Sophos Central Mac Installation Guide
This guide will show you how to install Sophos Central Antivirus on macOS X for employees with non-managed work stations.
Installation Requirements:
- System running a supported operating system: macOS 10.12 to10.15, and 11.0 +
- Minimum 2GB RAM
- An account on your computer with installation privileges
Remove any other antivirus software before installing Sophos:
- Open Finder
- Click “Applications”
- Locate your current antivirus software in the folder list then:
- Use the uninstaller
- Move the application icon to the trash
- Click the application icon in the folder
- With the icon selected
- Select “File”
- Select “Move to Trash”
- Restart your computer
- It is recommended to restart your PC before installing new antivirus software as some antivirus components may be retained in system memory.
Installation Steps:
- Go to the IS Downloads page located at:
https://www.uregina.ca/is/common/ur/downloads/mac.html - Click the link "Sophos Central AntiVirus for MacOSX 10.12+" to download the software
- Input your username and password when prompted
- Save the file "SophosInterceptXInstall.zip" to your computer
- Once downloaded, open the archive package, inside should be “Sophos Installer.app”
- Double click the app, you may receive a warning that this file was downloaded from the internet, click “Open” to proceed
- The installer will start and display a welcome prompt
- You may or may not see We found a previous installation .... Go to the next step.
- Click Install to proceed, your computer will ask you for your credentials to authorize this installation:
- Please wait patiently as the installer sets up your new antivirus software, it can take up to 10 minutes to install
- Once complete, the installer will display a success message and should automatically register with our license:
- Click "Quit" to close installation window.
- If you are prompted by Sophos with a message "System Extension Blocked" click "OK".
After installing Sophos Antivirus:
- In the Apple "System Preferences" window go to "Security & Privacy"
or click "Open Security & Privacy" if you see a popup: - Near the bottom of the "Security & Privacy" window, there will be a list of the blocked Kernel Extensions (kexts) by Sophos.
- Click the Lock icon to make changes, then Click the "Allow" button.
- Note: Once authorized, all future Sophos kernel extensions are allowed, even after the uninstall.
- This step is not needed again on a reinstall.
- Kernel extensions already installed during an upgrade from MacOS 10.12 are automatically authorized.
Additional Requirements for MacOS 10.15 and MacOS 11+
The change to System Extensions in Big Sur requires additional security permissions beyond what is detailed in the above instructions for macOS 10.12-10.14. Apple has enforced these permissions, and they cannot be added automatically.
If using MacOS 10.15 or MacOS11+, the following additional installation steps are required. Without these steps, malware scanning and web protection will not function.
- During install or after upgrade to Big Sur (With Sophos Endpoint installed), a prompt will display to allow the System Extensions for SophosScanD and SophosWebNetworkExtension.
- Click "Open Security Preferences" and select to Allow both Extensions.
- A notice will open about restarting the services. Click to select both checkboxes, then click OK.
- Close the Security and Privacy window.
- A notice will open for allowing the Sophos Web Extension as a Proxy. Click Allow.
- The Sophos Full Disk Access required notification will appear. This is due to a new process required on Big Sur. This pop-up will occur (if Notifications are enabled) on install, and every 30 minutes if the permissions are detected as incorrect. Clicking on this notification will bring up a window that allows you to set permissions quickly.
- Click "Details" then click the link: Open "Security & Privacy" Preferences
- Click the Privacy tab if it is not already selected
- Click the lock in the lower-left and authenticate to make changes.
- Select Full Disk Access on the left side (You will need to scroll down)
- Drag the Sophos Icon from the Message to Security and Privacy
- You will get a message ""Sophos Endpoint UIServer" will not have full disk access until it is quit." You can select Later or Quit Now. Either will work (Later will need a restart to give the UI full access. This does not impact protection).
- Close Security and Privacy.
- Click "Details" then click the link: Open "Security & Privacy" Preferences
- In some circumstances, the OS will prompt for a restart to enable System Extensions. You must restart for Sophos to be activated fully.
For questions or installation assistance, please contact the IT Support Centre at:
Email: IT.Support@uregina.ca
Phone: 306-585-4685
Toll-free in Canada: 1-844-585-4685
In person at ED 137 or Archer Library