Sophos Anti Virus 9.2.8 app and package

Dalmatian
Contributor

Hi All

we used to generate SAV mpkg from enterprise console. but i found there is no mpkg file anymore, only with .app file. so I'm not able to deploy .app to all via casper admin and jss.

i also tried to create a pkg with Composer, but after i deployed this created pkg, it will should Sophos configuration deamon is not running, or error.

i was wondering anyone has the same issue on sophos av installation on El capitan via JSS?

15 REPLIES 15

al_platt
Contributor II

I had massive issues with the .app giving access denied errors when trying to install.

I grabbed the generic installer from the Sophos site and used Composer to snapshot along with server settings.

Sophos support were zero help in trying to troubleshoot too.

Dalmatian
Contributor

@alplatt183 u r right! Sophos support are zero help. and the instruction they gave are way out of date. I tried download the generated one from SEC, but there is no mpkg file, they changed it to app installer.

i used composer taking a few snapshots, all failed. and DON'T upgrade to preview 9.4.1 ! They suggest me to do a test on it, i upgraded from 9.2.8 to 9.4.1 (running on El Capitan), ALL OF A SUDDEN Sophos anti virus got removed automatically at background.

On the next day i called their support asking what's going on, they told me your case just verified by our engineer, and we are working on solution now. What a trick !!!!

I 'm desperate to a way to create a pkg of Sophos Anti Virus then deploy it to all via JSS.

DBrowning
Valued Contributor II

@Dalmatian have you looked at this?

https://derflounder.wordpress.com/2015/02/26/deploying-sophos-enterprise-anti-virus-for-mac-9-2-x/

this is what i believe i did to create the pkg

rtrouton
Release Candidate Programs Tester

I have an updated post on building a Sophos 9.2.x installer available from here:

https://derflounder.wordpress.com/2015/06/17/revisiting-sophos-enterprise-anti-virus-for-mac-9-2-x-d...

My prior method involved copying the Sophos keychain and I was informed that this method would stop working in a future release of Sophos.

SGill
Contributor III

We had good luck with installing the slightly older Sophos 9.1.8 (when a working .pkg was still available) and letting our server upgrade the clients to 9.2.8 live over HTTP.

Our admin has avoided the 9.4.1 "beta" for now….this is mostly on 10.10, as well, not very much 10.11 happening yet.

kstrick
Contributor III

+1 on @rtrouton's method....
My method for 9.2.x was based on his method, and it seems to work for the 9.4.x series

Chris_Hafner
Valued Contributor II

I know this isn't helpful here but... cloud installs are SO EASY now! Just FYI

Dalmatian
Contributor

@rtrouton thanks for your method. it looks work well. My SAV connected to our SEC server and updated to the latest 9.2.8. but it seems the policies didn't retrieve from SEC, i couldn't see policy like scan and tamper protection running on my Mac.

Do you have any idea?

Dalmatian
Contributor

Hi @rtrouton

i tested for over a week about your method as i have SAV 9.2.4 and 9.2.8 in my company. i found that the InstallationDeployer located in a more obvious folder under /Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.app/Contents/MacOS/tools/InstallationDeployer, this path is available for 9.2.4 as well.

(9.2.4 can't find this path /Library/Application Support/Sophos/opm)

so the one i provided should be good for both 9.2.4 and 9.2.8

to add it in your preinstall script, SAV Enterprise 9.2.x, using the below one should be good

if [[ -f "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.app/Contents/MacOS/tools/InstallationDeployer" ]]; then ${LOGGER} "Sophos AV Enterprise present on Mac. Uninstalling before installing new copy." "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.app/Contents/MacOS/tools/InstallationDeployer" --force_remove
fi

ej_schmitz
New Contributor

@Chris_Hafner I'm currently trying to figure out how to deploy this to our org and we use cloud.sophos.com, were you implying there is an alternate, more preferable method in this case?

Thank you!

dlondon
Valued Contributor

Hi,

We've been using a payload-free package in JAMF Composer with a postinstall script that removes old versions and mounts the Enterprise Console share, and installs the latest App from the mounted share. See my co-worker's post here: https://www.jamf.com/jamf-nation/discussions/13871/sophos-v9-2-install

It's the one by jamestoher 28/04/2015

Seems to work :)

Regards,

David

Chris_Hafner
Valued Contributor II

@ej.schmitz Indeed Well, at least it's another way to skin this cat. I've not tested this in the past few months as we've moved on to Cylance (Which is very simple to install BTW).

There are many good ways to go about this!

Just in case no one sees the link above.
https://www.jamf.com/jamf-nation/discussions/12348/script-to-launch-sophos-cloud-installer

ej_schmitz
New Contributor

Thanks @Chris_Hafner! That link worked great for new Sophos installs. Appreciate it!

ccaliri
New Contributor

@ej.schmitz I was able to get this to work, you dont need to worry about using sudo if your jssadmin has the proper rights.

ccaliri
New Contributor

@ej.schmitz I was able to get this to work, you dont need to worry about using sudo if your jssadmin has the proper rights.