Apple released the macOS Big Sur update 11.3 on April 28, 2021. If Sophos is installed on an M1 (ARM) based system prior to the update, the first time the system boots after the update, protection will be compromised. Restarting the system again resolves this issue.This affected both On Premise and Central based Sophos endpoint protection, and Sophos Central Device Encryption.This also applies to the 10.1.0 M1 (ARM) Optimized EAP.The issue can be observed when the following conditions are met:
The issue does not occur if any of the below mentioned conditions applies:
BackgroundThe first boot after upgrade to macOS 11.3, Rosetta2, the emulation of applications made for Intel chips, does not start immediately. When Sophos attempts to start, it has not launched yet. The OS rejects all non-native applications at this time, and prevents future attempts to start them until restarted. All boots after the initial one, Rosetta2 launches early in the boot process, and no longer triggers this issue.