The latest operating system from Apple, macOS11 Big Sur, has arrived and it brings with it a few significant architecture modifications. In this article, we will take a look at these changes, as well as some of the things you might consider doing to automate much of the deployment of Intercept X on macOS.
After you uninstall Sophos Anti-Virus, the Scan with Sophos Anti-Virus command is still present in a Finder shortcut menu. It disappears when you log in to your Mac again. In Sophos Enterprise Console and Sophos Control Center, you can set up email alerting for Virus alerts, Scanning errors or Other errors. Resolved an issue with Sophos Central Encryption failing to send the recovery key to Sophos Central. MACDP-462: Resolved an issue in which the recovery key was missing after upgrading to macOS High Sierra. MACDP-726: Resolved an issue with SophosEncryptionD not handling the unexpected output of diskutil information. The current test Sophos Endpoint 9.9 for MacOS Catalina (204305) from September 2020 of AV-TEST, the leading international and independent service provider for antivirus software and malware. MacOS 10.15 Catalina and above How to add Security Permissions For a new installation of Sophos on a Mac, Sophos needs to be allowed in the General tab of the Security & Privacy window. Norton is one of those. I wouldn't install Sophos either. Malwarebytes was developed by a long time contributor here; it is mostly to get rid of malware and adware. Mac OS Catalina has excellent protection built in; in fact, the system/OS is now contained in a read-only volume which means no one can gain access to do any harm.
These changes started to appear with macOS Catalina (10.15) – Apple is beginning to deprecate the use of system wide kernel extensions in favour of user space system extension APIs. This allows software like network extensions and endpoint security solutions to extend the functionality of macOS without requiring kernel-level access.
An interesting third party review of some of the most significant changes in the last decade Apple have recently introduced can be found here.
Unfortunately, we didn’t have a GA version of Intercept X for Mac available on the first day of release. The good news is that we now have an Early Access Program (EAP) available in Central, whereby customers can nroll devices running macOS11 in order to receive a pre-release version of Sophos Endpoint v10.0.2.
TIP: As you can appreciate, we don’t typically recommend using EAP (pre-release) software on a production system. If you would like to prevent users from upgrading to BigSur AND if you or your customer are using Sophos Endpoint, then it’s worth noting that the SophosLabs have added an Application Control detection for the Big Sur installer. This means that you can control its rollout by blocking the application – the installer is classified as a “System Tool”.
Most of you are probably aware of the process on how to join an EAP and then enroll devices, however if you would like some info on this process click here. Typically, we don’t make EAPs available to Sophos Central MSP accounts, however given that some customers may be purchasing new Apple hardware that comes pre-shipped running Big Sur, we have extended the EAP to MSP customers too.
About new hardware, the following Macintosh models (at the time of writing) use the new Apple M1 ARM-based system chipset:
- MacBook Air (M1, 2020)
- Mac mini (M1, 2020)
- MacBook Pro (13-inch, M1, 2020)
Sophos Intercept X for Mac does not natively support this new chipset; however, it can be made to work using a piece of backwards compatibility software called Rosetta 2. This software needs to be installed on the Mac before joining it to the EAP and it updating to 10.0.2. More info on this process is also covered in the EAP community post above.
Sophos Mac Os Catalina
On testing the deployment of Intercept X on a brand new macOS11 device, I found the installation routine quite user intensive with several prompts required to allow permissions etc. before a complete protected state could be achieved.
There are several things that can be done to reduce these prompts, specifically using an MDM provider (such as Sophos Mobile or JAMF) to essentially pre-trust extensions using the Sophos ‘Teams ID’ of 2H5GFH3774. This is a trusted ID that is used in the development of Sophos code, to automatically whitelist our software:
I found that this configuration made the deployment of Intercept X for Mac on macOS Catalina and older, virtually ‘silent’. There were still some prompts that required user interaction when deploying on Big Sur, however this will still down on the amount of interaction required without any applied MDM settings.
Our wonderful professional services team have also created a number of scripts to use with JAMF to automate deployment on Macs. Info on this can be found here.
Expect to see some more information in the new year, once a GA version of 10.0.2 for Mac is available, on how to automate the deployment further.
Product Information
macOS Catalina (10.15) was released on October 7, 2019. Technology Support Services will be testing Catalina with our 'standard' software to ensure it is compatible.
PLEASE NOTE that macOS Catalina will not support 32-bit software and may require you to upgrade your software (beyond what is supported by Technology Support Services). Please read How to Determine Which Apps May or May Not Work in macOS Catalinafor more information.
Recommendation
macOS Catalina (10.15) is supported by Academic Technology / Technology Support Services.
If you have OS X 10.12 (Sierra) or an older version, we strongly recommend that you upgrade to at least macOS 10.13 (High Sierra). Apple is no longer supporting OS X 10.12 (Sierra).
You will need one of the following models in order to run macOS Catalina:
Sophos For Mac Catalina
- Macbook (2015 or newer)
- MacBook Air (2012 or newer)
- MacBook Pro (2012 or newer)
- Mac mini (2012 or newer)
- iMac (2012 or newer)
- iMac Pro (2017 or newer)
Recommended minimum hardware:
- 20 GB of free space
- 4 GB minimum memory
Please read How to Determine Which Apps May or May Not Work in macOS Catalinafor more information.
Sophos Free For Mac
| Software | Supported |
|---|---|
Active Directory | |
Adobe Acrobat Reader DC Adobe DC, Acrobat 2017 are compatible with the new macOS 10.15 Catalina. | |
Adobe Creative Cloud Versions 2020 and 2019 are compatible. | |
Adobe 32-bit Applications (legacy Adobe apps and Adobe CS6) | |
Adobe Flash Flash Player installs and appears to work fine. No official support statement from Adobe regarding macOS 10.15 Catalina support. | |
Adobe Photoshop Cfyow. Photoshop 20.0.7 and later versions work with macOS 10.15 (Catalina) but have these known compatibility issues. You may want to remain on your current version of macOS until these issues have been resolved. Photoshop Elements version 2020 is compatible with Catalina | |
BigFix Client Client version 9.5.14 is compatible with Catalina. | |
Camino (Canvas) Canvas is accessible from any computer or mobile device with a Web-standard browser. Canvas supports the latest versions of Chrome, Firefox, Internet Explorer, and Safari | |
Cisco AnyConnect (VPN) Our VPN system was upgraded to support Catalina on 11/13. Your Cisco VPN client should prompt for an upgrade if you're running Catalina. | |
Duo Duo 2FA has been working with macOS 10.15 Catalina. We are unable to locate any official notice on the Duo website to support this. How do I resolve Duo Prompt display issues related to iOS or macOS content restrictions?
In addition to the instructions above, please also make sure that JavaScript is enabled in Safari on your macOS or iOS device. | |
ExamSoft Examsoft has announced it has updated its latest version of Examplify (2.06) to be compatible with Catalina (10.15) Law Technology Services recommends Law Students wait until after their 2019 finals. | |
Google Chrome Chrome supports macOS 10.10 and higher. | |
MATLAB MATLAB supports macOS Catalina 10.15 | |
Microsoft Office Office 2016 for Mac needs to be v15.35 or newer. Check the version in one of the Office apps. Example, go to Word > About Microsoft Word (or whichever Application you are checking). If you have Office 2011 for Mac or before, do NOT update to Catalina because Office will stop working. Office 2011 for Mac is no longer supported by Microsoft and there is no workaround for this. | |
Mozilla Firefox Version 70.0.1 is fully supported. | |
Printer Logic Last release of Printer Logic (August 2019) only officially supports up to Mojave (10.14). Our testing shows it seems to work fine. | |
SafeConnect Impulse Point is pushing out a Mac Policy Key on Monday, October 21 to support macOS Catalina. Testing is not completed. | |
SmartPrint Pharos supports current version of Uniprint clients (Poup 9.0.10) and macOS 10.15 Catalina. | |
Sophos Home (Personally Owned Computers) Version 9.9.4 or above is required. Additional steps are required to successfully install Sophos Home.
| |
Sophos Central (University Owned Computers) Version 9.9.4 or above required (released September 2019). Version 9.9.6 will include a permissions popup to make installs easier. | |
Sophos Encryption | |
SPSS SPSS 26 now available and supported on Catalina SPSS 25 will not be officially supported on Catalina by IBM. | |
Zoom Web Conferencing Zoom is Catalina supported. Version 4.5.5 (5452.1010) |
Sophos Home Mac Catalina
Last Updated 1/9/2020