Installing Sophos Endpoint Agent in MacOS

Fellow Automox,

Anyone here had try to deploy and install Sophos Endpoint Agent in MacOS? If yes, can someone share their worklets please?

Thanks!
U

1 Like

I haven’t seen any worklets like that created already. Looks like Sophos does have some instructions for bulk installs via script, so the code from here might be something you can run through a worklet:
https://support.sophos.com/support/s/article/KB-000035049?language=en_US

We have a split shop (Lenovo’s and macs) with Sophos that we’ve pushed to Catalina devices using Automox worklets with the scripts that Sophos provides when you log into Sophos central you should be able to find them in the protect devices > installation options area.

Keep in mind Sophos on Catalina causes pop-ups “full disk access required” so you’ll want to move some of the Sophos packages into the full disk if you’re deploying to Catalina.

Here’s the Sophos KB: Here’s a kb for that: https://support.sophos.com/support/s/article/KB-000039014?language=en_US

These are what needs to be moved, I think that KB got altered but this is what’s working for us to prevent the popup:

  1. Sophos Endpoint UIServer
  2. SophosAgent
  3. SophosAntiVirus
  4. SophosAutoUpdate
  5. SophosCleanD
  6. SophosScanAgent
  7. SophosServiceManager
  8. Sophos Diagnostic Utility

Automox Worklet “Sophos macOS Install Script”

Evaluation Code

Exit 1

Remediation Code

# !/bin/bash
mkdir /private/var/tmp/sophos
cd /private/var/tmp/sophos

# Installing Sophos
Curl -L -O https://api-cloudstation-us-east-2.prod.hydra.sophos.com/api/download/KEYFROMYOURSOPHOSCENTRAL/SophosInstall.zip 
unzip SophosInstall.zip

chmod a+x /private/var/tmp/sophos/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer
chmod a+x /private/var/tmp/sophos/Sophos\ Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper

sudo /private/var/tmp/sophos/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --install

/bin/rm -rf /private/var/tmp/sophos
2 Likes

Hi @cfrieberg,

Thank you for the worklets. We are also in hybrid network (Dell & Mac) and we are serverless company. All cloud services. Let me try this worklets and i will give feedback if works.

Ulyssis

1 Like

This also just came out yesterday:

https://support.sophos.com/support/s/article/KB-000033340?language=en_US

And this may help your dells

#######Script Starts#########

 

# Silent Install Sophos AV Client

 

# Path for the workdir

$workdir = "c:\temp\"

 

$sixtyFourBit = Test-Path -Path "C:\Program Files"

 

$SophosInstalled = Test-Path -Path "C:\Program Files\Sophos"

 

If ($SophosInstalled){

Write-Host "Sophos Already Installed!"

} ELSE {

Write-Host "Begining the installation"

 

# Check if work directory exists if not create it

 

If (Test-Path -Path $workdir -PathType Container){

Write-Host "$workdir already exists" -ForegroundColor Red

} ELSE {

New-Item -Path $workdir -ItemType directory

}

 

# Download the installer

 

$source = "Insert your Endpoint link from Sophos central dashboard for the client - right-click to get link location and copy"

$destination = "$workdir\SophosSetup.exe"

 

# Check if Invoke-Webrequest exists otherwise execute WebClient

 

if (Get-Command 'Invoke-Webrequest'){

Invoke-WebRequest $source -OutFile $destination

} else {

$WebClient = New-Object System.Net.WebClient

$webclient.DownloadFile($source, $destination)

}

 

# Start the installation

Start-Process -FilePath "$workdir\SophosSetup.exe" -ArgumentList "--quiet"

 

Start-Sleep -s 35

 

Start-Process -FilePath "C:\Program Files\Sophos\Sophos UI\Sophos UI.exe" -ArgumentList "/AUTO"

}

 

#######Script Ends#########
1 Like

Hi @cfrieberg,

The Key that i need to insert to the URL is the API generated in Sophos API Token Management in Sophos Central, is this correct? Please advise.

Thanks!
Ulyssis

I’m looking into this - might need a day or two, I’ll reply back once I have the answer.

I misspoke on here @uapilado - That is the token for your central subestate that is not the api key.
I would reach out to your sophos rep to get that.

1 Like

@uapilado - Go to Account Details in the upper right hand corner. Go to the Sophos Support section and you’ll see the unique ID

The unique ID for this Sophos Central account is:

Thank you Chief @cfrieberg… I found the sophos unique key. Let me try this worklets.

U

If that doesn’t work, you can get it in the browser dev tools… hover over that zip file and you’ll see it

Right click, copy url

Thanks @cfrieberg… i finally had time to execute this script in automox. Works like a charm. Thanks again!

U

1 Like