Skip to content

Installer command-line options for Mac

On macOS Monterey 12.4 or later, you can't unzip the installer in the documents or downloads directories or on the desktop. It will fail to install. You must unzip the installer somewhere else, we recommend the home directory, /users/<username>/.

On macOS Big Sur 11 you must unzip the installer in the home directory, /users/<username>/.

Mac command line options

Some options may not be available for all customers yet.

The Sophos Central Endpoint installer for Mac supports the following command-line options.


Runs the installer without displaying the user interface.

--quiet --install


Specifies the Sophos Central device group to join the endpoint to. You can also use this option to add devices to a subgroup. You must use \ for any groups that have spaces in their names.

--devicegroup <Central group>

--devicegroup <Central group>\<Central subgroup>

--devicegroup <Central group>\<Central subgroup>\<Central subgroup>


--devicegroup Organization\Group\ with\ space\Subgroup

Trailing argument

Group or subgroup to join. If it doesn't exist, it is created.

Message relays

Specifies a list of message relays to use.

--messagerelays <space-separated message relay list of IPs including the port>

Trailing argument

IP address of the message relay must be specified along with port, 8190.


--messagerelays IPADDRESS:8190 IPADDRESS:8190

Proxy address

Specifies a custom proxy to use.

--proxyaddress <custom proxy address>

Trailing argument

URL without protocol (uses HTTPS)

Proxy port

Specifies a port that the proxy uses.

--proxyport <proxy port>

Trailing argument

Port for the proxy.

Proxy username

If a custom proxy has been specified, set the username with this option.

--proxyusername <custom proxy user name>

Trailing argument

Username for the proxy.

Proxy password

If a custom proxy and username have been specified, set the password with this option.

--proxypassword <custom proxy password>

Trailing argument

Password for the proxy.

Computer name override

Overrides the name of the computer to be used in Sophos Central.

--computernameoverride <override for computer name>

Trailing argument

Custom computer name.

Don't use quotes around the computer name.

You can only use this option for a new installation.

Domain name override

Overrides the domain name of the computer to be used in Sophos Central.

--domainnameoverride <override for domain>

Trailing argument

Custom domain name.

You can only use this option for a new installation.

Preferred domain name for usernames in Sophos Central

Sets the client to send usernames as domain\username instead of machine\username.

You can only use this option for a new installation.


Registration server

Specifies the MCS server to connect to.

--mgmtserver <registration server URL>

Trailing argument

MCS server URL

Customer token

Specifies the token of the Sophos Central customer to associate the endpoint with.

--customertoken <the customer token>

Trailing argument

UUID which maps to a customer.

Products to install

Specifies a list of products to install. If you specify a product that you don't have a license for, then it isn't installed.

--products <space separated list of products to install>

Trailing argument

Space-separated list of products to install.

Available options are: antivirus, intercept, mdr, xdr, deviceEncryption or all.


The Mac installer is aware of all the message relays and update caches when the installation is downloaded. Changes to caches and relays mean that you need to download a new installation. You can specify relays using the command line as well.



You can only install xdr on Macs running macOS Big Sur 11 or later.

If you install xdr only we won't install anti-malware protection. You must have third-party protection installed to protect your devices.

Mac examples

Install Sophos Anti-Virus and Intercept X without user interaction:

sudo ./Sophos\\ Installer --products antivirus intercept --quiet

Install using a proxy:

sudo ./Sophos\\ Installer --proxyaddress <ProxyIP/FQDN> --proxyport <Port>

Install using a message relay:

sudo ./Sophos\\ Installer --messagerelays

Use a file to change names


If you use command-line options, file-based overrides are ignored.

You can use a file to change names and descriptions for computers and domains. To do this, do as follows:

  1. Create a new file in /Library/Preferences/ called com.sophos.mcs-overrides.plist.
  2. Use the following format:

        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">;
        <plist version="1.0">
  3. Copy and paste the key and string pairs so that you have as many as you need.

  4. Change the key and string pairs, as follows:

    • To change a computer name, replace the string for ComputerNameOverride.
    • To change the domain name, replace the string for DomainNameOverride.
    • To change a description for a computer, replace the string ComputerDescriptionOverride.
  5. Make sure your entries obey the following rules:

    • Length must be from 1 to 256 characters.
    • Don't use newline characters.
    • Don't use '\n' or '\r'.
    • Don't use the symbols <, >, &, ', ", /.
    • Don't use consecutive whitespace characters. They are replaced with a single space.
  6. Remove any key and string pairs that you aren't using. All entries in the file are used.

  7. Save the file in /Library/Preferences/.

    You can do this before or after installing Sophos Endpoint Protection. However if you do it after an installation a new computer may appear in Sophos Central with the new details. The old computer is also still present. If you do it before installing we remove the old computer and the new computer appears.

  8. To load this file, you can restart the computer or run the following command from Terminal:

    sudo launchctl stop com.sophos.mcs


If SMEPreferDomainName is turned on this also overrides the domain used for the reported user domain.