How to quit on Mac OS


I have the problem that one of our consultants is using a Mac Book with MacOS Catalina 10.15.3 and for troubleshooting purposes must / wants to quit Intercept X Advanced.
If he now clicks on "Quit", the Sophos Agent will restart itself. Even if tamper protection is disabled.

He is using:

  • Sophos Central Intercept X Advanced
  • Product version : 9.9.6
  • Engine version : 3.77.1
  • Virus data version : 5.73
  • User interface version : 2.07.377
  • Platform : Darwin/AMD64
  • Released : 03 March 2020

We're currently running the SDU, if you need specific log files please let me know.

  • Hi  

    Were you looking into ways to completely disable Sophos? You can uncheck all of the features within the Endpoint UI.

    Or to just remove Intercept X you can unassign this software from the Endpoint if you have Sophos Central.

    Otherwise Sophos Endpoint can be uninstalled from the Mac while doing the said troubleshooting process.

  • Hi  

    Could you please provide the screenshot where the customer is able to see the message to "Quit" Intercept X. As suggested by  you can unassign the software for that particular machine so that it will be uninstalled. 

  • In reply to Shweta:


    thank you for trying to help out.

    First, you have to know that we are an IT Service-Provider, so there are situations where no software should interfere in our business processes and tasks when being on our customers' site.
    Second, it's only possible to stop the specific components by disabling the policy inside Intercept X for max. 4 hours. The software itself cannot be "stopped". It would be a bit of a hassle to uninstall and reinstall the software every time you want to check if a problem can be fixed by doing so.

    Could you please provide the screenshot where the customer is able to see the message to "Quit" Intercept X. As suggested by  you can unassign the software for that particular machine so that it will be uninstalled. 

    As I wrote in my first post, our problem is an internal one. An employee of mine (IT Consultant) simply wants to have the ability to terminate the Endpoint Protection. Nevertheless here is the requested screenshot:

    When he hit "Sophos Endpoint beenden" (means "Quit Sophos Endpoint"), the software quits and restarts immediatly. This is usually okay, since users should not be able to simply terminate Endpoint Protection. But even if tamper protection is deactivated, we are not able to shut down the software completely. This is a bit critical in an IT company like ours. Tongue Tied

  • In reply to intrusus:


    I can understand that this type of scenario might be business-critical for your organization. At the moment, it is only possible to turn off the protection features by unchecking all the features in the endpoint menu after entering the tamper protection password and it is not possible to "pause" or "disable" the all the processes/services of the endpoint for a specific time. You can try creating a new policy for such devices on Sophos Central and then when needed, turn off all the protection features for this policy. 

    This means that the endpoint is still tamper protected and you don't have to worry about it timing out after 4 hours. When all the protection features are turned off from Sophos Central/locally by unchecking the boxes, the endpoint should not interfere with the other applications/processes. Have you tried creating exclusions for these applications/processes? 

  • In reply to Yashraj:


    thank you very much for your kind reply.

    Currently, everything works without us having to stop all the services, so thanks for your information. We'll try to use the "unchecking features" option if anything will occur. However, in the future, even with Sophos products, it is possible that technical problems may occur with both MacOS and Windows. If you could forward the case to the Intercept X Dev-Team I would be pleased, maybe they'll add the "Quit Sophos" (all Sophos Services) option to one of your next major releases. Wink

    Thanks and best regards

  • In reply to intrusus:


    Sure, You can provide your suggestions through feature request on this website. This portal is for the feature requests which customer wants to have in the product.

  • In reply to intrusus:


    I am happy to know that I was able to help you. I can see how some people might consider turning off services and processes for a specific time useful, but at the moment, you can only disable Sophos protection features and not services. So, as  suggested, please raise a feature request here:

  • In reply to Yashraj:


    you can find it here:

    I hope the dev team will see it.
    Thanks again for your help!