This article describes the steps to configure JAMF to allow configure permissions for Sophos Mac Endpoint on macOS 10.15+
Applies to the following Sophos products and versionsCentral Mac Endpoint 9.9.4,Sophos Anti-Virus for Mac OS X 9.9.4
In Sophos for Mac 9.9.5, a notice is displayed if required permissions are not fully enabled. On October 31st, an issue was found where the notice is triggered if the permissions have been added via an MDM profile, as Apple records these in a different location. Sophos is actively working on updating the detection to correct this.
Note: Sophos does not guarantee the security of third party applications and they should be used at your own risk.
There is a utility called PPPC Utility on Github which allows you to build a configuration profile for Privacy Preferences. It can be located here: https://github.com/jamf/PPPC-Utility. To use this, follow the guidance on the link, and drag and drop the Sophos items into it.
This profile can then be loaded into JAMF.
Special thanks to MichaelCurtis
How to Configure JAMF Privacy Preferences for 10.15 Compatibility
Sophos Approve Endpoint KEXT
How to make a Sophos Central macOS installation package in Jamf Pro
How to make an installation script for Sophos Central macOS endpoint deployment in Jamf Pro
How to deploy Sophos Central macOS endpoint via Jamf Remote
Hello everyone - Is there any update on this please Sophos Support? Still doesn't appear to work as designed/thought?
Is there no progress yet on the issue "where the notice is triggered if the permissions have been added via an MDM profile"? This article hasn't been updated since November, but it's still referenced in KB 134552, updated 24 Mar 2020.
As of now, we need to provide permission as stated above. We will be updating our forums as soon as there is any update on this issue.
There have been no resolutions to this post and we are needing to deploy Catalina soon. What is the status of the Full Disk Access Window issue? This is honestly unacceptable, seeing as this issue has been known about for 6 months now.
This is a new requirement from Apple. Sophos requires this access in order to scan the system. Apple has made it so it must be requested by the user or set in the MDM.
It still doesn't work. Sophos still ask for permission to files, even thought we have made all the PPPC settings. This is version 9.9.8.
It looks like it's not enough with SystemPolicyAllFiles, but they also need SystemPolicySysAdminFiles.
Then we got it working.
We still need to provide the permission as mentioned in the article, we will update the information if it is fixed in upcoming releases.