Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Sophos Endpoint Protection Deployment with JAMF

After some struggling we finally managed to get it working. So the steps are like:

  1. Deploy Sophos KEXT ID to all Macs via a Configuration Profile -> Approved Kernel Extensions
    2H5GFH3774

  2. We took a script from this post (https://www.jamf.com/jamf-nation/discussions/23168/sophos-cloud-installs) and make customizations to fit our needs. Basically the script will download the zip installation package shown in your Sophos Central admin console, unzip it, and then install it.

The script looks like this, please replace the downloading URL.

#!/bin/sh

cd /tmp

if [[ -d "/tmp/Sophos Installer.app" ]]; then
    rm -rf /tmp/Sophos*
fi

# Update the URL as indicated in Sophos Admin Panel
curl -O https://api-cloudstation-us-east-2.prod.hydra.sophos.com/api/download/xxxxxxxxxxxxxxxxxxxxxxx/SophosInstall.zip
unzip SophosInstall.zip

chmod a+x ./Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer
chmod a+x ./Sophos\ Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper

./Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --install

exit 0
  1. Create a "Policy" in JAMF to run this script on local machines. After installation the machines will automatically register to your admin console and fetch updates.

NOTE: For larger corporation deployment I suppose you can also use the Composer method to do a local distribution of the installation package in order to prevent huge bandwidth usage. The one thing you need to pay attention to should be the KEXT ID thing mentioned above.

Like Comment
SOLVED Posted: by tjhall

Base the Sophos script installtion policy on a "kext approved - exists" smart group.
Otherwise there's a risk the installtion failing due to the installation happening before that kexts have been approved.

Like