Thread Info
  • Replies 152 replies
  • Subscribers 42 subscribers
  • Views 73741 views
  • Users 0 members are here
Options
Suggested

Sophos Endpoint and Apple macOS 11 Big Sur

DarrenTeagles

Our Endpoint Protection does not yet support macOS 11 (Big Sur). Please do not upgrade until we announce that we support it. We plan to have an Early Access Program (EAP) available soon so that you can test it on your own machines.
Apple will release macOS 11 on the 12th November, we plan to create an EAP in Central to test this release soon, but do not support it yet.

Central Device Encryption (CDE) for Mac version 1.5.3 does support macOS 11, this was rolled out recently but bear in mind that if you use both Endpoint and CDE you will still need to wait before upgrading to macOS 11.

On-premise customers will also get a version of endpoint protection that is supported on macOS 11 but will not have access to an EAP or Preview ahead of full support.

ARM-based CPUs are not currently supported. They require macOS 11 and additional testing and requirements. Sophos will support ARM-based CPUs, however, the details of that support will be provided at a later date.


Please check this KBA for up to date information: https://support.sophos.com/support/s/article/KB-000039501?language=en_US

Link to the Big Sur EAP on the Sophos Community



included info for Big Sur EAP
[edited by: FloSupport at 9:50 PM (GMT -8) on 2 Dec 2020]
Parents Reply Children
  • in reply to Harlock

    The current EAP is not for M1 (ARM) powered devices, as noted in the KB. 

    That said, it is possible to get it running on an M1, but you must enable Rosetta-2 from Apple, which is not enabled by default. Please note that this is not tested nor designed for the M1. A later release will bring proper support for the platform.

  • in reply to JamesM-Sophos

    I've read the KB and off course I'm not testing on production machines, so there is no real urgency for me.

    However I'm stating I could NOT get the current EAP of Endpoint working on a brand new M1 Macbook Air. That is with Rosetta 2 activated (it will trigger its install the minute it is faced with Intel code). So my question is, do you guys have an M1 Mac available to you and have you tested this to work? In other words, is the statement the EAP version should work on M1 devices based on experience or theory? 

    I'm not trying to be pedantic or a pain. Nor am I expecting real support at this stage. Just want to see if this can be made to work.

  • in reply to Harlock

    Harlock, we have tried it ourselves on an M1 device and got it to work OK

  • in reply to DarrenTeagles

    Thanks Darren, do you know if FileVault and the Mac's firewall were active? And was the Mac user login with Active Directory instead of a local account? This is how we set up our Macs and it might matter. Not sure if the chosen setup language matters (we use Dutch).

  • in reply to Harlock

    I don't I'm afraid, I suspect that it would have been a local login, I will ask about FileVault and Firewall later.

  • in reply to DarrenTeagles

    With the current EAP on Big Sur I have a similar problem with an Intel Mac, Eicar files are not detected in real time, only with manual scans. Similarly I've seen real time scanning reported as off on the M1 Mac while on the Intel Mac it is reported as on (but fails Eicar tests). That Intel Mac is setup in the same manner (FileVault, firewall and AD login). 

    Just thinking out aloud here. But it could be important enough for the development team to look at. however I'm sure you guys have your bases covered when it comes to testing this, at least before it goes GA.

Unfiltered HTML