Sophos issues with BigSur

Jack_Turner
New Contributor II

f8a6f7f53a164ee18984c2d36d420f48

2acf702bc8f44cc9b3f1a59794764fbf
Hey guys hope you are all well coming up to Christmas. We have been having issues with Sophos popups on BigSur. i have followed all the steps Sophos recommend but we still get the pop ups i have attached out configs and the pop ups were getting 11f73865a596404481826b2fcc021ab8

44 REPLIES 44

PaesslerIT
New Contributor

@sintichn

Could you share your settings with us, please? :D

We are still stuck at the point, where our users have to tick both of those boxes...

johnatzilch
New Contributor II

I have recently changed jobs and just finished battling with Sophos again. Thanks to the final trick listed here to whitelist scand it is looking ok on both Catalina and Big Sur for Intel.

Note: The above article suggests using com.sophos.endpoint.scan however more typically I would have thought you use the BundleID for the relevant 'app' which in this case in its info.plist says it is just com.sophos.scan and that worked for me.

Since yet again Sophos' own articles are clearly out of date as they do not list this entry I have lost all confidence over what their website says. Can I ask the community here to confirm what the latest situation is regarding Sophos and M1 Mac support?

Is it that the same Big Sur version 'just works' but is Intel code running via Rosetta2, or is the latest 10.0.4 Sophos a universal binary suitable for both Intel and M1 Macs?

Do people here regard it as fit to use on M1 Macs?

Finally is the Catalina to Big Sur upgrade issue still present if the Catalina Mac is running 10.0.4 of Sophos? Do we still have to jump through hoops to first uninstall it before reinstalling it?

G_Zirrak
New Contributor III

Hi all, we have recently been dealing with other issues that Sophos has caused in our environment. Recently, it seems that Sophos is affecting our Cisco Jabber (soft phone) application. Affecting macOS versions Mojave, Catalina, Big Sur... Although this should be in another thread itself, but if anyone has Cisco Jabber and Sophos in their environments please let me know.

Sophos support has asked to test out a new (Early Access Program). We are in the process of getting internal approval to join the EAP. Once approved, I will be testing out all issues discussed in this thread and can share with all at a later point.

SCCM
Contributor III

@G_Zirrak I was asked to join thje M1 EAP for another issue i have open. There is not much difference in the live version and EAP. I dont see how it would help you in a app issue. Did they actually look at th logs on the devices to see what was causing the issue? it sounds like you would need to apply some kind of policy fix?

Mark_Lamont
New Contributor III

@fredrik.virding your

I located the ScanD, or what im 99% sure it is: It was in /Applications/Sophos/Sophos Scan.app/Contents/MacOS/SophosScanD.app

did the job for me. amazing stuff :-)

So i used the sophos article mention many times still getting the scand stopped. Used jamf's PPPC util to get the SophosScanD.app full disk access and deployed that and all worked on a clean build.

I also made sure the profiles were deployed well before sophos by making it the last install in a long chain. Glad I don't work with sophos everyday!