Showing results for 
Search instead for 
Did you mean: 

Sophos MAC 9.2.8 and up with Host Checker

New Contributor

Sophos MAC 9.2.8 and up with Host Checker

We have been experiencing false Host Checker scans stating that Sophos Definitions are not up to date when they really are. This issue started with Sophos 9.2.8 but works just fine with 9.2.4. After some communication with Sophos we were told the following:

[i]Due to changes being introduced by Apple in OS X 10.11 "El Capitan" for System Integrity Protection, the command line tools sweep and sophosupdate are being moved.
Applies to the following Sophos product(s) and version(s)
SAV for Mac OS X 9.2.8,
SAV for Mac OS X 9.4.0,
Sophos Cloud Managed Endpoint 9.3.4 (Mac)
Sophos Anti-Virus for OS X - Command line tools moving

In OS X 10.11, Apple is introducing a new featured called System Integrity Protection (SIP), also known as "rootless". This locks down certain directories on the system so only Apple can change them. Not even root (the master user) can change them.
Previously, we have placed two command line tools, sweep and sophosupdate, in the folder /usr/bin/. The /usr/ folder is one of the folders being locked down by SIP. Apple has added a directory under this, /usr/local/, which is for use by applications requiring command line tools, and is the suggested alternative as per Apple.

As of version 9.2.8, 9.3.4+, and 9.4.0+, we have implemented this changed and moved the install location of the tools.
We also had to move the manual files from /usr/share/man/man1/ to /usr/local/share/man/man1/

Updates to SAV for Mac as of September 2015 includes:

On Premise Mac 9.2.8
• Supports OS 10.11 (El Capitan)

On Premise Preview Mac 9.4.0
• Supports OS 10.11 (El Capitan)
• Added PUA detections on Mac - KB122488
• Device Control now supports iPhone MTP/PTP devices
• Changed web interception engine (Much higher performance)
• Autoupdate reliability updates (retry)
• Several minor bug fixes
• Updated Secure Removable devices
• Changed Quarantine Manager view
• RMS 4.0[/i]

Therefore there now exists a new location for Sophos installs above version 9.2.8, see above. We are suspecting that Host Checker must be redeveloped to accommodate this new location. We have updated firmware on our MA2600 to 8.1r5 and ESAP to 2.8.7, latest and greatest. Please advise.

- Onnig
Tags (1)
New Contributor

Re: Sophos MAC 9.2.8 and up with Host Checker

ESAP 2.8.8 fixed this problem.
New Contributor

Re: Sophos MAC 9.2.8 and up with Host Checker

Now we are having a problem with hostchecker identifying the latest scan with Sophos 9.2.4 or above only on Macs with OS 10.9.5. Using ESAP 2.8.8.
New Contributor

Re: Sophos MAC 9.2.8 and up with Host Checker

Same problem with OS X 10.8

Re: Sophos MAC 9.2.8 and up with Host Checker

we are aware of this and working on a fix, will update once we have an ETA.