"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
After installing the on-premise version of Sophos Anti-Virus for Mac (reporting to the Enterprise Console) the Mac endpoint appears in the console with 'Unknown' in the 'Up to date' column and the number of identity files shown in the 'IDEs' column is 1.
The full behavior observed is:
Note: This behavior did not occur with Sophos Anti-Virus for Mac (SAV for Mac) version 8.
First seen in Sophos Anti-Virus for Mac OS X 9.0.4
Fixed in Sophos Anti-Virus for Mac OS X 9.1.3
Operating systems Mac OS X
This is expected behavior for SAV for Mac 9.0.x and is due to the new installer code. The reason for only one IDE being reported is that the Sophos Agent only counts the 'vdl.dat’ file as the single IDE.
Once the endpoint is assigned to a group, gets its update policy from the console, and the performs an update the endpoint will report the full IDE set.
We are working to improve this behavior with the release of SAV for Mac 9.1.3.
To assign an Enterprise Console group to the Mac endpoint during installation, and workaround this issue, see article 119791.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.