New macOS Endpoint Protection Features

As of August 8th 2023, SSL/TLS Decryption is enabled in the EAP program for macOS devices.

New in 10.4.15

• Modern Web SSL/TLS Decryption 

Enable Decrypt Scanning

To fully enable HTTPS decryption on macOS devices, the Sophos Modern Web Intelligence process should be running on the endpoint. The following steps are required: 

1. Reboot your device
2. Upon reboot, you must allow the Sophos Trusted Certificate. You will see a notification "Action Required: Sophos Certificate is Not Trusted"  
   
   
   
3. Click "Options > Details" and enter administrative credentials to authorize the certificate
4. If you do not see the notification, open the Sophos UI and select "Fix Certificate Trust"
   
   
   
5. Verify the Certificate Status under the Prerequisites tab and ensure Sophos Modern Web Intelligence is running under the Services tab, in the Sophos Endpoint Self Help tool.
   
   
   
   
   
   
6. For decryption to be fully enabled, you will need to ensure the Threat Protection policy applied to your device has "SSL/TLS decryption of HTTPS websites" enabled.
   
   

Known Issues

• ZTNA: Sites behind the ZTNA gateway will be inaccessible on EAP-enabled devices. Our development team is actively investigating.
• This inspection technique may, under some circumstances, interfere with successful browsing activity, including for internal websites. 
  • The suggested workaround is to create an exclusion under Global Settings > SSL/TLS decryption of HTTPS websites.
    
    
    
    
  • Creating an exclusion from the "Global Settings > Global Exclusions" page or from your Threat Protection Policy for the type "Website" will also have the same effect.
    

Support for issues encountered while participating in the EAP is provided strictly on the Sophos Community Forum. Our development team will check in regularly to monitor this release. Please post your feedback and issues on the following page for assistance: MacOS Endpoint EAP - Feedback & Issues