PSA: DeployStudio & Sophos SAV for Mac 9.7.5 and later Folder Insecurity Warning

Valued Contributor II

Sophos recently published a knowledge base article, On Premise MacOS Installer: Folder Insecurity Warning, which details a side-effect of DeployStudio.

The article includes a Bash script to test for incorrect permissions.


New Contributor III

The DeployStudio bug is apparently fixed in v1.7.9, which is not yet released as of this date. Until it is, the permissions & ownership can be fixed via a script in your DeployStudio workflows, but in my experience, it needs to be the LAST item in the workflow. Almost any DeployStudio workflow step can corrupt the permissions, including adding a package for deferred installation.

You can also use a DeployStudio workflow that just runs the script to fix the permissions, if you don't want to mess around with the Recovery partition and SIP.