Sophos Kernel Configuration Policy with Silicon Macs

Fox
New Contributor III

Good afternoon!

I have a Sophos Kernel that is applied via Configuration Profile to to both Intel and Silicon macs. The issue is that the Silicon Macs show a failure to install but the Kernel does install on the Mac profile when I check on each Mac. The problem is that the configuration sees it as a failure so it continues to try and install it and piles up lots of failures on each Silicon mac. 

The status error is "The current system configuration does not allow the requested operation". 

As far as what I have researched, Silicon Macs don't really use external kernels. If this is true, is this kernel actually needed (It does install)?

 

Bonus Question: Sophos will only install on 2/3rds of my Silicon Macs. The other third won't take it (the kernel is installed on all of them and they are all on Monterey). If you have any idea why it won't install then please let me know (Jamf shows that it installs but that's not the case).

6 REPLIES 6

sirsir
Contributor

There are no Kernel Extensions on ARM Mac's, you need to use System Extensions. Separate the profiles, one for Intel one or ARM. 

smith5364
New Contributor

Thank goodness i have found someone else experiencing the same problem (sorry!) HCA Rewards

joboo72
New Contributor II

Happy to share my mobileconfig with you if you DM me. It worked well without any issues. We've moved to SentinelOne, but I kept the config profiles around just in case.

Andrew_R
New Contributor III

We've moved from an on-premise Sophos Enterprise Console with an older version of the Sophos endpoint to the cloud-based Sophos Central with a modern one.  I think this will help in either case though:

I followed this documentation to get everything approved and up and running: Sophos Mac Endpoint: How to Configure JAMF Privacy Preferences for 10.15+ Compatibility - Recommende...

Hope that helps!

aprilcarr
New Contributor II

In response to your bonus question, I've been having this problem for almost 2 weeks now. I noticed Sophos stopped installing during enrollment on every M1 computer, and wouldn't install via script either. Honestly haven't tried on an Intel device yet. Hoping to find a resolution so I can distribute these computers!

Andrew_R
New Contributor III

How are you installing?  I had a large number of failures until I got in touch with our sales engineer who provided me their recommended install script, which I then modified to suit our environment.  Installation and re-installation is now very reliable.