Jamf Nation Community

mcgace · ‎11-27-2019

Has anyone managed to get this working?

I used PPPC Utility to make the Profile as per the KBs below on Sophos website:

https://community.sophos.com/kb/en-us/134552
https://community.sophos.com/kb/en-us/134686

The policy successfully deploys to scoped machines but I still get the alert to grant Full Disk Access

Sophos is not automatically granted Full Disk Access in Security & Privacy

What am I doing wrong?

chrisbju · ‎11-27-2019

Are you running SEC On-Prem? We had issues with this in version 9.9.5 and they admitted there was something wrong with the check for prompting full disk access, and pushed us to 9.9.6.

After 9.9.6 we dont see any Pop-ups. Talk to your Sophos Rep to get 9.9.6.

Here are our settings.
com.sophos.SophosScanAgent
identifier "com.sophos.SophosScanAgent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"

SystemPolicyAllFiles - Allow

com.sophos.macendpoint.CleanD
identifier "com.sophos.macendpoint.CleanD" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"

SystemPolicyAllFiles - Allow

com.sophos.macendpoint.SophosServiceManager
identifier "com.sophos.macendpoint.SophosServiceManager" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"

SystemPolicyAllFiles - Allow

com.sophos.SDU4OSX
identifier "com.sophos.SDU4OSX" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"

SystemPolicyAllFiles - Allow

com.sophos.autoupdate
identifier "com.sophos.autoupdate" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"

SystemPolicyAllFiles - Allow

View solution in original post

chrisbju · ‎11-27-2019

Are you running SEC On-Prem? We had issues with this in version 9.9.5 and they admitted there was something wrong with the check for prompting full disk access, and pushed us to 9.9.6.

After 9.9.6 we dont see any Pop-ups. Talk to your Sophos Rep to get 9.9.6.

Here are our settings.
com.sophos.SophosScanAgent
identifier "com.sophos.SophosScanAgent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"

SystemPolicyAllFiles - Allow

com.sophos.macendpoint.CleanD
identifier "com.sophos.macendpoint.CleanD" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"

SystemPolicyAllFiles - Allow

com.sophos.macendpoint.SophosServiceManager
identifier "com.sophos.macendpoint.SophosServiceManager" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"

SystemPolicyAllFiles - Allow

com.sophos.SDU4OSX
identifier "com.sophos.SDU4OSX" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"

SystemPolicyAllFiles - Allow

com.sophos.autoupdate
identifier "com.sophos.autoupdate" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "2H5GFH3774"

SystemPolicyAllFiles - Allow

calvins · ‎11-27-2019

This is a known issue apparently, we're seeing it too. See this: https://community.sophos.com/kb/en-us/134833

mcgace · ‎12-02-2019

Thanks I am on 9.95. I'm going to get 9.9.6 and then I'll update this post.

GrahamJ · ‎12-06-2019

Still seeing this in 9.9.6 on cloud.

GrahamJ · ‎12-09-2019

https://community.sophos.com/kb/en-us/134686

this fixed it for me

DavidN · ‎02-05-2020

Just installed 9.97. Still seeing this prompt even after following their instructions for PPPC profile. Neither of the KB articles above are valid any longer.

Veronica_Kroner · ‎02-21-2020

I think I have tried every trick from Jamf Nation/Sophos, I still get that I need to "allow" in from Security & Privacy. Is there a way to allow this without user intervention?
Thanks!

wilesd · ‎03-03-2020

@Veronica.Lozano - That looks like kext approval required - Which fortunately does seem to work at the moment, not that it helps if you get more prompts from PPPC

a_holley · ‎03-04-2020

@Veronica.Lozano this is not a PPPC setting, it's the KEXT issue. See here: https://www.jamf.com/jamf-nation/discussions/30534/approved-kernel-extensions-still-asking-to-be-allowed

MichelTarantola · ‎04-02-2020

The solution posted by chrisbju works for me too:
From PPPc settings "Allow" SystemPolicyAllFiles for this:
SophosCleanD.app
SophosServiceManager.app
SophosDiagnosticUtility.app
SophosScanAgent.app
SophosEndpointUIServer.app

Take note: check "path" from ID setting. and not "bundle"

rcole · ‎04-08-2020

Hi @MichelTarantola thanks for this info. Would you mind sharing what path(s) are you using in the code requirement and what are you using as the identifier for each app (SophosCleanD.app
SophosServiceManager.app
SophosDiagnosticUtility.app
SophosScanAgent.app
SophosEndpointUIServer.app)

?

Jamf Nation Community

macOS Catalina Grant Full Disk Access - Sophos Endpoint