Re: Sophos Vpn Client Mac Download
Mazie Wingeier
we have some clients that are in a limbo state, had a on prem server and migrated to the cloud. 99% are in the cloud. a tech installed the old client on the new machines and now they are in a limbo state, cant manage from the new or old server.
You can download and install the authentication clients and server CAs on Windows, macOS, and Linux. The downloaded file contains the authentication client and the authentication server CA. Authentication clients use the CA to establish a TLS connection with the firewall for user authentication. Click on your operating system for download and installation instructions.
Download certificate for iOS 12 and earlier and Android client: If you have an Android or iOS 12 and earlier device, download and install this authentication server CA certificate on your mobile device. For more information about how to do this, see Use Sophos Network Agent for iOS 12 and Android devices.
If your administrator has shared a signing CA certificate with you, install the signing CA (Default CA) on your mobile device and turn on trust for the CA. For more information about how to do this, see Use Sophos Network Agent for iOS 13 devices.
Click Download Sophos Outlook Add-in to download and install the SPX add-in. The SPX add-in simplifies the encryption of messages that contain sensitive or confidential information leaving the organization. The add-in integrates seamlessly with the user's Microsoft Outlook software, making it easy for users to encrypt messages through Sophos Firewall Email Protection.
Hi all, we're having a difficult time uninstalling Sophos Endpoint Protection from our Mac endpoints with Jamf. This particular enterprise version of Sophos employs Tamper Protection, which was easy enough for us to disable by creating a policy that deletes the SophosSecure.keychain file that Tamper Protection creates on all the endpoints, but even with Tamper Protection disabled we can't figure out how to remotely uninstall the client itself. So far, we've tried the following approaches, both of these scoped to a test machine with Sophos Endpoint Protection installed and with Tamper Protection disabled:
No luck with either method. If anyone here has successfully removed Sophos Endpoint Protection with a Jamf policy, or if you have any other ideas in general, your feedback would be most appreciated. Sophos support told us that they do not have a batch uninstall feature but I have to believe it's possible with Jamf.
Guess I'm not the only one in the process of removing that nightmare. We disabled tamper protection universally and gave it a little time to update all of the clients. I then deployed the following script for the Macs which seems to be working just fine:
@ekey Can you give me an idea of how you did this? I attempted to do the same and it did not work. Was it just a matter of dragging the uninstaller.pkg and deploying as-is or did you need to add a post-install script/ any commands? I have a ticket open with Sophos but am very stuck so any help is much appreciated!
I'm trying to remove it from our computers, so far no luck. Every script I try runs, but none of them actually seem to remove the app (based on JAMF's reporting). I can't figure out what I'm doing wrong. Does anyone have any thoughts?
If you remove the SecureKeychain from the "LibrarySophos Anti-Virus" folder you can remove at will without a tamper proof key. I have an automator action and a script that does this and kicks off the removal tool which when ran from an admin account works out awesome.
From a manual removal situation, I had a machine recently that copied the Sophos application components over to a new machine while using Migration Assistant. Knowing I did not intend to use Sophos Endpoint on this machine, but not thinking that it would copy over, I declined all permission requests from Sophos. However, with no services running, now it did not communicate with Sophos Central so I could not see the machine to disable Tamper Protection, AND when I tried to run Remove Sophos Endpoint.app to uninstall, the app prompted me for a password. Needless to say I had no idea what such a password would be, nor could I find it in my Sophos Central admin panel anywhere. I finally resorted to filing a support ticket with Sophos, and they said for versions above 9.7, to delete /Library/Sophos Anti-Virus/SophosSecure.keychain to disable the Tamper Protection, then run the application. I did this, and then Remove Sophos Endpoint.app ran successfully without any password prompt.
Just got done with a week of fiddling with this. We are looking to switch from Sophos to CrowdStrike and I have been validating the Big Sur part of all that. Have been using a script much like MrRobotos's for years with no issues, but Big Sur is a different story. The Sophos provided uninstaller doesn't remove the System Extensions, so you will have to do it manually or sorta scripted:
-x-endpoint/big-sur-eap/f/recommended-reads/124391/how-to-remo...
-system-extension-command-line.html
FWIW the CrowdStrike agent does do the right thing and tell macOS to remove their System Extension, so maybe someday Sophos will too. For now you need to make sure and have the System Extensions deleted first and then run the script or the removal app in the Sophos folder. My testing was on macOS 11.5.2 using Sophos Endpoint 10.1.4. We use Central and have Jamf MDM with profiles/policies for all the needful. Wanted to give people the heads up, since once Sophos is removed you can't easily get rid of the extensions without installing Sophos again and then manually removing them. This will complicate the CrowdStrike rollout a little, but hey it is so secure!
Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. Learn about Jamf.
This site contains User Content submitted by Jamf Nation community members. Jamf does not review User Content submitted by members or other third parties before it is posted. All content on Jamf Nation is for informational purposes only. Information and posts may be out of date when you view them. Jamf is not responsible for, nor assumes any liability for any User Content or other third-party content appearing on Jamf Nation.
After opening the client the home screen defaults to the Status tab. The Status tab displays an overview of security events on the device, if any have been found. You can click Scan to initiate a malware scan of the device.
The Events tab contains a log of security events and detections on the device. You can filter the events by priority by clicking on the All Events drop down menu. The All Sources drop down menu allows you to filter by threat type like Malware, Web Threats, etc.
The Settings tab lists available client settings. Click the "Override Sophos Central Policy for up to 4 hours to troubleshoot" checkbox towards the top of the window to enable modification of the settings. Once checked you can turn different components on or off such as real time scanning, website blocking, or exploit detection.
Clicking "About" in the lower right hand corner at any time brings up advanced options and information. The About screen displays the version number of any Sophos Cloud components installed on the device. Note, the value for "Device Encryption" will appear as "Not Installed" even if your device is encrypted with Sophos Safeguard. The value can be ignored.
Within the Endpoint Self Help window, click the "Tools" tab at the top for additional actions. Here you can scan a file and also get the file's SHA256 hash. The Launch SDU option in the lower left provides a convenient shortcut to launch the Sophos Diagnostic Utility.
The Sophos Diagnostic Utility (SDU) is a Sophos program that collects information about Sophos products installed on the system or those that have attempted recent installation. The collected information can be used to debug any issues with Sophos related products.
The SDU is a standalone program and can be found in your device's list of software. Alternately, you can start the SDU by opening Sophos Cloud and navigating to About -> Run Diagnostic Tool -> Launch SDU.
If you are working on an active case with Sophos and have been instructed to run the SDU, you can fill out the appropriate information and click "Send mail to Sophos". This opens the default mail app on the device with a pre-drafted email with the archive file attached. However, in general you'll be reviewing the logs yourself or be sending them to the security office for review. To retrieve the log archive, click "locate archive". A Windows Explorer window will automatically open to the location of the .zip files, which can now be copied, emailed, uploaded, or otherwise manipulated as necessary.
I have a Fortinet EC2 instance configured with SSL VPN for client connections on account 1. all is working well from client to AWS account 1, however i am needing to get access to EC2 resources in a sub account 2.
Fortinet EC2 GUI can ping local resources in account 1, however cannot ping resources in sub account 2.I have confirmed the route table has been updated to include the sub account CIDR rangeI have confirmed the firewall rule has been updated to inlcude the sub account CIDR range
Have you set a route to communicate to the CIDR of subaccount 2 in the Fortinet EC2 routing settings?
Please configure the routing settings not only from the AWS route table but also from the Fortinet EC2 UI.
Also, disable "source/destination checks" in Fortinet EC2's ENI.
If you do not configure this setting, you will be configured to only receive packets whose source or destination is the EC2 IP.
_NAT_Instance.html#EIP_Disable_SrcDestCheck
I believe this is the default CIDR distributed to Fortinet's SSL-VPN clients. -Tip-How-to-monitor-the-link-health-for-SSL-VPN/ta-p/263576
Therefore, I think it is probably necessary to configure NAT settings for the VPN user in order to communicate with the resources of subaccount 2.I think you can configure NAT settings in the firewall policy, so try setting the VPN user as the source and enabling NAT.Also, don't forget to configure the following documents. _NAT_Instance.html#EIP_Disable_SrcDestCheck