SEC 5.2.1 and Sophos for MAC OS X Preview (9.0.3)

Hi Carob,

Thanks for the frank dialog, I really do appreciate the feedback. My goal is to find the feature set from SUM for Mac that is needed to cover the use cases for standalone users (by "standalone" I mean not managed by SEC nor managed by Sophos Cloud - sometimes "managed" means different things for different organizations).

The pre-configuration process writes data into a file inside the installer in the Custom folder. The username and passwords you provide on the command line are encrypted in that file such that we minimize the chance of accidental disclosure.

On-access scanning should definitely be on by default. Our product is most effective when that is true. Let me know if you don't get to the bottom of that one.

Re: your other configuration issues, its likely that the "managed" settings are still resident on the endpoint. In the past, since day one of the product, the philosophy had been "don't delete preferences they might be useful if you reinstall" but that has turned out to be more confusing than helpful. In future versions the Remove app will turf the preferences files too. You can do it manually by deleting all files starting with "com.sophos." in the /Library/Preferences directory before you install again.

Re: the "When a threat is found" option, which option do you think is best for your organization? By default we just do "deny access" but I could see where "cleanup" could be more appropriate. In fact the default configuration for endpoints managed by Sophos Cloud will do that for you.

Re: my comments about SUM for Mac lacking features, yes I see your point because "lacking" is a relative term. We've continued to evolve the endpoint well beyond the configuration options offered by SUM for Mac, and we aren't prepared to maintain a Mac-specific solution. Both SEC and Sophos Cloud offer cross-product management (full policy functionality, event monitoring, reporting, etc) in ways that SUM for Mac could never sustain.

Hi Carob,

Thanks for the frank dialog, I really do appreciate the feedback. My goal is to find the feature set from SUM for Mac that is needed to cover the use cases for standalone users (by "standalone" I mean not managed by SEC nor managed by Sophos Cloud - sometimes "managed" means different things for different organizations).

The pre-configuration process writes data into a file inside the installer in the Custom folder. The username and passwords you provide on the command line are encrypted in that file such that we minimize the chance of accidental disclosure.

On-access scanning should definitely be on by default. Our product is most effective when that is true. Let me know if you don't get to the bottom of that one.

Re: your other configuration issues, its likely that the "managed" settings are still resident on the endpoint. In the past, since day one of the product, the philosophy had been "don't delete preferences they might be useful if you reinstall" but that has turned out to be more confusing than helpful. In future versions the Remove app will turf the preferences files too. You can do it manually by deleting all files starting with "com.sophos." in the /Library/Preferences directory before you install again.

Re: the "When a threat is found" option, which option do you think is best for your organization? By default we just do "deny access" but I could see where "cleanup" could be more appropriate. In fact the default configuration for endpoints managed by Sophos Cloud will do that for you.

Re: my comments about SUM for Mac lacking features, yes I see your point because "lacking" is a relative term. We've continued to evolve the endpoint well beyond the configuration options offered by SUM for Mac, and we aren't prepared to maintain a Mac-specific solution. Both SEC and Sophos Cloud offer cross-product management (full policy functionality, event monitoring, reporting, etc) in ways that SUM for Mac could never sustain.