Script to Launch Sophos Cloud Installer

damienbarrett
Valued Contributor

Sophos, in their infinite wisdom, is now distributing their installer for Sophos Cloud as an .app and not a .pkg. Installing, then updating, then capturing with Composer results in about a 250MB .pkg file and it's not as stable or clean as just running this 3.5MB installer on every machine. So it's easy enough to distribute this Sophos Installer.app to every machine's /Users/Shared folder (which I've done), but now I'm having issues getting the software to launch properly without error. I thought it would be as simple as this:

jamf displayMessage -message "In a few seconds you will be prompted to install the new Sophos AntiVirus software onto your computer. You will be asked once per day to install this software until you've done so. It does not require a restart. Please run the installer that launches." && open -a /Users/Shared/Sophos Installer.app

When I put this in the Policy --> Files & Processes --> Execute command, I get the jamfhelper to pop up the message, but then I get the following error when the open command goes to launch the software:

Result of command: LSOpenURLsWithRole() failed for the application /Users/Shared/Sophos Installer.app with error -10810.

On a test machine, if I open Terminal and then type "open -a /Users/Shared/Sophos Installer.app", it launches without issue. So, what is it about putting this command in the policy that's causing it to fail?

Can you think of a better way to launch this installer on every machine to prompt the end-user to install the software?

2 ACCEPTED SOLUTIONS

swright_mm
New Contributor III

I use the sophos cloud also and the way our team got it to work is we created this script:

cd /Users/Shared/
curl -O https://amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/frontend/download/e9b405da145cd5cace00204e657dcd644ebf536c3542aaf5a6e687b7ef9e35d5/SophosInstall.zip
unzip SophosInstall.zip
sudo /Users/Shared/Sophos Installer.app/Contents/MacOS/Sophos Installer --install

Then after using that script we added it to Casper Admin and pushed it out. Once the user restarts there system it was installed on there system and also showed up in the Sophos Console. But it doesn't work when adding it to the imaging process.

View solution in original post

bkramps
New Contributor III

@urbancharlie I believe Sophos made changes recently. Our script broke too. To fix, we had to chmod -R +x to make all files within the Installer have the execute bit turned on. Right now our script looks like below and is working:

cd /Users/Shared/
rm -R Sophos*
curl -O https://<insert sophos cloud link>/SophosInstall.zip
unzip SophosInstall.zip &> /dev/null
chmod -R +x /Users/Shared/Sophos Installer.app/
/Users/Shared/Sophos Installer.app/Contents/MacOS/Sophos Installer --install
rm -R Sophos*
exit

View solution in original post

23 REPLIES 23

mm2270
Legendary Contributor III

Not every .app can be opened with a simple open /path/to/app command when its run from a Casper Suite policy, since its running the command as root and not as the logged in user. So, you may need to direct the script to open the application as the user. Since I think you've mentioned that your students are admins, that shouldn't present an issue.

Try something like:

loggedInUser=$(ls -l /dev/console | awk '{print $3}')
sudo -u $loggedInUser open /Users/Shared/Sophos Installer.app

If that doesn't work (sometimes even that doesn't) then you may need to get more advanced and use the launchctl bsexec function to bootstrap execute the open command as the user. But there may be some other methods to try before going that route.

nessts
Valued Contributor II

also did you look in the resources directory? maybe there is a nice pkg to install right there.

swright_mm
New Contributor III

I use the sophos cloud also and the way our team got it to work is we created this script:

cd /Users/Shared/
curl -O https://amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/frontend/download/e9b405da145cd5cace00204e657dcd644ebf536c3542aaf5a6e687b7ef9e35d5/SophosInstall.zip
unzip SophosInstall.zip
sudo /Users/Shared/Sophos Installer.app/Contents/MacOS/Sophos Installer --install

Then after using that script we added it to Casper Admin and pushed it out. Once the user restarts there system it was installed on there system and also showed up in the Sophos Console. But it doesn't work when adding it to the imaging process.

damienbarrett
Valued Contributor

@swright.mm's solution worked for me. A few things I noticed:

1) If you copy the .zip file or the .app to another computer via AirDrop, policy, etc., something breaks and the --install failed with error about the installer being damaged. I think this is some kind of checksum fail or security measure.

2) But if you have a script pull down the Sophos installer from your Cloud URL using curl, then unzip it, and then install it with the --install flag, it will install successfully on a machine and the machine will enroll into the Sophos Cloud and get updates, policies, etc.

3) For some reason, the JSS policy log still shows as a failure, but I can see nothing in the returned log file, no errors, no sign as to why JSS thinks the script is failing. At the surface, this seems an issue, because I'd love to be able to use this policy log as a way to see who has installed Sophos 9.2 successfully and who has not. However, I can use Smart Groups to see who has 9.2 and who does not and so will ignore the policy log failure flag and should be able to get 99% of my user base with Sophos Cloud installed clearnly and then use the Smart Groups to track down any failures. If a machine repeatedly does not have the new Sophos, I can pull it in to find out why and then install manually. Probably a small number.

Thanks for the help on this one. Sure wish it were an easy .pkg installer like so much else.

bkramps
New Contributor III

@damienbarrett I have been using this script as well and was getting a failed status, even though it succeeded. It turns out, the failure message is triggered by the unzip's output. unzip outputs that it is extracting the file Error.png. That output goes into the Policy log file. JSS sees the word "Error" and marks the policy as a fail.

If you redirect the output of the unzip command to /dev/null then the log will not get the text of the output. Since Error.png is not in the log, JSS does not list as a fail.

Hopefully this will help with 3)

urbancharlie
New Contributor

I've been using this script to install Sophos Cloud on my client machines and it has recently broken... anyone know if Sopho's changed the installer on us?

I've verified my download link has not changed and the unzip process is working correctly.

bkramps
New Contributor III

@urbancharlie I believe Sophos made changes recently. Our script broke too. To fix, we had to chmod -R +x to make all files within the Installer have the execute bit turned on. Right now our script looks like below and is working:

cd /Users/Shared/
rm -R Sophos*
curl -O https://<insert sophos cloud link>/SophosInstall.zip
unzip SophosInstall.zip &> /dev/null
chmod -R +x /Users/Shared/Sophos Installer.app/
/Users/Shared/Sophos Installer.app/Contents/MacOS/Sophos Installer --install
rm -R Sophos*
exit

urbancharlie
New Contributor

@bkramps

I tested out your new script and it worked like a charm... it even fixed the completed/failed status.

Thanks!

damienbarrett
Valued Contributor

@bkramps , this worked for me too. Thanks for the update on the script.

tron_jones
Release Candidate Programs Tester

We had to change the script we use as well for the enterprise console of Sophos.

Sophos White Paper

sudo "./Sophos Installer.app/Contents/MacOS/tools/InstallationDeployer" --install

Chris_Hafner
Valued Contributor II

Heh... Alright. Now it looks like I'm going to jump on this bandwagon. Safe to say that we've just started shifting to Sophos Cloud and and running into at least, most of the issues listed here. I've got a few leads on how to distribute this during an imaging process but it's not 100% yet. I'll share once I get there. Unfortunately the latest script here (Actually, each of the three methods I've seen here) are providing mixed results on 10.10.x units, upgrading from the standalone Sophos AV endpoint to 9.3.3 (cloud).

In the end. My devices are getting Sophos 9.3.3 and updating just fine. Unfortunately, a bazillion (less than technical term) users are being populated into the Sophos cloud interface and NOT their associated devices. It's a weird one.

Chris_Hafner
Valued Contributor II

I've found this one to be a bit interesting. @swright.mm @bkramps . I seemed to end up with a number of issues with the Sophos end of the cloud service. In any event, I cleared up a few older installs and re-ran the suggested script with spectacular results! Thanks all!

Chris_Hafner
Valued Contributor II

Alright. In the end I went two different directions on this. We deployed the latest version of Sophos cloud using the script above, AFTER uninstalling the previous version.

cd /Users/Shared/
rm -R Sophos*
curl -O https://<insert sophos cloud link>/SophosInstall.zip
unzip SophosInstall.zip &> /dev/null
chmod -R +x /Users/Shared/Sophos Installer.app/
/Users/Shared/Sophos Installer.app/Contents/MacOS/Sophos Installer --install
rm -R Sophos*
exit

I had hoped that the new cloud installer would provide a clean upgrade path but a number of users didn't get the proper update configuration.

For new or otherwise freshly imaged machines, we packaged up the app utilizing composer and a trick from Sophos' website (https://www.sophos.com/en-us/support/knowledgebase/121678.aspx). So essentially I ran a composer index, installed the latest version of the Sophos Cloud installer. Then used the suggested set of commands from Sophos

sudo mv /Library/Application Support/Sophos/mcs/config/configuration.plist /Library/Application Support/Sophos/mcs/config/configuration.plist.image

sudo security delete-keychain "/Library/Sophos Anti-Virus/Sophos.keychain"

After which I ran another index, giving me a set of results I cleaned up a little bit. Now, I can just distribute that .dmg followed by a quick script containing the following two commands.

mv /Library/Application Support/Sophos/mcs/config/configuration.plist.image /Library/Application Support/Sophos/mcs/config/configuration.plist

launchctl stop com.sophos.mcs

and all is well. Thanks folks!

RyanN
New Contributor

Has anyone else moved to the Sophos Cloud client in their environment and had issues getting the clients to check in with the Sophos console?

I've used composer to package the installer and used the above script with the two commands but still can't get it to function right. The package installsupgrades existing versions to the Cloud version but just never shows up in my console.

Thanks in advanced for any guidance any can help out with.

wilsonch
New Contributor

I have used @bkramps script and it it curl the software package without issue, but it will actually launch the installer package with the sophos install GUI. Is this the expected behaviour?

I was hoping for a quiet install.

Thanks

bkramps
New Contributor III

@wilsonch that is not expected behavior. We are on Sophos Cloud Endpoint 9.4.2 and do not see the GUI installer.

You will want to make sure in the script that you put --install (that is 2 minus signs before the install option) for the silent install. Some text editors auto-format the -- to one long dash. If that happens then the GUI will launch.

wilsonch
New Contributor

@bkramps You are a genius! That fixed my problem!

Thanks heaps.

GPGIT
New Contributor

I am also trying to roll this out, and appear to be successful with my script until the --install.

I am toggling between adding sudo, adding the full /private path, making sure my install has --

But it appears to hang on --install; tested locally on the machine, and via casper remote.

Has anyone else run into this lately?

rm -rf /tmp/sophos
mkdir /tmp/sophos
cd /tmp/sophos
curl -O https://PATH/SophosInstall.zip
unzip SophosInstall.zip
chmod +x "/tmp/sophos/Sophos Installer.app/Contents/MacOS/Sophos Installer"
sudo /private/tmp/sophos/Sophos Installer.app/Contents/MacOS/Sophos Installer --install

lstrm
New Contributor II

Hello,

I know this is an old post but hopefully someone can help out. I'm using the script that @bkramps provided and it works like charm. However, when I check sophos central, it's showing the last logged in user as me rather than the account that was logged into the computer. On a windows machine, it shows the last user that was logged in. Is there any around that? Could it be that the DL link I used was the one from "Send Installer to Users"? How did everyone get the proper DL link since Sophos won't let me right click on that link? Any help would be great! Thanks in advance!

RLR
Valued Contributor
I know this is an old post but hopefully someone can help out. I'm using the script that @bkramps provided and it works like charm. However, when I check sophos central, it's showing the last logged in user as me rather than the account that was logged into the computer. On a windows machine, it shows the last user that was logged in. Is there any around that? Could it be that the DL link I used was the one from "Send Installer to Users"? How did everyone get the proper DL link since Sophos won't let me right click on that link? Any help would be great! Thanks in advance!

I got the link by using chrome. I downloaded the file and then went to the downloads area in chrome. It shows the download url in the file you just downloaded. You can then right click this file and save link as or copy link url.

Dalmatian
Contributor

@GPGIT I got the same issue, it just hang in there after running --install. Have you got any solution yet

jelockwood
Contributor

The link given via the Sophos Central admin page only downloads a ghastly 'downloader' rather than the real full fat installer. (Shades of even more ghastly Adobe here.)

Is anyone able to download and save the full fat installer? If so how do you get the URL?

Dalmatian
Contributor

@damienbarrett @bkramps @Chris_Hafner

Hi Guys

I've ran the script, which is working well, and sophos installed, could monitor policies status on the laptop from Central Admin. But i found 1 issue that on the monitored laptop, i could only see Remove Sophos Endpoint.app, can't find Sophos app in application folder.

Anyone has this issue? i've tried restart as well. no luck

2a23a42ad6df4d8d80db5feea24a5d4b