Help

Stop "is an application downloaded from the internet" pop up on deployments

Go to solution
Errick_Pfuhl
New Contributor III

Posted on ‎02-10-2021 12:20 PM

Hey everyone,

I am in the home stretch of an application deployment but have one user experience issue I would like to resolve if possible. I have a new working Sophos deployment, however I get the attached pop up any time the policy runs for install. It must be accepted to install the software and bypassing that for our end users would be excellent.

So far i have tried 

xattr -d com.apple.quarantine /var/tmp/SophosInstall/Contents/Helpers/SophosCBR.bundle

before the install kicks off with no success. Any input would be greatly appreciated on if this is even possible to prevent.
65ea7a195c644a47928bd082ad97267c

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
jonw
Contributor

Posted on ‎02-22-2021 12:22 PM

@Errick.Pfuhl I too ran into this with recent Sophos deployments. What solved it for me (knock on wood) was adding this just before the chmod script steps:

xattr -rc /var/tmp/Sophos*

View solution in original post

6 REPLIES 6

Go to solution
UbiquitousChris
Contributor

Posted on ‎02-10-2021 02:50 PM

You might want to add the -r option to recursively remove the quarantine flag from inside the bundle. So:

xattr -d -r com.apple.quarantine /var/tmp/SophosInstall/Contents/Helpers/SophosCBR.bundle

Go to solution
Errick_Pfuhl
New Contributor III

Posted on ‎02-10-2021 03:38 PM

Still no dice on that one either. I have also attempted disabling Gatekeeper with spctl --master-disable and running locally, and that was also unsuccessful. May need to prep some user training documents for this one unfortunately

0 Kudos

Go to solution
talkingmoose
Moderator
Moderator

Posted on ‎02-10-2021 03:38 PM

Are you deploying Sophos via command line? I would expect that to take care of messages like that.

https://support.sophos.com/support/s/article/KB-000033340?language=en_US

0 Kudos

Go to solution
Errick_Pfuhl
New Contributor III

Posted on ‎02-10-2021 04:54 PM

I am. Contained the installer .app and the installer components folder inside SophosInstall and deployed as a .dmg to /var/tmp.

The following script runs with that policy 

#!/bin/sh 

# Navigate to tmp folder
cd /var/tmp/SophosInstall
# Give permissions to sophos installer components
chmod a+x ./Sophos Installer.app/Contents/MacOS/Sophos Installer
chmod a+x ./Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
# run installer
./Sophos Installer.app/Contents/MacOS/Sophos Installer --install
# clean up
rm -rf /var/tmp/SophosInstall

I might be missing something obvious, but I have not found it.

0 Kudos

Go to solution
jonw
Contributor

Posted on ‎02-22-2021 12:22 PM

@Errick.Pfuhl I too ran into this with recent Sophos deployments. What solved it for me (knock on wood) was adding this just before the chmod script steps:

xattr -rc /var/tmp/Sophos*

Go to solution
Errick_Pfuhl
New Contributor III

Posted on ‎02-22-2021 03:18 PM

@jonw You are my hero! I didn't even consider running it against the entire .app. No pop up during the install and it allowed me to add the device to 11.0 EAP in Central. Thank you for that line

0 Kudos