I drop the whole sophos install folder that you download from your central portal packaged as a dmg to the /Library/ApplicationSupport/JAMF/

then do chmod command and install (see kb article below for more details)
sudo chmod a+x /Library/ApplicationSupport/JAMF/SophosInstall/Sophos Installer.app/Contents/MacOS/Sophos Installer
sudo chmod a+x /Library/ApplicationSupport/JAMF/SophosInstall/Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
/Library/ApplicationSupport/JAMF/SophosInstall/Sophos Installer.app/Contents/MacOS/Sophos Installer --install

here is the KB article on it - https://community.sophos.com/kb/en-us/120570

So I've been pulling my hair out dealing with this problem for the last few days. It seems they changed the Sophos Installer.app between Aug 2017 and October 2017. With Sophos Endpoint 9.6.6, I had to use the following script:

#!/bin/sh
chmod a+x /Library/ApplicationSupport/JAMF/SophosInstall/Sophos Installer.app/Contents/MacOS/tools/InstallationDeployer
/Library/ApplicationSupport/JAMF/SophosInstall/Sophos Installer.app/Contents/MacOS/tools/InstallationDeployer --install

The current documentation seems to be here: https://community.sophos.com/kb/en-us/14179

I ran the below script which successfully installed on my mac clients without any user interaction;

Add the installer URL (I obtained this by Logging into Sophos Central (Cloud), and "send installers to users" to myself, then copied the URL from that email.

!/bin/bash

cd /tmp/
rm -R Sophos
curl -O >PASTE URL<
unzip SophosInstall.zip &> /dev/null
chmod -R +x /tmp/Sophos Installer.app/
/tmp/Sophos Installer.app/Contents/MacOS/Sophos Installer --install
rm -R Sophos
exit 0

This is what we use. I built in a check for our proxy.

#!/bin/bash
## postinstall

# Created By Mann Consulting - 2015
# Last Update: 
# 6/22/2015 - Will Green - Modify installation codeblock to pipe outout to logfile and send relivant run to JSS
# 4/27/2015 - Isaac Ordonez - Remove Sophos Anti-Virus.localized is detected 
# 3/30/2015 - Isaac Ordonez - Added headers and notes.
# 3/15/2015 - Lee Rahn - Identified installing after zip command caused machine to kernel 
# panic.  Used ditto to unzip the archive to resolve.

# ToDo

# Summary
# This script will automatically download and install Sophos Cloud without the need for a 
# Distribution Point of any kind.  The script will detect previous versions of Sophos 8 or
# Sophos 9 and uninstall if necessary. 

# Usage
# Upload the raw script to your JSS and set Parameter 4 label to "Sophos Download URL"
# When creating a policy to run the script copy the download URL for your
# Sophos Cloud installer.  You can find this by logging into https://cloud.sophos.com/
# choosing downloads in the upper right hand corner and copying the URL for the
# Mac OS X Installer link.  It should look something like 
# https://dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/api/download/98708d7508734987a9879a87263948d76298/SophosInstall.zip

#Exit Codes:
# 0 = Sucessful
# 1 = Installer Failed too many times, or a generic failure not defined by the script
# 2 = Variable 4 Not Set

### Variables & Arguments ###
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3


if [[ $4 == "" ]]; then
        echo "FATAL: Variable 4 not set! You must provide the Sophos Download URL for variable 4."
        exit 2
fi


if [[ $7 == "" ]]; then
        echo "WARN: Variable 7 (Max Install Attempts) not set! Using default of 3."
        MaxSAVInstallAttempts=3
    else   
        MaxSAVInstallAttempts="$7"
fi
if [[ $8 == "" ]]; then
        echo "WARN: Variable 8 (Sophos Installer Log Path) not set! Using default of /tmp/SophosAVInstallerLog.log"
        SAVInstallLog="/tmp/SophosAVInstallerLog.log"
    else   
        SAVInstallLog="$8"
fi

### Main Script ###

# Remove Sophos 8 if uninstaller is available

#if [ -d "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" ]; then
#   echo "Removing old Sophos 8 installation..."
#    sudo defaults write /Library/Preferences/com.sophos.sav TamperProtectionEnabled -bool false
#   installer -pkg "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target /
#fi

# Remove Sophos 9 if uninstaller is available in opm-sa

#if [ -e "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" ]; then
#    echo "Removing old Sophos 9 installation..."
#   sudo defaults write /Library/Preferences/com.sophos.sav TamperProtectionEnabled -bool false
#   "/Library/Application Support/Sophos/opm-sa/Installer.app/Contents/MacOS/InstallationDeployer" --force_remove
#fi

# Remove Sophos 9 if uninstaller is available in saas
#if [ -e "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" ]; then
#    echo "Removing old Sophos 9 installation..."
#   sudo defaults write /Library/Preferences/com.sophos.sav TamperProtectionEnabled -bool false
#   "/Library/Application Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer" --force_remove
#fi

# Sometimes Sophos uninstaller leaves junk behind causing casper to incorrectly report version.  Remove this file if detected.
if [ -d "/Applications/Sophos Anti-Virus.localized" ]; then
    rm -R "/Applications/Sophos Anti-Virus.localized"
fi

# Download and unzip the Installer to /tmp

echo "Downloading and Unpacking Installer...

"

# Check access to network
 ping -c 2 "$5" > /dev/null
    ping_result=$?

    #If the pings failed 
    if [ "${ping_result}" != 0 ]
    then
        echo "No Proxy Used" &
        curl -k -o /tmp/SophosInstall.zip "$4" 
    else
        echo "Using Proxy" &
        curl -k -x "$6" -o /tmp/SophosInstall.zip "$4" 
    fi

sudo ditto -xk /tmp/SophosInstall.zip /tmp
sudo rm /tmp/SophosInstall.zip

# Run Sophos Cloud Installer from /Users/Shared/
sudo chmod +x /tmp/Sophos Installer.app/Contents/MacOS/Sophos Installer

SAVInstallAttempts=0
while [[ $SAVInstallAttempts -lt $MaxSAVInstallAttempts ]]; do

    # Run the Installer, pipe the output to $SAVInstallLog (overwriting any contents), and immediately save the exit code as a variable so it isn't overwritten by subsequent commands
    echo "Running Installer..."
    sudo /tmp/Sophos Installer.app/Contents/MacOS/Sophos Installer --install &> "$SAVInstallLog"
    SAVInstallExitCode="$?"
    echo "Sophos installer exited with code $SAVInstallExitCode"

    #  If the install was sucessful, dump the log output and exit with a sucessful code
    if [[ $SAVInstallExitCode == 0 ]]; then
        echo "SAV install appears sucessful! Installer output:"
        echo $(cat "$SAVInstallLog")
        echo "-------

        Install appears to be sucessful. Review the log output above for details. Exiting!"
        exit 0

    # If it failed, increment $SAVInstallAttempts, and retry
    elif [[ $SAVInstallExitCode -ge 1 ]]; then
        let SAVInstallAttempts=$SAVInstallAttempts+1
        echo "WARN: The Sophos install was unsuccessful."
        echo "-------

        "
    fi
done

# If we're down here, then the installer failed too often. Log and exit.
echo "FATAL: The Sophos installer has failed too many times."
echo "Detailed logs are on the client at /var/log/installer.log. Less detailed logs below:"
echo $(cat "$SAVInstallLog")
echo "-------

"
echo "The install has failed. Exiting."
exit 1

Thank you for posting this! It made today much easier!

Has anyone experience the "Approve" message for Sophos extension in System Preferences prompted during Sophos Cloud install? Anyone had any success to install it bypassing this? Thanks!

@ralves This is an Apple change. You have to approve the KEXT - https://community.sophos.com/kb/en-us/127413

You can approve the KEXT in a Configuration Profile. The ID is 2H5GFH3774. You might also find the post helpful - Post