with: Installation failed (1) ...."  The script works great when running directly on the Mac the issue is when we are trying to push it from our MDM.  Anyone find a solution to this or have any ideas on how to get this to work from a MDM (we are using ManageEngine currently)? 



This thread was automatically locked due to age.
Parents
  • Hi James,

    Thanks for reaching out to the Sophos Community Forum. 

    May I ask if you're using the "Install Sophos Script.txt" from the download package? 

    If you're having issues executing the script using MDM specifically, I suggest checking if other scripts deployed through Manage Engine work as desired.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I am using a modified version of the script:

    #!/bin/bash
    cd /Users/Shared

    # Installing Sophos
    curl -L -O "link"
    unzip SophosInstall.zip
    chmod a+x Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer
    chmod a+x Sophos\ Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
    Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --quiet 
    exit 0

    Any other script we push through the MDM works great, just this one stops the install partway through for some reason.

  • Hello James, 

    I suppose you are not using MDM profiles to deploy the Sophos Agent but rather directly push the script.
    Since we know that the installation stops midway. 

    I have modified the installation script to include comprehensive logging. This should help us better understand whether the issue lies with the script execution or with the Sophos installation itself.

    Deploy this script with MDM and p
    lease send me the Sophos_install.log file. You can find the log file named Sophos_install.log in the /Users/Shared directory. The contents of this log will provide us with valuable insights into the installation process and help us identify any potential issues. 

    Make sure to change the download URL in script. Slight smile

    #!/bin/bash
    cd /Users/Shared
    
    # Define log file
    LOG_FILE="/Users/Shared/sophos_install.log"
    
    # Redirect all output to log file
    exec > $LOG_FILE 2>&1
    
    echo "Starting Sophos Installation"
    
    # Check if the Sophos installer file exists
    INSTALLER_FILE="SophosInstall.zip"
    if [ -f "$INSTALLER_FILE" ]; then
        echo "Installer file already exists. Deleting existing file."
        rm -f "$INSTALLER_FILE"
    fi
    
    # Download Sophos Installer
    echo "Downloading Sophos Installer..."
    curl -L -O "https://your-sophos-download-link/SophosInstall.zip"
    if [ $? -ne 0 ]; then
        echo "Download failed"
        exit 1
    fi
    
    # Unzip and Check
    echo "Unzipping Sophos Installer..."
    unzip SophosInstall.zip
    if [ $? -ne 0 ]; then
        echo "Unzip failed"
        exit 1
    fi
    
    # Change Permissions
    echo "Changing permissions..."
    chmod a+x Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer
    if [ $? -ne 0 ]; then
        echo "chmod failed on Sophos Installer"
        exit 1
    fi
    
    chmod a+x Sophos\ Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
    if [ $? -ne 0 ]; then
        echo "chmod failed on com.sophos.bootstrap.helper"
        exit 1
    fi
    
    # Install Sophos
    echo "Installing Sophos..."
    Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --quiet
    if [ $? -ne 0 ]; then
        echo "Installation failed"
        exit 1
    fi
    
    echo "Sophos installed successfully"
    
    # End of script
    echo "Script execution completed"
    

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • Here is the output, everything is fine until it attempts the Installation:

    Starting Sophos Installation
    Downloading Sophos Installer...
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    100 4443k 0 4443k 0 0 4206k 0 --:--:-- 0:00:01 --:--:-- 4203k
    100 6998k 0 6998k 0 0 5022k 0 --:--:-- 0:00:01 --:--:-- 5020k
    Unzipping Sophos Installer...
    Archive: SophosInstall.zip
    inflating: Sophos Installer.app/Contents/CodeResources
    inflating: Sophos Installer.app/Contents/Info.plist
    inflating: Sophos Installer.app/Contents/PkgInfo
    inflating: Sophos Installer.app/Contents/_CodeSignature/CodeResources
    inflating: Sophos Installer.app/Contents/MacOS/Sophos Installer
    inflating: Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
    inflating: Sophos Installer.app/Contents/Resources/ps_rootca.crt
    inflating: Sophos Installer.app/Contents/Resources/ico_header_cloud.png
    inflating: Sophos Installer.app/Contents/Resources/ico_st_alert.png
    inflating: Sophos Installer.app/Contents/Resources/ico_device_encryption.png
    inflating: Sophos Installer.app/Contents/Resources/rootca384.crt
    inflating: Sophos Installer.app/Contents/Resources/InvalidDataIcon.tiff
    inflating: Sophos Installer.app/Contents/Resources/ico_st_cancel.png
    inflating: Sophos Installer.app/Contents/Resources/ico_st_error.png
    inflating: Sophos Installer.app/Contents/Resources/ico_sophos_sheild.png
    inflating: Sophos Installer.app/Contents/Resources/SophosBootstrap.icns
    inflating: Sophos Installer.app/Contents/Resources/ico_xdr.png
    inflating: Sophos Installer.app/Contents/Resources/build-info.plist
    inflating: Sophos Installer.app/Contents/Resources/SophosBootstrap-Options.plist
    inflating: Sophos Installer.app/Contents/Resources/ico_st_success.png
    inflating: Sophos Installer.app/Contents/Resources/ico_mtr.png
    inflating: Sophos Installer.app/Contents/Resources/ico_ztna.png
    inflating: Sophos Installer.app/Contents/Resources/ico_enduser_protection.png
    inflating: Sophos Installer.app/Contents/Resources/de.lproj/MainMenu.strings
    inflating: Sophos Installer.app/Contents/Resources/de.lproj/Localizable.strings
    inflating: Sophos Installer.app/Contents/Resources/de.lproj/InfoPlist.strings
    inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/de.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/ja.lproj/MainMenu.strings
    inflating: Sophos Installer.app/Contents/Resources/ja.lproj/Localizable.strings
    inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InfoPlist.strings
    inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/ja.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/en.lproj/InfoPlist.strings
    inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/en.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/es.lproj/MainMenu.strings
    inflating: Sophos Installer.app/Contents/Resources/es.lproj/Localizable.strings
    inflating: Sophos Installer.app/Contents/Resources/es.lproj/InfoPlist.strings
    inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/es.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/it.lproj/MainMenu.strings
    inflating: Sophos Installer.app/Contents/Resources/it.lproj/Localizable.strings
    inflating: Sophos Installer.app/Contents/Resources/it.lproj/InfoPlist.strings
    inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/it.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/certificates/sophosca4.der
    inflating: Sophos Installer.app/Contents/Resources/certificates/sophosca3.der
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/background.tif
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/AlertCautionIcon.tiff
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/Success.tiff
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/Localizable.strings
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/MainMenu.nib
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InfoPlist.strings
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/blue_bullet.png
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/Base.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/fr.lproj/MainMenu.strings
    inflating: Sophos Installer.app/Contents/Resources/fr.lproj/Localizable.strings
    inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InfoPlist.strings
    inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationSummarySuccess.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationSummaryInstallFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationSummaryDownloadFailed.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationSummaryCancelled.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationProgressInstalling.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Resources/fr.lproj/InstallationProgressDownloading.rtfd/TXT.rtf
    inflating: Sophos Installer.app/Contents/Library/LaunchServices/com.sophos.macendpoint.Installer.HelperTool
    inflating: Sophos Installer.app/Contents/Frameworks/libswift_Concurrency.dylib
    inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/CodeResources
    inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/Info.plist
    inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/PkgInfo
    inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/_CodeSignature/CodeResources
    inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/MacOS/SophosCBR
    inflating: Sophos Installer.app/Contents/Helpers/SophosCBR.bundle/Contents/Resources/com.sophos.sophoscbr.plist
    inflating: Deployment Tools/Install Sophos Script.txt
    inflating: Deployment Tools/Sophos Endpoint Sonoma v2.1.mobileconfig
    inflating: Deployment Tools/Sophos Endpoint Monterey v2.1.mobileconfig
    inflating: Deployment Tools/Sophos Endpoint Ventura v2.1.mobileconfig
    inflating: Deployment Tools/Sophos Endpoint Big Sur v2.1.mobileconfig
    inflating: Deployment Tools/Read Me First.rtfd/e6dc22ea-b3af-4239-b194-6d00ba05f409.png
    inflating: Deployment Tools/Read Me First.rtfd/TXT.rtf
    inflating: Sophos Installer Components/SophosCloudConfig.plist
    Changing permissions...
    Installing Sophos...
    2024-01-19 08:15:52.450 Sophos Installer[19460:1084216] Starting Sophos Bootstrap Installer.
    2024-01-19 08:19:04.786 Sophos Installer[19460:1084216] Installation failed with: The installation failed. (1). See SophosDiagnostics for detailed information.
    Installation failed

  • Thank you for sharing the log. 

    As per the log entry,  we need to collect some logs using SDU and send it to us.

    You can download and run the standalone SDU using the below link 
    https://support.sophos.com/support/s/article/KB-000033508?language=en_US#:~:text=Sophos%20submission%20method.-,Running%20the%20SDU%20tool%20on%20macOS%20devices,-For%20macOS%2010.6

    Thak you. 

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • Thank You for the logs James. I'll update you soon. 

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • Hi James, 

    From the SDU logs , I have identified some permission issues, where the SDU was unable to copy the system.log 

    Failure: Unable to copy source at system.log -> Error Domain=NSCocoaErrorDomain Code=513 "“system.log” couldn’t be copied because you don’t have permission to access “system”." UserInfo={NSSourceFilePathErrorKey=/var/log/system.log, NSUserStringVariant=(
        Copy
    ), NSDestinationFilePath=/var/folders/hw/ddgm2w8n4534xyfl6jz0zflr0000gp/T/DT6794_20240119_083811_SDU/system/system.log, NSFilePath=/var/log/system.log, NSUnderlyingError=0x600002d3f3c0 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied"}}


    Then we have a system extension that is registered as endpoint security as seen below

    1 extension(s)
    --- com.apple.system_extension.endpoint_security
    enabled	active	teamID	bundleID (version)	name	[state]
    *	*	TZ824L8Y37	com.manageengine.protectord (1/1)	Protectord	[activated enabled]
    

    There are a couple of key points to consider:

    1. Permission Issues with System.log: The inability to copy system.log due to permission errors indicates that the script or the process running the script might not have sufficient privileges. This could be a part of the problem, especially if the Sophos installation requires access to system logs or similar resources.

    2. System Extension Conflict: The presence of the ManageEngine Protectord as a system extension registered for endpoint security might be conflicting with the Sophos installation. Endpoint security solutions often operate at a low level within the system and can interfere with each other, especially if they try to access or modify similar system resources.

    After some researching we found that the manageengine.protectord system extension is another form of Endpoint security:
    https://www.manageengine.com/products/desktop-central/endpoint-security-features.html

    As a test, please remove this software/extension, perform a reboot and attempt to push the script again. 

    Please let me know the results of this test.

    Thank You.

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • Hi James, Just to add.

    Although we have this manage engine extension  present in the machine, I wouldn't suspect it completely. The test we are doing is "just in case". I could see a lot of internal tickets raised for the same where installation  is failing if the manage engine extension is found to be present.

    Moreover, If we are suspecting this extension is the cause, I am wondering if the installation  will succeed even if the script is run directly on the machine.

    With that being said, I have few questions, but i'll ask after the test results cuz that would make more sense. 

    Thank you for your time and patience.

    Appreciate it. 

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • I have not been able to test yet without the extension but I can tell you that if I run the script directly on the machine it runs just fine and installs without any issues.  It is just failing when I am pushing the script from ManageEngine

  • How about we try the MDM profiles James ?

    https://support.sophos.com/support/s/article/KB-000045806?language=en_US

    If you haven't read the article , I suggest you take a look at it and follow the instructions under "MMD Correction" and then we push the script ? 

    I strongly believe this would work. It all makes sense cuz the script is going to the endpoint through MDM and it fails where as if the script is run directly its working. In that case configuring MDM profiles may be a good choice for us.

    Please do update me on how it goes. 

    Really curious to find. Thanks again for you time James.

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

Reply
  • How about we try the MDM profiles James ?

    https://support.sophos.com/support/s/article/KB-000045806?language=en_US

    If you haven't read the article , I suggest you take a look at it and follow the instructions under "MMD Correction" and then we push the script ? 

    I strongly believe this would work. It all makes sense cuz the script is going to the endpoint through MDM and it fails where as if the script is run directly its working. In that case configuring MDM profiles may be a good choice for us.

    Please do update me on how it goes. 

    Really curious to find. Thanks again for you time James.

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

Children
  • Followed your link above and we setup the two PPPC setups and restarted the MAC and tried the script again and its the same  result.

  • Hi James,

    I'm sorry to hear that the previous steps didn't resolve the issue. Let's try a few more steps to see if we can get this sorted out.

    First Approach:

    1. Removing Sophos Files and Folders: Please follow the instructions below to remove Sophos files and folders, then reboot your Mac.

      Open Terminal and execute these commands:

      bashCopy code
      sudo rm -R /Library/Sophos\ Anti-Virus/ sudo rm -R /Library/Application\ Support/Sophos/ sudo rm -R /Library/Preferences/com.sophos.* sudo rm /Library/LaunchDaemons/com.sophos.* sudo rm /Library/LaunchAgents/com.sophos.* sudo rm -R /Library/Extensions/Sophos* sudo rm -R /Library/Caches/com.sophos.*
    2. Add Full Disk Access via MDM: Once the Mac reboots, please ensure Full Disk Access is granted via MDM.

    3. Push the Script: After the reboot and granting access, try pushing the script again.

    If the Issue Persists:

    1. Remove Sophos Files and Folders: Start by removing the Sophos files and folders as mentioned above and then reboot your Mac.

    2. Remove the com.manageengine.protectord System Extension: This can be done through the Terminal or System Preferences. 

    3. Add Full Disk Access via MDM: After removing the extension and rebooting, ensure Full Disk Access is granted via MDM.

    4. Push the Script: Finally, attempt to push the script again.

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • I have spent a few days working on trying to disable or rename or remove protectord from the system and it is baked in as part of ManageEngine you are not able to remove it without removing ManageEngine all together which defeats the purpose of pushing the script out of ManageEngine.  We need it to work in there.  If that is the issue we need to find a work around.

  • Any ides on how else we can try to get this working for us?  Worried that the upcoming updated version in Feb will not fix our issue and we have a few macs this needs to get pushed to.

  • Hi James, 

    Sorry about the delay. Unfortunately, I do not have a test setup to take this further. I'll try my best to find one and will update this thread soon. 

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer