Mac running with non-standard permissions....your Mac may be insecure

Hello,

Just got a pop up from Sophos Endpoint saying:" Please contact your system administrator.  (I don't have one). Your Mac is running with non-standard permissions on key directories and your Mac may be insecure.  Reference knowledge base article # 131959.

Can anyone please explain this to me?  What should I do?

 

Many thanks.

  • Yes, I just got this too, last night. Updated Sophos and did a system scan (2 issues), but this morning when I came on again, got the same message. Had a look at a previous discussion on 131959 it but it looked like it was for coders, not me (yet). Look forward to solving this. Thanks, Susan

  • I have the same question, I just got a pop-up today.

    Running on OSX 10.10.5 iMac, mid-2011.

    Hope somebody has the answer!

  • I have the same question.

    I don't understand if I have security issue because I use sophos. 

    Or if Mac user like me using OSX El Capitan 10.11.6 have all this security issue as the page

    https://support.apple.com/en-ca/HT204899

    says that El Capitan (and upwards) is safe.

    Kind regards

  • Yeah, I think this is something new, had the same problem begin a couple of days ago, now it appears every time I start up.

    I ran a disk repair and did all the scrubby things I could think of, but nope. I tried to manually repair permissions, but apparently that's not a thing you can do any more on El Capitan+ macs? (I have Sierra).

    I'm going to assume this is something new Apple has done that broke something rather than some problem with a Sophos update, but who knows. Hope there's a solution soon. <:/

  • Hi, I am not-so-computer savvy, but I am very willing to correct issues on my own when given clear instructions. I'm wondering if anyone has come up with anything to fix this? 'tis the season for online payments, but I am afraid to buy anything online because I don't know if this is a serious threat, or just some kind of "quirk," meaning the message will keep popping up, but I have nothing to actually worry about. 

    PLEASE ADVISE!! THANK YOU. 

  • Yeah I've had this issue also and it pops up every 2 mins. Very annoying. I am the admin for the computer but not coding friendly. Need a fix for this!

     
     
  • In reply to Tracey P:

    Tracey P

    Hi, I am not-so-computer savvy, but I am very willing to correct issues on my own when given clear instructions. I'm wondering if anyone has come up with anything to fix this? 'tis the season for online payments, but I am afraid to buy anything online because I don't know if this is a serious threat, or just some kind of "quirk," meaning the message will keep popping up, but I have nothing to actually worry about. 

    PLEASE ADVISE!! THANK YOU. 

     

    Hi,

    I too have this same message on my Mac (El Capitan) & see that several others have reported the same problem.

    Do Sophos monitor these discussions?  It would appear not or they might have responded & tried to explain what the message means & put our minds at ease.

    In my experience, all contact with help desks & computer geeks is very confusing, because they seem to not understand that, those seeking assistance may not have the same depth of computer knowledge that they have & use terminology which is not helpful to a computer illiterate such as me.

    I want to check my on-line bank account but don't know from the Sophos message whether it is safe to log on.

    If anyone can help, I would be very grateful.

  • In reply to Rodolfo Rosales:

    Thanks very much, Rudolph,

    I'll give it a whirl.

    Regards,

    Peter

  • In reply to Rodolfo Rosales:

    Thanks very much Rodolfo! I did this and it seems to have worked just fine. Good on you for getting to all these multiple threads, sorry about the mess ^__^

    -Q

  • In reply to Rodolfo Rosales:

    Thanks Rodolfo,

    I tried this but don't have wheel, only me (read-write permissions) and everyone - no access.

    I did have a look at the small list of possible other 'names' and saw Sophos there, and I thought of adding it, with a read-only permission, but in the end I didn't and left it as it was. Thoughts?

    thanks very much, Susan

  • In reply to Susan Frykberg:

    Hi, I need to point out that I am no expert at all. I discovered this by sheer luck, when trying to track an error that I thought was caused by CCC (Carbon Copy Cloner), and the tech help at CCC (best customer service I've ever seen, no kidding) gave me the key idea that solved this problem. This said, here are two grains of salt:

    "Idea #1" Note that the Mac allows you to check a box that says "ignore ownership on this volume". You cannot do this from the boot volume, but you can do it to the other volumes. Now, if you ever started from another volume, and this got checked in your regular start up volume, what happens is that the way ownership gets displayed changes. In particular,  you get no "wheel", but see "staff". If you have never used multi-boot [i.e.: more that one operating system with several partitions in your HD], then this would not apply to you.

    "Idea #2". This, I think, is the more likely cause of your trouble. The "Get Info" window allows you to add or subtract ownership [the + and - buttons below the permissions area]. Maybe "wheel" got subtracted, somehow --- either by you or by some software installer with a bug [not through the Get Info window, of course; there are other ways to change permissions].  Try to put it back, using the + button, and then give it the correct permissions.

    Good luck. This message is very annoying. Worse, there is actually a vulnerability involved, so you should try to correct it. Worse case scenario, call support at Sophos and bring a carload of patience with you.

  • In reply to Rodolfo Rosales:

    I have tried this. No issues with my permissions. Any other fixes?

  • In reply to andrea sutrick:

    Hi everyone, 

    This article explains the vulnerability discovered in July 2017 on how to perform a privilege escalation attack on MacOS by using 3rd party installers such as Sophos'. Steps are provided in this article to correct the permissions and fix this issue.