MacOS Sophos updates failing - you don’t have permission to access “CID”

We have an increasing number of devices that are outdating. While we cannot really see issues on the endpoints, and Central shows most of the Macs as nice and green,

deeper in the Central logs we see a bunch of strange update errors like:

Low,"2024-08-21T10:03:27+02:00","Download of MacEndpoint failed from server TreeVisitor failed: path does not exist: /Library/Caches/com.sophos.sau/CID."

"2024-08-21T09:26:19+02:00","Download of MacEndpoint failed from server “Sophos Installer” couldn’t be moved because you don’t have permission to access “CID”.."

Low,"2024-08-21T08:46:59+02:00","Download of MacEndpoint failed from server Could not verify any signatures: refusing to load unverified content."

Low,"2024-08-21T07:37:09+02:00","Failed to download updates."

Low,"2024-08-20T08:47:39+02:00","Download of MacEndpoint failed from server The operation couldn’t be completed. (com.sophos.macendpoint.sdds3 error 6001.)."

Low,"2024-08-19T13:36:47+02:00","Download of MacEndpoint failed from server sdds3.sophosupd.com/.../sdds3.ScheduledQueryPack.dat: 0."

The first time this error appeared was on July 19th on one device. Others followed. Now we have 6 devices with that status.

Low,"2024-07-19T06:02:26+02:00","Download of MacEndpoint failed from server “Sophos Installer” couldn’t be moved because you don’t have permission to access “CID”.."

What's going on here? What does CID mean? TreeVisitor??

What can we actually do?

One Mac as example:



Added tags
[edited by: GlennSen at 2:24 PM (GMT -7) on 3 Sep 2024]
Parents Reply
  • Thanks for the doc links you provided   

    I don't like the idea that these permissions may change at random - but in fact they do (we've had that in the past on many devices).

    Though I'd expect if the permissions are wrong, we'd have a red X at sophosscand on the status in Central and not all green.

    Like this:

    The computer I picked initially on my first poth has all green and displayed no issues, just the update failed logs were showing the problem.

    But we'll check that on the endpoints locally and report back.

Children