We have been experiencing false Host Checker scans stating that Sophos Definitions are not up to date when they really are. This issue started with Sophos 9.2.8 but works just fine with 9.2.4. After some communication with Sophos we were told the following:
[i]Due to changes being introduced by Apple in OS X 10.11 "El Capitan" for System Integrity Protection, the command line tools sweep and sophosupdate are being moved. Applies to the following Sophos product(s) and version(s) SAV for Mac OS X 9.2.8, SAV for Mac OS X 9.4.0, Sophos Cloud Managed Endpoint 9.3.4 (Mac) Sophos Anti-Virus for OS X - Command line tools moving
In OS X 10.11, Apple is introducing a new featured called System Integrity Protection (SIP), also known as "rootless". This locks down certain directories on the system so only Apple can change them. Not even root (the master user) can change them. Previously, we have placed two command line tools, sweep and sophosupdate, in the folder /usr/bin/. The /usr/ folder is one of the folders being locked down by SIP. Apple has added a directory under this, /usr/local/, which is for use by applications requiring command line tools, and is the suggested alternative as per Apple.
As of version 9.2.8, 9.3.4+, and 9.4.0+, we have implemented this changed and moved the install location of the tools. We also had to move the manual files from /usr/share/man/man1/ to /usr/local/share/man/man1/
Updates to SAV for Mac as of September 2015 includes:
On Premise Mac 9.2.8 â€¢ Supports OS 10.11 (El Capitan)
On Premise Preview Mac 9.4.0 â€¢ Supports OS 10.11 (El Capitan) â€¢ Added PUA detections on Mac - KB122488 â€¢ Device Control now supports iPhone MTP/PTP devices â€¢ Changed web interception engine (Much higher performance) â€¢ Autoupdate reliability updates (retry) â€¢ Several minor bug fixes â€¢ Updated Secure Removable devices â€¢ Changed Quarantine Manager view â€¢ RMS 4.0[/i]
Therefore there now exists a new location for Sophos installs above version 9.2.8, see above. We are suspecting that Host Checker must be redeveloped to accommodate this new location. We have updated firmware on our MA2600 to 8.1r5 and ESAP to 2.8.7, latest and greatest. Please advise.