Sophos Endpoint and Apple macOS 11 Big Sur

Hello Sophos Team,

as partners we find the way of communication disastrous. There is no information other than the login to a Central Admin account, neither on the homepage of the partner portal nor by email; even if a widespread operating system is not able to ensure the functionality of the Sophos software. Instead, a threat and a knowledgebase article will be communicated in the community with the promise of an EAP on 23.11.2020. Honestly? Really serious? To the customers who are affected by the non-transparent information policy, let's just say - take a vacation until maybe the EAP comes and works? Until then, please do not use your Mac?

Simply insane.

Hello Sophos Team,

as partners we find the way of communication disastrous. There is no information other than the login to a Central Admin account, neither on the homepage of the partner portal nor by email; even if a widespread operating system is not able to ensure the functionality of the Sophos software. Instead, a threat and a knowledgebase article will be communicated in the community with the promise of an EAP on 23.11.2020. Honestly? Really serious? To the customers who are affected by the non-transparent information policy, let's just say - take a vacation until maybe the EAP comes and works? Until then, please do not use your Mac?

Simply insane.

Hello Alexander Reith,

I'm "only" a customer, I did receive both an InfoSMS and an email (that started with Sehr geehrte Sophos-Kunden und -Partner) on 11th. You could argue that this was quite late - just the last day before release - but there was advance information.

Christian

Alexander, 

There were several communications on this subject, a tech alert went out in October, a critical alert on the 11th November as well as a support SMS and the banner in Central itself. The emails went to customers and partners with active assets, as your company does not have any active assets you did not receive the alerts. 

We are not happy or comfortable about the position we are putting our customers and partners in but we are doing what we can to get support out as quickly as possible without compromising protection.

Regards,

Darren.

Maybe don't blindly upgrade one's Macs to a brand new operating system on day one and wait it out for at least a few weeks or maybe a month or more before considering installing it using an older Mac as a test platform, test, and if good, roll it out to all users.  I didn't have any problem Googling Sophos' compatibility with Intercept-X and Home Premium and have warned our users accordingly.  Remain on Catalina or earlier macOSes for the time being.  I had emails relating to Intercept-X compatibility in good time too, so I can't say Sophos was late with the information. 

Is it a bit disappointing that there is no compatible version of Sophos right now?  Yes, but at the same time, I'd rather Sophos do thorough testing against the public release and get it right without rushing things.  Catalina still works, and most of us should still be using that for a little while longer.

Thanks Martyn!

its a little bit funny, because in the last days i have seen a couple of other anti virus poducts, already working with big sur. so thats no reason. and we all know how users and customers are acting. especially mac users are still very special in this case... in our company we have blocked an upgrade for the macs... but you know......... ;-) the first step we have done, was to send a warning doing this upgrade. so im still testing which applications working and which not.

Agreed, up to a point. Some people want to use the cutting edge because of the benefits that can provide. If you use Final Cut Pro, the new M1 is fantastic and thus these people want to own and use the new M1 Macs and they must use Big Sur. Other's have auto update switched on, which might not be the greatest idea, however it usually is, until there is such a major update like this. Remember not all users are IT admins. So they now are confronted with this issue and Sophos likely has still quite a lot work and testing to do. I too wish Sophos would have been further along the road, but it isn't that simple. Anyway, we'll see how this EAP works out. 

Yes, fully aware, but the effort in moving away from Sophos just because they haven't got Big Sur support out the box is too much across the fleet of Macs that I support.  Everybody remains on Catalina until I say so, and if a BOYD user decides to try something, they're pretty much on their own until such times official support is available.

Your mileage might vary, but it's probably not reasonable to compare 'other antivirus products' with Intercept X, especially when it has EDR activated. EDR just needs to be able to dig even deeper into the OS than 'regular' AV. Apple has made this more difficult (which is good from a security point-of-view) but in this case I can imagine it makes it a tough job for Sophos. Or are you comparing with a similar featured AV solution? 

As a systems administrator for some 25+ years, spent across multiple industries (film/TV, ecommerce, ISPs and web hosting companies), it's a fine balance right between bleeding edge and stability.  There is no doubt that Apple Silicon is impressive, but there are still many unknown variables.  You've got a brand new OS and a brand new architecture, so that sort of stuff needs a lot of planning and care to ensure that people don't cause too much trouble.

And indeed, I do appreciate not all users are IT admins, but they could sure learn a lot from us ;)

thats true. and btw: i personally think sophos is still one of the best solutions you could find at this market. and therefore i wouldnt kick sophos out. i understand the point, that its not easy to deal with the changes, apple made with big sur and the trouble youll get as a developer... so lets hope that we will get a good working solution asap