Many organizations are experiencing increased pressure to demonstrate compliance with an array of regulations which may include the U.S. Government Configuration Baseline (USGCB), Payment Card Industry Data Security Standards (PCI DSS) and Sarbanes-Oxley Act (SOX). We will describe how to automate deployment of and reporting on the Sophos SafeGuard full disk encryption product using the Casper Suite.
Extension attributes are custom fields that allow you to collect almost any piece of attribute data from a computer.
Find out more about extension attributes on the extension attributes page.
This attribute returns the Virus Definitions Date for Sophos. This attribute template applies to Sophos (v 7.1).
Sophos - Virus Definition Date.xml (767 B)
This attribute returns the Virus Definitions Date for Sophos. This attribute template applies to Sophos (v 8.0.16).
Sophos - Virus Definition Date-8.0.xml (831 B)
This attribute returns the Virus Definitions Version for Sophos. This attribute template applies to Sophos (v 7.1).
Sophos - Virus Definition Version.xml (725 B)
To list the primary auto update url set on the client.
Sophos_AV_Primary_Update_Server.xml (526 B)
This is used to display the Sophos Anti-Virus router parent address configuration on a client machine
Sophos_Anti-Virus_RMS_Configuration.xml (858 B)
This Extension Attribute will read the lastest Data File Date of Sophos By default Jamf Pro Server comes with the extension attribute "Sophos - Virus Definition Version": https://www.jamf.com/jamf-nation/third-party-products/files/172/sophos-virus-definition-version This Extension Attribute seems to be incorrect because it checks the Sophos Threat Detection Engine release date and not the virus DAT release date. I added a script that actually shows the correct date.
sophos_data_file_date.sh (512 B)
Package manifests allow Composer to build packages from software that is already installed without taking snapshots.
Find out more about package manifests on the package manifests page.
Licensed software records in Jamf Pro let you store information about the software licensed to your organization.
Find out more about licensed software templates on the licensed software templates page.
Scripts can be executed on managed computers using a Policy or Jamf Remote. Most scripts also work with other management tools.
Find out more about scripts on the scripts page.
This is used with a launch daemon to run the script every time a volume is mounted This script will search if there is removable media and will automatically scan the media If there is a virus the system tries to "touch the file" which activate the SAV Quarantine Manager
SAV_Scan_Removable_Media.sh (1.60 KB)
This is to be used in conjunction with a launch daemon running all the time. You can get Lingon here to create the launch daemon http://sourceforge.net/projects/lingon/files/Lingon/2.1.1/
SAV_Eject_USB.sh (2.23 KB)
http://www.sophos.com/en-us/support/knowledgebase/119758.aspx Written by Tim Kimpton 09.23.2014 The Remote Management System (RMS) that deals with the communication between Sophos Anti-Virus for Mac OS X and the Sophos Enterprise Console can be configured to allow the Machine Name, Domain Name, and Computer Description to be overridden and alternative values to be used. For more information see http://www.sophos.com/en-us/support/knowledgebase/119758.aspx This script does the following 1. Checks if an override already exists and if so exits 2. Checks if the machine is bound to the domain & computer name exists in directory services 3. Writes the computer name into the override 4. Restarts the relevant Sophos Anti-Virus Services
Sophos_Anti-Virus_Override.sh (2.62 KB)
see http://www.sophos.com/en-us/support/knowledgebase/119758.aspx Written by Tim Kimpton 09.22.2014 There are multiple machine names that can be used within the OS X operating system; however, these can all differ and lead to some confusion. The machine name that we should use, according to Apple's documentation, is the NetBIOS name that is referenced within the com.apple.smb.server.plist file. Older versions of OS X may not contain the com.apple.smb.server.plist file; if this file cannot be found, we attempt to check the smb.plist file. Sophos Anti-Virus for OS X will check these files in this order to determine the machine name to send to Sophos Enterprise Console: The Remote Management System (RMS) that deals with the communication between Sophos Anti-Virus for Mac OS X and the Sophos Enterprise Console can be configured to allow the Machine Name, Domain Name, and Computer Description to be overridden and alternative values to be used.
Sophos_Anti-Virus_Override.sh (2.49 KB)
This script will force sophos to perform a virus scan on the hard drive and will quarantine any infected files if desired. The default behavior of the script is to simply perform a scan of the drive and report back any infected files in the output of the script. Additionally, files can be quarantined if found to be infected with a virus. Please note that this script was created using the latest version of Sophos AV available at the time of the script creation (4.9). Compatibility with versions of Sophos AV created prior to and post 4.9 is unknown at this time.
runSophosScan.sh (5.68 KB)
This script will download the latest virus definitions for Sophos AntiVirus for mac to ensure that the latest definition set is being used whenever a Sophos scan is run. Please note that this script was created using the latest version of Sophos AV available at the time of the script creation (4.9). Compatibility with versions of Sophos AV created prior to and post 4.9 is unknown at this time.
updateSophosVirusDefs.sh (5.09 KB)
Managed Preference (MCX) manifests allow you to enforce settings on managed computers with Jamf Pro. These files also work with Workgroup Manager.
Find out more about managed preference manifests on the managed preference manifests page.