unfortunately there is no current script that still works to roll out Sophos. I have made several attempts to get Sophos onto the Macs (I use Big Sur) via Self Service and Auto Deploy. Current approach does not work.
Packed the Sophos installer in /private/var/tmp, deployed it as a pkg in Self Service and used this as the script:
# Created using this Sophos KB article:
https://community.sophos.com/kb/en-us/14179#v9.2+sudo /private/var/tmp/sophos/Sophos Installer.app/Contents/MacOS/Sophos Installer --install;
# Remove installer/bin/rm -rf /private/var/tmp/sophos; exit 0 ## Success exit 1 ## Failure
The installer is dropped correctly, but the installation does not start.
Are there any other ways I can offer Sophos 10.0.4?
This script works fine for us.
#!/bin/sh cd /tmp if [[ -d "/tmp/Sophos Installer.app" ]]; then rm -rf /tmp/Sophos* fi # Update the URL as indicated in Sophos Admin Panel curl -O your cloud url unzip SophosInstall.zip chmod a+x ./Sophos Installer.app/Contents/MacOS/Sophos Installer chmod a+x ./Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper ./Sophos Installer.app/Contents/MacOS/Sophos Installer --install exit 0
Are you talking about all the Configuration Profiles needed to run Sophos? If so, make sure you have all of this taken care of and deployed to your machine(s) before installing.
Edit: I haven't used a config.plist for the installation of Sophos before, just make sure to get the Sophos download link into that script and it should auto-configure to your Sophos Cloud.
@SirSir Even with that KB link, I still have an issue with Sophos starting the servicemgr service on Big Sur. Catalina is fine, but something is not right with the PPPC and/or System Extensions that I have set up. Waiting on Sophos to respond back to a case we have open.
Also, there are discrepancies in that article between the numbered steps and the screenshots. The information is not the same between the two. Specifically under Big Sur steps 2-4. It looks like the discrepancy is only about display name which I believe is arbitrary and shouldn't make a difference, but given my issues, I'm wondering if that is actually the case.
Now i´ve got a solution to install via Self Service: install pkg dropped in private/var/tmp/sophos and then a command under "files and processes: /private/var/tmp/sophos/Sophos Installer.app/Contents/MacOS/Sophos Installer --install --quiet
but then there is a prompt that you have to confirm, the install is not really silent. any suggestions?
@jrippy does this also apply to a script that I run instead of a command?
edit: one more question: Sophos needs a permission for the network extension, i created a config profile for this. is it possible to include this config profile somehow in my policy to prevent this event during the installation?
@mickl089 As far as I am aware, whether the script runs in the Script payload or in the Files and Processes payload, it should run as root. I might be wrong about that, will just have to check.
As for the Network Extension config profile, you may just have to send that out a day or two before the install goes out to try to blanket your install base. If Sophos isn't installed yet, it shouldn't cause the config profile to fail, but if Sophos is installed before the config profile, you will run into issues as you've probably seen.
So I've tried a few variations of these install deployment scripts for Sophos and each time it comes back to a basic issue of it can't find the files /directories its created in the first place (/private/tmp/Sophos Installer) when it goes to run the chmod. I'm fairly new to jamf/deployments/macs so I apologize if I'm missing something obvious. I've tried running the scripts as my user, as a policy, and as a script via Jamf Remote tool.