1.Purpose of the article
- Uninstall Sophos Mac Os Catalina
- Install Sophos Mac Catalina
- Sophos Macbook
- Sophos Mac Catalina
- Sophos Mac Os
Sophos Anti-Virus for macOS. These are the release notes for Sophos Anti-Virus for macOS (Sophos Central edition). Improved support for macOS 10.15 Catalina when using MDM profiles. The preferences panel immediately after an upgrade. To unlock the preferences panel, log out, then log in to your Mac again.
This article will guide you on how to control application access on a user’s Mac via Sophos Central.
2.Configuration situations
- Duplicate Sophos Home shield appears on macOS menu bar; System Extension Blocked appears on new installations on macOS High Sierra 10.13, Mojave 10.14, and Catalina 10.15; Installation failed on Sophos Home Mac; The installation cannot proceed OR The removal failed message appears when installing/uninstalling Sophos Home on macOS.
- MacOS 10.15 Catalina and above How to add Security Permissions For a new installation of Sophos on a Mac, Sophos needs to be allowed in the General tab of the Security & Privacy window.
- Overview In July 2017, security researcher Partick Wardle presented a vulnerability at DEF-CON about how to perform a privilege escalation attack on MacOS by using 3rd party installers such as Sophos. In the installer for Sophos Central, we have implemented security changes to mitigate this vulnerability.
Thegioifirewall will prepare a Mac running MacOS Catalina version 10.15.5 with Sophos Endpoint installed.
3. What to do ?
- Configure the Application Control policy on Sophos Central
- Result
4. Configuring
4.1 Configure the Application Control policy on Sophos Central
To configure the application control we log into Sophos Central’s admin page with the admin account, then go to Endpoint Protection> Policies.
Click Add Policy to add a new policy.
The Add Policy table appears, we will select the following information:
- Feature: select Application Control from drop down menu
- Type : We can choose to apply this policy to a user or to a device, in this article I will choose Device.
The Create New Computer Policy table will appear, we need to fill in the following information:
Policy Name: Test_App_Control
Tab COMPUTERS:
- We will select the computer that the Mac is using, here we will select the MacOS15’s Mac computer from the Available Computers panel and click the right arrow to switch this computer to the Assigned Computers panel.
Tab SETTING:
The first step we need to click on Add / Edit List to add the application we want to ban to the list.
Uninstall Sophos Mac Os Catalina
Next, the Add / Edit Application List table appears, with the left panel showing the categories of applications that Sophos supports and on the right is a list of applications under the category.
In this article we will prohibit users from using Telegram, to add this application we select the Instant Messaging category in the left column, the applications of this category will appear in the right column.
We will search for the Telegram application then tick it and click Save to List to complete.
After saving you will see the Telegram application will be in the list.
Next, we will click the switch at Detect controlled applications when users access them (You will be notified) so that Sophos Central will immediately detect and ban the application when users use it.
In addition, you can also schedule a ban to use this application for a certain period of time by pressing the Detect Controlled applications during scheduled and on-demand scans.
Install Sophos Mac Catalina
Click Save.
4.2 Result
Sophos Macbook
After configuring the policy we will go to the prepared mac and perform the test.
Sophos Mac Catalina
Turn on the Telegram application on the device and we will see the results as shown below
Sophos Mac Os
Turn on the Sophos Endpoint application on a mac and we will see a log where Sophos Endpoint has blocked Telegram access.
Next we will check the log to see if Sophos Central records the log.
To view the log we go to Logs and Reports> General Logs> Events.
As a result we will see log lines saved when the user violated the policy.
The log also provides very detailed information such as the date of the violation, the blocked path, the identity of the violating user …