We'd love to hear about it! Click here to go to the product suggestion community
This article describes the steps to configure JAMF to allow configure permissions for Sophos Mac Endpoint on macOS 10.15 Catalina
Applies to the following Sophos products and versionsCentral Mac Endpoint 9.9.4,Sophos Anti-Virus for Mac OS X 9.9.4
In Sophos for Mac 9.9.5, a notice is displayed if required permissions are not fully enabled. On October 31st, an issue was found where the notice is triggered if the permissions have been added via an MDM profile, as Apple records these in a different location. Sophos is actively working on updating the detection to correct this.
Note: Sophos does not guarantee the security of third party applications and they should be used at your own risk.
There is a utility called PPPC Utility on Github which allows you to build a configuration profile for Privacy Preferences. It can be located here: https://github.com/jamf/PPPC-Utility. To use this, follow the guidance on the link, and drag and drop the Sophos items into it.
This profile can then be loaded into JAMF.
Special thanks to MichaelCurtis
How to Configure JAMF Privacy Preferences for 10.15 Compatibility
Sophos Approve Endpoint KEXT
How to make a Sophos Central macOS installation package in Jamf Pro
How to make an installation script for Sophos Central macOS endpoint deployment in Jamf Pro
How to deploy Sophos Central macOS endpoint via Jamf Remote
Is there no progress yet on the issue "where the notice is triggered if the permissions have been added via an MDM profile"? This article hasn't been updated since November, but it's still referenced in KB 134552, updated 24 Mar 2020.
In reply to 1TruBob:
As of now, we need to provide permission as stated above. We will be updating our forums as soon as there is any update on this issue.
In reply to Shweta:
There have been no resolutions to this post and we are needing to deploy Catalina soon. What is the status of the Full Disk Access Window issue? This is honestly unacceptable, seeing as this issue has been known about for 6 months now.
In reply to Jason August:
This is a new requirement from Apple. Sophos requires this access in order to scan the system. Apple has made it so it must be requested by the user or set in the MDM.