After some struggling we finally managed to get it working. So the steps are like:
Deploy Sophos KEXT ID to all Macs via a Configuration Profile -> Approved Kernel Extensions
We took a script from this post (https://www.jamf.com/jamf-nation/discussions/23168/sophos-cloud-installs) and make customizations to fit our needs. Basically the script will download the zip installation package shown in your Sophos Central admin console, unzip it, and then install it.
The script looks like this, please replace the downloading URL.
#!/bin/sh cd /tmp if [[ -d "/tmp/Sophos Installer.app" ]]; then rm -rf /tmp/Sophos* fi # Update the URL as indicated in Sophos Admin Panel curl -O https://api-cloudstation-us-east-2.prod.hydra.sophos.com/api/download/xxxxxxxxxxxxxxxxxxxxxxx/SophosInstall.zip unzip SophosInstall.zip chmod a+x ./Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer chmod a+x ./Sophos\ Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper ./Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --install exit 0
NOTE: For larger corporation deployment I suppose you can also use the Composer method to do a local distribution of the installation package in order to prevent huge bandwidth usage. The one thing you need to pay attention to should be the KEXT ID thing mentioned above.