Sophos Endpoint and Apple macOS 11 Big Sur

Our Endpoint Protection does not yet support macOS 11 (Big Sur). Please do not upgrade until we announce that we support it. We plan to have an Early Access Program (EAP) available soon so that you can test it on your own machines.
Apple will release macOS 11 on the 12th November, we plan to create an EAP in Central to test this release soon, but do not support it yet.

Central Device Encryption (CDE) for Mac version 1.5.3 does support macOS 11, this was rolled out recently but bear in mind that if you use both Endpoint and CDE you will still need to wait before upgrading to macOS 11.

On-premise customers will also get a version of endpoint protection that is supported on macOS 11 but will not have access to an EAP or Preview ahead of full support.

ARM-based CPUs are not currently supported. They require macOS 11 and additional testing and requirements. Sophos will support ARM-based CPUs, however, the details of that support will be provided at a later date.


Please check this KBA for up to date information: https://support.sophos.com/support/s/article/KB-000039501?language=en_US


Link to the Big Sur EAP on the Sophos Community



included info for Big Sur EAP
[edited by: FloSupport at 9:50 PM (GMT -8) on 2 Dec 2020]
  • Did you follow the Big Sur section as well, or just the kext section? As the system extensions are separate

  • Hey James, I double checked just now to verify, but I followed both the sections for Catalina, Big Sur, and all associated preferences/kexts - I hadn't done the proxy configuration though until just now. 

  • That looks to have done the trick! The only issue I am seeing now is that about 1/5th of the websites I visit will not load at first. Showing a proxy error. If I try to refresh the page it most of the time works. 

  • I was annoyed with these notifications as well. And if you are someone like me who has already updated and unable to go back, then this is what I did:

    To stop notifications, choose Apple menu > System Preferences, then click Notifications

    Scroll down to Sophos Endpoint UI Server and disable notifications.

    I stopped all of them and now they won't show up. 

    I understand this may not be recommended but still better than dismissing that annoying alert that keeps showing up all day every few seconds. Hope this helps!

  • If you are taking part in the Big Sur EAP you will have received an email stating that the EAP will close at the end of January. This was an automated email sent in error.

    The EAP remains open in order to ensure that robust testing and evaluation are in place in preparation for general availability. Please keep any Big Sur devices enrolled in the EAP so that your protection remains uninterrupted. We will share further updates as we approach release which is targeted for mid-late calendar Q1

  • If you are taking part in the Big Sur EAP you will have received an email stating that the EAP will close at the end of January. This was an automated email sent in error.

    The EAP remains open in order to ensure that robust testing and evaluation are in place in preparation for general availability. Please keep any Big Sur devices enrolled in the EAP so that your protection remains uninterrupted. We will share further updates as we approach release which is targeted for mid-late calendar Q1

  • I know software takes time to develop and for this type of software arguably greater testing needs to be done. However not only is it well known that Apple will release a new OS at roughly the same time each year, but Apple give advance access to betas to devs and ordinary users so that in theory developers like Sophos can be ready for the day it is officially released.

    Yes Apple might make changes at the last minute but in theory you should still be more ready even if this happens and therefore have less additional work to do and incur less delay.

    It is now nearly the end of January 2021 and little progress is visible since November 2020. Other anti-virus vendors have released official Big Sur compatible versions last year leaving Sophos looking very tardy in comparison.

    Sophos should be well aware that brand new Macs will be shipping only with Big Sur installed and whilst in theory all but M1 equipped models can still be downgraded to Catalina the fact these may (are) be being direct shipped to end users for deployment via DEP means end users are not going to be able to downgrade them.

    Enterprise customers therefore - like myself will have to start considering whether to stay with Sophos or abandon them for a provider who can be better relied on. Indeed not only is this already to us an issue for new starters, not only am I getting pressure from end-users over why cannot they be allowed to upgrade to Big Sur but I am also getting pressure from our Head of Security over the risks that Sophos' failure to deliver a solution is causing in that some machines are being left unprotected.

    I am now having no choice but to enrol production Macs in to the EAP otherwise they would be completely unprotected.

    Can we at least have an update from Sophos indicating an estimate for when a complete version for Intel and M1 Macs is likely. (I do appreciate and recognise that the known issues etc. articles have been updated recently.)

    Note: macOS updates happen annually, it is now three months and counting since Big Sur was released. If hypothetically it takes Sophos six months to issue a compatible version this could mean that for half of every year Sophos is unable to protect Macs. Clearly this is unacceptable and will result in customers leaving.

  • Hello John,

    We are of course aware that new Macs ship with Big Sur and also that our support is later than you (and indeed we) would have liked, we have just agreed to support M1 devices under Rosetta 2 until we get native support released (during CQ2) and will have GA support for Big Sur at the beginning of March.

    This is the first time we have missed being ready for GA for over 10 years but we realize how accustomed Apple users are to upgrading on day 1 for any macOS update and we also strive for that support.

    Apart from the visual and security improvements macOS 11 has radically changed the way 3rd party vendors such as Sophos interact with macOS. Specifically changing kernel-level access to API (system extensions) access meaning we have had to re-write much of our interfacing code to work with the new APIs.

    We have diligently worked with Apple since the first build of Big Sur, logging issues and preparing our products to support Big Sur. Our products need to work on macOS 10.x (where kernel access is allowed), macOS 11.x (where kernel access is no longer allowed) and at the quality that our customers expect and since we have multiple features that use kernel extensions to function that means that we have had a lot to develop and test.

    Changes to an OS of this nature are, fortunately, few and far between and so we ask for a little more patience whilst do our final work and complete testing before we release a GA supported version of our endpoint product.

    Regards,

    Darren.