Hey again folks.
I have a bunch of recently-imaged Mojave Macs here that have run our normal Sophos Central Endpoint installer without any issues, but are now popping up warnings about there being "insecure permissions on system directories" on login. The Sophos console on the Macs in question seems to have updated itself to the latest 9.9.0 version, yet also states "Update Failed" on opening. Huh.
Their support article for this issue is located here: https://community.sophos.com/kb/en-us/131959#fixPerm
On checking the three directories they list, I can see that the very root of the HD is set to root:wheel and 777 on our systems here (the other two directories they list are correct), so I'm presuming that's the cause of the issue. I then also presumed that SIP must have, at some point, been switched off in order to make this happen.
However, on investigation, SIP is indeed switched on. As an experiment I booted into recovery mode and changed permissions on / to a 755, but sure enough, as soon as the system rebooted it restored the original 777 permissions, so I can only assume SIP is doing its job and that's just the way things should be. The 'Sophos' subdirectory in Application Support also seems ok as it's set to root:admin 755.
As such, is this a case of Sophos just being slow to adjust to changes? Or are those permissions on the root of the drive incorrect somehow?
As a side note, does anybody have any recommendations for any decent virus scanners that I can pitch as a replacement? Sophos seems to throw up problems for us every summer in some form or another.
