Best Mac Antivirus Software. You need an antivirus program on your Mac. That statement may cause some Apple users to argue or walk away, but 2017 has so far seen more Mac malware and adware than.
Introduction These instructions are primarily for people who want to install Sophos Anti-Virus onto their personal laptop and/or desktop. Please check with your local IT Support Staff about antivirus protection for college and departmental systems as local arrangements often apply, and installing the version intended for personal systems may cause problems. This guide outlines the steps required to install the Sophos anti-virus software on Apple Mac computers. Although currently relatively little malware targets OS X systems, it is in on the increase. Some malware can compromise the security of your system, and may capture information you use to connect to other systems such as over the Internet, so we do recommend that Mac users install anti-malware software such as Sophos as a precaution.
If you haven't already obtained Sophos you can download it via the following link: Please note: Before installing the Sophos software you must uninstall any other anti-virus software you may have installed on the machine (read the software manufacturer's instructions on how to do this). For comprehensive instructions on installing and configuring the Sophos software refer to the appropriate Sophos installation guide from the pages. The following is a brief outline of the first-time installation of Sophos on an Apple Mac. Sophos Anti-Virus for Mac OS X version 9.6.4 now supports the latest macOS 10.13 (High Sierra). Due to a new security mechanism that Apple has released with macOS 10.13.
Called Secure Kernel Extension Loading (SKEL), all non-Apple kernel extensions must be manually added to a trusted list. This allows the kernel extensions to load and is required for Sophos Anti-Virus to function properly. For further details please refer to this.
Installing the Sophos Software The file you download from our website (which will be named something like sophos8osx2013.dmg) is a special type of file called a disk image. Depending on the method you use to download the file, it may automatically mount a disk image called Sophos 8.x for OS X 10.4+ or similar on your Mac desktop and open it automatically.
However it is likely that the disk image won't mount automatically, in which case you will need to select it from the list of downloads, or find it (most likely in your Downloads) folder and double-click on it to mount the image. Once the disk image has been mounted you should see a volume called something like Sophos Anti-Virus OS X 10.4+ containing a file called Sophos Anti-Virus.mpkg. Click on Close to close the installation window. If Sophos wasn't installed before you should now see a shield in the menu bar (top right of the screen). The shield may initially be grey but after just a few moments should turn black to indicate that Sophos is now protecting your computer. Due to a new security mechanism that Apple has released with macOS 10.13.
Called Secure Kernel Extension Loading (SKEL) you will be presented with a System Extension Blocked notification. To enable these extensions, open Security & Privacy System Preferences where you will see a message saying System software from developer 'Sophos' was blocked from loading. Click on Allow to enable ( note: blocked extensions will only show in this list for 30 minutes, they will re-appear the next time Sophos attempts to loads the extension). Keeping Sophos Anti-Virus up to date Sophos Anti-Virus uses a username and password to automatically download updates. These credentials are valid for around 14 months and expire around the start of November each year. Once they have expired, Sophos will no longer be updated, and your computer will be more vulnerable to new viruses and other malware etc.
This normally only applies to Sophos installed onto personal laptops and desktops. On college or departmental systems, Sophos (or other antivirus software) is often managed by your local IT Support staff and you should check with them before making any changes. To make sure that you keep your computer(s) up to date, you will need to download and install a new Sophos package in October each year. Please see the for more details on how to check when your installation(s) of Sophos will stop updating. So long as the updating credentials are current, Sophos Anti-Virus is configured to automatically download and install updates to keep your defences against viruses, trojans and worms as up-to-date as possible. On networked computers, this occurs once an hour. To find out when the program last updated itself, click on the shield on the menu bar and select Show AutoUpdate Window.
You should see a window showing the last date and time that Sophos was updated. Configuring On-access Scanning The OS X client is configured with on-access scanning enabled.
This means that when you open a file on your computer Sophos will first check whether it contains malware before it allows the file to be opened. Sophos Anti-Virus on-access settings are configured as follows. Scanning of network drives is disabled.
Disinfection is enabled. If items cannot be disinfected, access to them will be blocked In this section we provide details on how to change these settings, and on the most common options that you might want to change. For full details of all of the settings consult the documentation.
To access the settings click on the shield in the menu bar and select Open Sophos Anti-Virus Preferences. By default disinfection is enabled and access to infected files is denied and the files moved to a standard location if this fails. The default location that Sophos uses is /Users/Shared/Infected. This gives you the chance to inspect any infected files, attempt to disinfect them, and if that fails to try and recover data from them before deleting them from your system. If you prefer to delete any infected files immediately then choose the Delete infected files option but we would recommend that you don't configure on-access scanning this way as occasionally it could lead to legitimate files being deleted by accident. On-demand (Immediate) Scanning The on-access scanning gives you constant protection against viruses and other malware that might be contained in any files on your computer. In addition you can perform on-demand scans of all or part of your hard disk.
As with on-access scanning you can also configure options that control the way that on-demand scans work. To configure on-demand scans, open Sophos Anti-Virus by clicking on the Sophos shield in the menu bar and selecting Open Sophos Anti-Virus. from the menu. You can also open Sophos Anti-Virus from the Applications folder.
When the preferences window opens, if necessary click on On-demand Scanning to view the options for on-demand scans. Before you can make any changes to the configuration the padlock in the bottom left of the screen needs to be open. If it isn't, click on the padlock and enter your password when prompted. The default options for on-demand scans are shown below. By default cleanup isn't enabled so you may want to change this setting, for example to Clean up infected files. If you choose this setting, a further setting will appear allowing you to choose what to do if cleanup fails.
For the past few major releases, Sophos used a standard installer package to install both their free and paid antivirus solution. With the release of Sophos Anti-Virus 9.x though, Sophos changed how their antivirus solution for Macs was installed. Sophos has now switched to using an application to install their antivirus.
However, for their customers using, Sophos still provides an installer metapackage. This is good news for Mac admins, but the configuration and login credentials that used to be stored in /Library/Preferences/com.sophos.sau.plist in Sophos 8.x has been overhauled in Sophos 9.x. /Library/Preferences/com.sophos.sau.plist in Sophos 9.x now no longer contains login information, only server locations. The login credentials no longer being available in /Library/Preferences/com.sophos.sau.plist meant that the Sophos Anti-Virus client was not able to connect back to the Sophos enterprise console and receive either management or updates. Since those login credentials were working in my shop for machines in Active Directory OUs that the Sophos enterprise console was managing, that meant that those credentials were available somewhere on the system. After working on the problem in his own shop, figured out that: /Library/Preferences/com.sophos.sau.plist /Library/Sophos Anti-Virus/Sophos.keychain Once I had this information and understood what was going on, I was able to build and deploy a Sophos Enterprise Anti-Virus for Mac OS X 9.x installer that was able to install a pre-configured set of auto-update settings.
For more details, see below the jump. Prerequisites A copy of the Sophos Anti-Virus.mpkg installer package from your Sophos enterprise server. A copy of the Sophos.keychain file, which will need to be taken from the following location on a Sophos Enterprise-managed machine: /Library/Sophos Anti-Virus/Sophos.keychain A copy of the com.sophos.sau.plist file, which will need to be taken from the following location on a Sophos Enterprise-managed machine: /Library/Preferences/com.sophos.sau.plist 1. Set up a new Packages project and select Raw Package. In this case, I’m naming the project Sophos Enterprise AntiVirus 9.1.6.
Once the Packages project opens, click on the Project tab. You’ll want to make sure that the your information is correctly set here (if you don’t know what to put in, check the Help menu for the Packages User Guide. The information you need is in Chapter 4 – Configuring a project.) In this example, I’m not changing any of the options from what is set by default. Next, click on the Settings tab. In the case of my project, I want to install with root privileges and not require a logout, restart or shutdown. To accomplish this, I’m choosing the following options in the Settings section: In the Post-Installation Behavior section, set On Success: to Do Nothing In the Options section, check the box for Require admin password for installation 5.
Click on the Scripts tab in your Packages project. Select the Sophos installer metapackage and drag it into the Additional Resources section of your Packages project. Select the Sophos.keychain file and drag it into the Additional Resources section of your Packages project. The last piece is doing an automated uninstall of any existing Sophos installations, then installing a fresh copy of Sophos with the pre-configured autoupdate settings. For this, you’ll need a preinstall script and postinstall script. Here are the preinstall and postinstall scripts that I’m using: Preinstall Postinstall 9.
Once you’ve got the preinstall and postinstall scripts built, run the following command to make the script executable: sudo chmod a+x /path/to/preinstall sudo chmod a+x /path/to/postinstall 10. Once completed, add the preinstall and postinstall scripts to your Packages project.
Last step, go ahead and build the package. (If you don’t know to build, check the Help menu for the Packages User Guide. The information you need is in Chapter 3 – Creating a raw package project and Chapter 10 – Building a project.) Testing the installer Once the package has been built, test it by taking it to a test machine that does not have Sophos and install it. The end result should be that Sophos Anti-Virus installs properly and has the pre-configured settings for your Sophos Enterprise server included automatically. Worked like a charm, thanks rtrouton. One thing that almost slipped passed me and I was wondering why there was no mention of the com.sophos.sau.plist file, then I saw it in the postinstall script.
You have to insert the contents of your com.sophos.sau.plist into the postinstall script. Also, @joeg, yes, I was directed by our Sophos admin to this KB, and I did make the mod to the mpkg for our group path. We are an AD environment, so we’ll see what happens. Any idea of where this grouppath.plist info gets installed / located locally, or is it info that gets sent to the Sophos console at install. Thanks again.
I have got is working. Still looking into how to set scanning. I have found if “root” creates a local scan schedule, the setting is saved in a plist in /Library/Application Support/Sophos Anti-Virus/Scans/Scan This Mac -root.plist.
If this Sophos Anti Virus folder and its contents are then copied to another machine with no scheduled scans, the scan scheduled in the plist will run. So my idea is to make an installer package of this folder and send it out to all the machines after Sophos has been installed. Hello Hugh, yes that is how scans are currently stored, and it will definitely work for any version in the field today. Please understand its not really a supported feature to create these files yourself; the product knows how to read/write these files, and we reserve the right to change the format or location without notice.
Any upgrade that does that will migrate existing settings of course, but new / clean installations wouldn’t necessarily do the same migration. The interesting question this raised for me is “why do you do this?” Why do you not want to use our management console to manage these systems? We are definitely open to increasing the scope of the pre-configuration utilities, just trying to figure out why the management console isn’t a better choice in your case. Hello Emily, if you are using the managed endpoint these will receive the correct credentials automatically from the SEC system.
If you want to configure a stand-alone endpoint you will need to know the username and password issued to your company. Its the same information that would have been provided to the SEC system administrator, set in the Update Manager dialog box. Once you have these two strings, use the CreateUpdatePreconfig tool and specify -SecondaryServerType as 0, -SecondaryServerUserName and -SecondaryServerPassword as you normally would.