Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sophos MAC 9.2.8 and up with Host Checker

onnigs
New Contributor
‎10-26-2015 09:42:PM
‎10-26-2015 09:42:PM

Sophos MAC 9.2.8 and up with Host Checker

We have been experiencing false Host Checker scans stating that Sophos Definitions are not up to date when they really are. This issue started with Sophos 9.2.8 but works just fine with 9.2.4. After some communication with Sophos we were told the following:

[i]Due to changes being introduced by Apple in OS X 10.11 "El Capitan" for System Integrity Protection, the command line tools sweep and sophosupdate are being moved.
Applies to the following Sophos product(s) and version(s)
SAV for Mac OS X 9.2.8,
SAV for Mac OS X 9.4.0,
Sophos Cloud Managed Endpoint 9.3.4 (Mac)
Sophos Anti-Virus for OS X - Command line tools moving

In OS X 10.11, Apple is introducing a new featured called System Integrity Protection (SIP), also known as "rootless". This locks down certain directories on the system so only Apple can change them. Not even root (the master user) can change them.
Previously, we have placed two command line tools, sweep and sophosupdate, in the folder /usr/bin/. The /usr/ folder is one of the folders being locked down by SIP. Apple has added a directory under this, /usr/local/, which is for use by applications requiring command line tools, and is the suggested alternative as per Apple.

As of version 9.2.8, 9.3.4+, and 9.4.0+, we have implemented this changed and moved the install location of the tools.
We also had to move the manual files from /usr/share/man/man1/ to /usr/local/share/man/man1/

Updates to SAV for Mac as of September 2015 includes:

On Premise Mac 9.2.8
• Supports OS 10.11 (El Capitan)

On Premise Preview Mac 9.4.0
• Supports OS 10.11 (El Capitan)
• Added PUA detections on Mac - KB122488
• Device Control now supports iPhone MTP/PTP devices
• Changed web interception engine (Much higher performance)
• Autoupdate reliability updates (retry)
• Several minor bug fixes
• Updated Secure Removable devices
• Changed Quarantine Manager view
• RMS 4.0[/i]

Therefore there now exists a new location for Sophos installs above version 9.2.8, see above. We are suspecting that Host Checker must be redeveloped to accommodate this new location. We have updated firmware on our MA2600 to 8.1r5 and ESAP to 2.8.7, latest and greatest. Please advise.

- Onnig
Tags (1)
0 Kudos
4 REPLIES 4
onnigs
New Contributor
‎10-29-2015 08:36:PM
‎10-29-2015 08:36:PM

Re: Sophos MAC 9.2.8 and up with Host Checker

ESAP 2.8.8 fixed this problem.
0 Kudos
onnigs
New Contributor
‎11-17-2015 12:43:AM
‎11-17-2015 12:43:AM

Re: Sophos MAC 9.2.8 and up with Host Checker

Now we are having a problem with hostchecker identifying the latest scan with Sophos 9.2.4 or above only on Macs with OS 10.9.5. Using ESAP 2.8.8.
0 Kudos
onnigs
New Contributor
‎11-17-2015 04:29:PM
‎11-17-2015 04:29:PM

Re: Sophos MAC 9.2.8 and up with Host Checker

Same problem with OS X 10.8
0 Kudos
JaiLaisram
Pulser
‎11-23-2015 02:51:AM
‎11-23-2015 02:51:AM

Re: Sophos MAC 9.2.8 and up with Host Checker

we are aware of this and working on a fix, will update once we have an ETA.

Thanks,
Jai
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.