+4Has anyone managed to get this working?
I used PPPC Utility to make the Profile as per the KBs below on Sophos website:
https://community.sophos.com/kb/en-us/134552
https://community.sophos.com/kb/en-us/134686
The policy successfully deploys to scoped machines but I still get the alert to grant Full Disk Access
Sophos is not automatically granted Full Disk Access in Security & Privacy
What am I doing wrong?
Best answer by chrisbju
Are you running SEC On-Prem? We had issues with this in version 9.9.5 and they admitted there was something wrong with the check for prompting full disk access, and pushed us to 9.9.6.
After 9.9.6 we dont see any Pop-ups. Talk to your Sophos Rep to get 9.9.6.
Here are our settings.
com.sophos.SophosScanAgent
identifier "com.sophos.SophosScanAgent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"
SystemPolicyAllFiles - Allow
com.sophos.macendpoint.CleanD
identifier "com.sophos.macendpoint.CleanD" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"
SystemPolicyAllFiles - Allow
com.sophos.macendpoint.SophosServiceManager
identifier "com.sophos.macendpoint.SophosServiceManager" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"
SystemPolicyAllFiles - Allow
com.sophos.SDU4OSX
identifier "com.sophos.SDU4OSX" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"
SystemPolicyAllFiles - Allow
com.sophos.autoupdate
identifier "com.sophos.autoupdate" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"
SystemPolicyAllFiles - Allow
+8Are you running SEC On-Prem? We had issues with this in version 9.9.5 and they admitted there was something wrong with the check for prompting full disk access, and pushed us to 9.9.6.
After 9.9.6 we dont see any Pop-ups. Talk to your Sophos Rep to get 9.9.6.
Here are our settings.
com.sophos.SophosScanAgent
identifier "com.sophos.SophosScanAgent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"
SystemPolicyAllFiles - Allow
com.sophos.macendpoint.CleanD
identifier "com.sophos.macendpoint.CleanD" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"
SystemPolicyAllFiles - Allow
com.sophos.macendpoint.SophosServiceManager
identifier "com.sophos.macendpoint.SophosServiceManager" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"
SystemPolicyAllFiles - Allow
com.sophos.SDU4OSX
identifier "com.sophos.SDU4OSX" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"
SystemPolicyAllFiles - Allow
com.sophos.autoupdate
identifier "com.sophos.autoupdate" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"
SystemPolicyAllFiles - Allow
+5This is a known issue apparently, we're seeing it too. See this: https://community.sophos.com/kb/en-us/134833
Just installed 9.97. Still seeing this prompt even after following their instructions for PPPC profile. Neither of the KB articles above are valid any longer.
+1
I think I have tried every trick from Jamf Nation/Sophos, I still get that I need to "allow" in from Security & Privacy. Is there a way to allow this without user intervention?
Thanks!
+8@Veronica.Lozano - That looks like kext approval required - Which fortunately does seem to work at the moment, not that it helps if you get more prompts from PPPC
+5@Veronica.Lozano this is not a PPPC setting, it's the KEXT issue. See here: https://www.jamf.com/jamf-nation/discussions/30534/approved-kernel-extensions-still-asking-to-be-allowed
+1The solution posted by chrisbju works for me too:
From PPPc settings "Allow" SystemPolicyAllFiles for this:
SophosCleanD.app
SophosServiceManager.app
SophosDiagnosticUtility.app
SophosScanAgent.app
SophosEndpointUIServer.app
Take note: check "path" from ID setting. and not "bundle"
+7Hi @MichelTarantola thanks for this info. Would you mind sharing what path(s) are you using in the code requirement and what are you using as the identifier for each app (SophosCleanD.app
SophosServiceManager.app
SophosDiagnosticUtility.app
SophosScanAgent.app
SophosEndpointUIServer.app)
?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
