Sophos Central Mac Installation Guide

This guide will show you how to install Sophos Central Antivirus on macOS X for employees with non-managed work stations.

Installation Requirements:

  1. System running a supported operating system: macOS 10.12 to10.15, and 11.0 +
  2. Minimum 2GB RAM
  3. An account on your computer with installation privileges

Remove any other antivirus software before installing Sophos:

  1. Open Finder
  2. Click “Applications”
  3. Locate your current antivirus software in the folder list then:
    1. Use the uninstaller
    2. Move the application icon to the trash
    3. Click the application icon in the folder
      1. With the icon selected
      2. Select “File”
      3. Select “Move to Trash”
  4. Restart your computer
    1. It is recommended to restart your PC before installing new antivirus software as some antivirus components may be retained in system memory.

Installation Steps:

  1. Go to the IS Downloads page located at:
  2. Click the link "Sophos Central AntiVirus for MacOSX 10.12+" to download the software
  3. Input your username and password when prompted
  4. Save the file "" to your computer
  5. Once downloaded, open the archive package, inside should be “Sophos”
  6. Double click the app, you may receive a warning that this file was downloaded from the internet, click “Open” to proceed
  7. The installer will start and display a welcome prompt
  8. You may or may not see We found a previous installation .... Go to the next step.
  9. Click Install to proceed, your computer will ask you for your credentials to authorize this installation:
  10. Please wait patiently as the installer sets up your new antivirus software, it can take up to 10 minutes to install
  11. Once complete, the installer will display a success message and should automatically register with our license:
  12. Click "Quit" to close installation window.
  13. If you are prompted by Sophos with a message "System Extension Blocked" click "OK".

After installing Sophos Antivirus:

  1. In the Apple "System Preferences" window go to "Security & Privacy"
    or click "Open Security & Privacy" if you see a popup:
  2. Near the bottom of the "Security & Privacy" window, there will be a list of the blocked Kernel Extensions (kexts) by Sophos.
  3. Click the Lock icon to make changes, then Click the "Allow" button.
  • Note: Once authorized, all future Sophos kernel extensions are allowed, even after the uninstall.
  • This step is not needed again on a reinstall.
  • Kernel extensions already installed during an upgrade from MacOS 10.12 are automatically authorized.

Additional Requirements for MacOS 10.15 and MacOS 11+

The change to System Extensions in Big Sur requires additional security permissions beyond what is detailed in the above instructions for macOS 10.12-10.14.  Apple has enforced these permissions, and they cannot be added automatically.

If using MacOS 10.15 or MacOS11+, the following additional installation steps are required.  Without these steps, malware scanning and web protection will not function.

  1. During install or after upgrade to Big Sur (With Sophos Endpoint installed), a prompt will display to allow the System Extensions for SophosScanD and SophosWebNetworkExtension.

  2. Click "Open Security Preferences" and select to Allow both Extensions.

  3. A notice will open about restarting the services. Click to select both checkboxes, then click OK.
  4. Close the Security and Privacy window.
  5. A notice will open for allowing the Sophos Web Extension as a Proxy. Click Allow.
  6. The Sophos Full Disk Access required notification will appear. This is due to a new process required on Big Sur. This pop-up will occur (if Notifications are enabled) on install, and every 30 minutes if the permissions are detected as incorrect. Clicking on this notification will bring up a window that allows you to set permissions quickly.
    1. Click "Details" then click the link: Open "Security & Privacy" Preferences 
    2. Click the Privacy tab if it is not already selected
    3. Click the lock in the lower-left and authenticate to make changes.
    4. Select Full Disk Access on the left side (You will need to scroll down)
    5. Drag the Sophos Icon from the Message to Security and Privacy
    6. You will get a message ""Sophos Endpoint UIServer" will not have full disk access until it is quit." You can select Later or Quit Now. Either will work (Later will need a restart to give the UI full access. This does not impact protection).
    7. Close Security and Privacy.
  7. In some circumstances, the OS will prompt for a restart to enable System Extensions. You must restart for Sophos to be activated fully.

For questions or installation assistance, please contact the IT Support Centre at:

Phone: 306-585-4685
Toll-free in Canada: 1-844-585-4685
In person at ED 137 or Archer Library