This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

As of August 8th 2023, SSL/TLS Decryption is enabled in the EAP program for macOS devices.

Sophos,


Considering the impact that this new feature contains, it could have been better handled to send notification of this new feature at least a day before it happens, as opposed to sending the notification on the same day this new feature is enabled!

MacOS Endpoint EAP - August 2023 Update 

(https://community.sophos.com/intercept-x-endpoint/macos-endpoint-eap/b/announcements/posts/macos-endpoint-eap--august-2023-update)

From a macOS deployment perspective, the following challenges exist:

  1. A reboot is needed (minor challenge)
  2. End user must allow a Sophos Trusted Certificate (bigger challenge).
  3. End user must navigate within Sophos Endpoint application, click a button, and enter their password to authorize the certificate (bigger challenge).
  4. The Sophos KB is vague whether “enter password” is for end-user’s password or needing administrative credentials, though since the password is needed to “authorize the certificate”, it is reasonable to assume the latter (so, even bigger challenge).
  5. Steps 2-4 are all manual; Sophos does not provide any method whether these steps can be done using MDM or other automatic means (biggest challenge)


This thread was automatically locked due to age.
Parents
  • Has anyone go this working on Mac? My undertaking is that this will now 'warn' on SSL sites that are set to from web control. Can see in the logs its doing the same as previous as logs 'user has allowed warning'. SSL inspection is something we have been waiting for for a long time on Mac.

  • I like the idea of this capabilitiy.

    I do not like not being able to deploy it via MDM, so that the configuration is dependent upon the end-user to configure it correctly.
    It would also help to have information on reporting on these settings (queries or extended attributes).
    Granted, I know this is EAP and early yet, but, currently, what is required to deploy this software is greater than the benefits, especially when you have 5000+ devices in an enterprise, spread out all over everywhere.

  • Yep, the MDM deployment is key here. Im testing in a very small lab. have confirmed with Sophos tech that there is a problem with the SSL/TLS EAP. Seems that the inspection is not working as expected. no sites are being flagged 'warned; and the tool just bypasses straight to the site. hopefully can get a resolution soon.thanks for your help. 

Reply
  • Yep, the MDM deployment is key here. Im testing in a very small lab. have confirmed with Sophos tech that there is a problem with the SSL/TLS EAP. Seems that the inspection is not working as expected. no sites are being flagged 'warned; and the tool just bypasses straight to the site. hopefully can get a resolution soon.thanks for your help. 

Children