Stop "is an application downloaded from the internet" pop up on deployments

Errick_Pfuhl
New Contributor III

Hey everyone,

I am in the home stretch of an application deployment but have one user experience issue I would like to resolve if possible. I have a new working Sophos deployment, however I get the attached pop up any time the policy runs for install. It must be accepted to install the software and bypassing that for our end users would be excellent.

So far i have tried

xattr -d com.apple.quarantine /var/tmp/SophosInstall/Contents/Helpers/SophosCBR.bundle

before the install kicks off with no success. Any input would be greatly appreciated on if this is even possible to prevent.
65ea7a195c644a47928bd082ad97267c

1 ACCEPTED SOLUTION

jonw
Contributor

@Errick.Pfuhl I too ran into this with recent Sophos deployments. What solved it for me (knock on wood) was adding this just before the chmod script steps:

xattr -rc /var/tmp/Sophos*

View solution in original post

6 REPLIES 6

UbiquitousChris
Contributor

You might want to add the -r option to recursively remove the quarantine flag from inside the bundle. So:

xattr -d -r com.apple.quarantine /var/tmp/SophosInstall/Contents/Helpers/SophosCBR.bundle

Errick_Pfuhl
New Contributor III

Still no dice on that one either. I have also attempted disabling Gatekeeper with spctl --master-disable and running locally, and that was also unsuccessful. May need to prep some user training documents for this one unfortunately

talkingmoose
Honored Contributor II
Honored Contributor II

Are you deploying Sophos via command line? I would expect that to take care of messages like that.

https://support.sophos.com/support/s/article/KB-000033340?language=en_US

Errick_Pfuhl
New Contributor III

I am. Contained the installer .app and the installer components folder inside SophosInstall and deployed as a .dmg to /var/tmp.

The following script runs with that policy

#!/bin/sh 

# Navigate to tmp folder
cd /var/tmp/SophosInstall
# Give permissions to sophos installer components
chmod a+x ./Sophos Installer.app/Contents/MacOS/Sophos Installer
chmod a+x ./Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
# run installer
./Sophos Installer.app/Contents/MacOS/Sophos Installer --install
# clean up
rm -rf /var/tmp/SophosInstall

I might be missing something obvious, but I have not found it.

jonw
Contributor

@Errick.Pfuhl I too ran into this with recent Sophos deployments. What solved it for me (knock on wood) was adding this just before the chmod script steps:

xattr -rc /var/tmp/Sophos*

Errick_Pfuhl
New Contributor III

@jonw You are my hero! I didn't even consider running it against the entire .app. No pop up during the install and it allowed me to add the device to 11.0 EAP in Central. Thank you for that line