Administration
This page
Other pages
Account
Jamf Pro - managing Sophos Central installations
In this article we'll show you how to use Jamf Pro to install Sophos Central, create smart groups for monitoring Sophos Central vs on-prem installations, and use extension attributes to view useful information from Sophos on client machines.
Installing Sophos Central
- Create a policy.
- Give it an appropriate name, trigger, and scope for your site. See Jamf Pro - Software Deployment for more info.
- In the Files and Processes payload, enter "sudo jamf policy -event euc-install-sophoscentral". This trigger will install the latest version approved by the EUC, and if your DLC has requested a custom reporting group, it will automatically enroll it in the correct group based on the target machine's site.
- Save the policy.
This one package will work for clean installs, upgrades from on-prem Sophos, and can also be used to repair faulty installations.
Detecting Sophos Central vs on-prem
Using smart groups, you can easily monitor how many Macs are running the new Sophos Central and how many are running the old on-prem Sophos.
The easiest way to distinguish between the two is by application name. Sophos Central uses "Sophos Endpoint.app", while the old on-prem Sophos uses "Sophos Anti-Virus.app". Here is how to make smart groups to detect each one:
Smart group 1: on-prem Sophos installations
- In the Jamf Pro sidebar, click on Computers, then Smart Groups.
- Create a new Smart Group.
- Name it something appropriate, e.g. "<site> - legacy Sophos installations."
- In the Criteria tab, click the "+ Add" button to add a new criteria.
- Choose the "Application Title" criteria.
- In the "Value" field, enter "Sophos Anti-Virus.app."
Smart Group 2: Sophos Central installations
- In the Jamf Pro sidebar, click on Computers, then Smart Groups.
- Create a new Smart Group.
- Name it something appropriate, e.g. "<site> - legacy Sophos installations."
- In the Criteria tab, click the "+ Add" button to add a new criteria.
- Choose the "Application Title" criteria.
- In the "Value" field, enter "Sophos Endpoint.app."
Sophos Extension attributes
There are a number of extension attributes in Jamf Pro to help monitor Sophos on client Macs. You can view these as columns in the computer list by clicking the gear icon at the top-right in Jamf and navigating to Computer Management > Inventory Display > Extension Attributes and enabling any of these attributes:
- Sophos AV Version
- This will show the current installed version of Sophos. This works for both Sophos Central and on-prem.
- Sophos Central Group
- This shows the reporting group in the Sophos Central console, e.g. "Mac" or your DLC's custom group.
- Sophos Kexts
- This is only relevant for Sophos on-prem on macOS 11 Big Sur. This will show you if the user has approved the kernel extension in System Preferences, which cannot be automated on Big Sur. For more info on manually approving the kernel extension, see Sophos Central - Manually Approve the Sophos System Extensions - macOS
- Sophos Last Update
- This shows the last time the virus definitions were updated on the client Mac. This applies to both Sophos Central and on-prem.
- Sophos Primary Update Server
- This only applies to the old on-prem Sophos. It shows the update server the client is connected to.
- Sophos Quarantined Threats
- This only applies to the old on-prem Sophos. This shows quarantined threats that may need to be manually cleaned up.
Questions?
Contact euc-help@mit.edu with any questions.
