Sophos Anti Virus 9.2.8 app and package

I had massive issues with the .app giving access denied errors when trying to install.

I grabbed the generic installer from the Sophos site and used Composer to snapshot along with server settings.

Sophos support were zero help in trying to troubleshoot too.

@alplatt183 u r right! Sophos support are zero help. and the instruction they gave are way out of date. I tried download the generated one from SEC, but there is no mpkg file, they changed it to app installer.

i used composer taking a few snapshots, all failed. and DON'T upgrade to preview 9.4.1 ! They suggest me to do a test on it, i upgraded from 9.2.8 to 9.4.1 (running on El Capitan), ALL OF A SUDDEN Sophos anti virus got removed automatically at background.

On the next day i called their support asking what's going on, they told me your case just verified by our engineer, and we are working on solution now. What a trick !!!!

I 'm desperate to a way to create a pkg of Sophos Anti Virus then deploy it to all via JSS.

@Dalmatian have you looked at this?

https://derflounder.wordpress.com/2015/02/26/deploying-sophos-enterprise-anti-virus-for-mac-9-2-x/

this is what i believe i did to create the pkg

I have an updated post on building a Sophos 9.2.x installer available from here:

https://derflounder.wordpress.com/2015/06/17/revisiting-sophos-enterprise-anti-virus-for-mac-9-2-x-deployment/

My prior method involved copying the Sophos keychain and I was informed that this method would stop working in a future release of Sophos.

We had good luck with installing the slightly older Sophos 9.1.8 (when a working .pkg was still available) and letting our server upgrade the clients to 9.2.8 live over HTTP.

Our admin has avoided the 9.4.1 "beta" for now….this is mostly on 10.10, as well, not very much 10.11 happening yet.

+1 on @rtrouton's method....
My method for 9.2.x was based on his method, and it seems to work for the 9.4.x series

I know this isn't helpful here but... cloud installs are SO EASY now! Just FYI

@rtrouton thanks for your method. it looks work well. My SAV connected to our SEC server and updated to the latest 9.2.8. but it seems the policies didn't retrieve from SEC, i couldn't see policy like scan and tamper protection running on my Mac.

Do you have any idea?

Hi @rtrouton

i tested for over a week about your method as i have SAV 9.2.4 and 9.2.8 in my company. i found that the InstallationDeployer located in a more obvious folder under /Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.app/Contents/MacOS/tools/InstallationDeployer, this path is available for 9.2.4 as well.

(9.2.4 can't find this path /Library/Application Support/Sophos/opm)

so the one i provided should be good for both 9.2.4 and 9.2.8

to add it in your preinstall script, SAV Enterprise 9.2.x, using the below one should be good

if [[ -f "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Enterprise present on Mac. Uninstalling before installing new copy." "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.app/Contents/MacOS/tools/InstallationDeployer" --force_remove
fi

@Chris_Hafner I'm currently trying to figure out how to deploy this to our org and we use cloud.sophos.com, were you implying there is an alternate, more preferable method in this case?

Thank you!

Hi,

We've been using a payload-free package in JAMF Composer with a postinstall script that removes old versions and mounts the Enterprise Console share, and installs the latest App from the mounted share. See my co-worker's post here: https://www.jamf.com/jamf-nation/discussions/13871/sophos-v9-2-install

It's the one by jamestoher 28/04/2015

Seems to work :)

Regards,

David

@ej.schmitz Indeed Well, at least it's another way to skin this cat. I've not tested this in the past few months as we've moved on to Cylance (Which is very simple to install BTW).

There are many good ways to go about this!

Just in case no one sees the link above.
https://www.jamf.com/jamf-nation/discussions/12348/script-to-launch-sophos-cloud-installer

Thanks @Chris_Hafner! That link worked great for new Sophos installs. Appreciate it!

@ej.schmitz I was able to get this to work, you dont need to worry about using sudo if your jssadmin has the proper rights.

@ej.schmitz I was able to get this to work, you dont need to worry about using sudo if your jssadmin has the proper rights.