Sophos Mac Endpoint: How to configure Apple Profile Manager to allow Sophos to work with macOS 10.15 Catalina

Disclaimer: This information is provided as-is and should be referenced at your own risk.


This article describes the steps to configure Apple Profile Manager to create an MDM profile that allows Sophos Endpoint to run on macOS 10.15 without local changes (if using Profile Manager MDM).

Applies to the following Sophos products and versions
Central Mac Endpoint 9.9.4,
Sophos Anti-Virus for Mac OS X 9.9.4

What to do

  1. On the MacOS system with Profile Manager installed and Sophos 9.9.4+ installed, perform the following steps
    • Open Finder to /Library/Sophos Anti-virus/ (using Go > Go to Folder…)
    • Open another Finder window to Applications (Go > Applications)
    • Copy the following files from Sophos Anti-virus to Applications
      • (OPM only)
      • Sophos Endpoint (Central Only)
      • Tools/Sophos Diagnostic
    • Note: This is due to Apple only indexing .app files from “Applications”, and not allowing browse to the files.

  2. Select an existing device profile, or create a new one
  3. Open Settings
  4. Select Security & Privacy on the left, then click the Privacy tab.

  5. Select Full Disk Access in the middle column.
  6. Click +
  7. Navigate to /Library/Sophos Anti-virus/
  8. Select all the .app files and add them.
  9. Save the profile and assign it to your systems.
  10. More details on how to work with Profile Manager can be found here:

Related information