We are using Sophos Central with client version 10.3.4 on M1 Chip MacBooks with MacOS 12.4. GoGo WiFi will no longer bring up the Captive Portal page. When booting into Safe Mode it works fine. When looking at the streaming log in terminal there are many failed connections for Sophos trying to connect to Sophos Central. My theory is that this traffic is causing the Captive Portal page not to open. Has anyone found any resolution to this. All normal things have been tried, like going directly to the Captive Portal Page, Going to 22.214.171.124, Removing the SSID from the known network list, etc.
Can someone at Sophos give us the instruction of how to use make a new Threat Protection Policy to disable the features which cause this issue. Our employees and executives are requesting to uninstall Sophos completely because this problem is blocking them to work on business trips. It has been there more than 3 months. And the new update needs the Sophos Administrator password which unique for each machine and the setting only works for couple hours. It is not acceptable for our end users.
The password required will be the local admin password on the macOS device, not the Tamper Protection passcode.
I have followed up with you via PM to share some steps you can try.
Think about that statement from a security perspective—- giving end users local admin permissions to their workstations—just so they could temporarily connect to the WiFi network. There needs to be a permanent fix or we are moving away from Sophos.
There are other EDR endpoint products on the market that inject into the network filter drivers for Mac for net inspection, that do not cause this issue. Please have your dev team look into this issue ASAP. It is not an Apple Monterey issue- you can verify that statement by trying to connect to captive portal on a clean machine with Sophos- works every time. We need this escalated!
Apple has released a fix for this as of macOS Ventura Beta 6. The same remains true as of Beta 10. We expect this to carry over into the GA release of macOS Ventura.
The Captive Portal mode was provided as a temporary workaround where necessary.
This also isn't a solution since ventura isn't fully supported by sophos at this time. Sophos has placed a disclaimer that it is not recommended to upgrade to Ventura since certain services will not work.