Installer command-line options for Mac
On macOS Monterey 12.4 or later, you can't unzip the installer in the documents
or downloads
directories or on the desktop. It will fail to install. You must unzip the installer somewhere else, we recommend the home directory, /users/<username>/
.
On macOS Big Sur 11 you must unzip the installer in the home directory, /users/<username>/
.
Mac command line options
Some options may not be available for all customers yet.
The Sophos Central Endpoint installer for Mac supports the following command-line options.
Quiet
Runs the installer without displaying the user interface.
--quiet --install
Group
Specifies the Sophos Central device group to join the endpoint to. You can also use this option to add devices to a subgroup. You must use \
for any groups that have spaces in their names.
--devicegroup <group>
--devicegroup <group>\<subgroup>
--devicegroup <group>\<subgroup>\<subgroup>
Replace <group>
and <subgroup>
with the name of the Sophos Central group and subgroup to join.
Example
--devicegroup Organization\Group\ with\ space\Subgroup
Trailing argument
Group or subgroup to join. If it doesn't exist, it is created.
Message relays
Specifies a list of message relays to use.
--messagerelays <IPs>
Replace <IPs>
with a space-separated message relay list of IPs including the port.
Trailing argument
IP address of the message relay must be specified along with port, 8190.
Example
--messagerelays IPADDRESS:8190 IPADDRESS:8190
Proxy address
Specifies a custom proxy to use.
--proxyaddress <URL>
Replace <URL>
with the custom proxy address.
Trailing argument
URL without protocol (uses HTTPS)
Proxy port
Specifies a port that the proxy uses.
--proxyport <port>
Replace <port>
with the proxy's port number.
Trailing argument
Port for the proxy.
Proxy username
If a custom proxy has been specified, set the username with this option.
--proxyusername <user>
Trailing argument
Replace <user>
with the username for the proxy.
Proxy password
If a custom proxy and username have been specified, set the password with this option.
--proxypassword <pw>
Trailing argument
Replace <pw>
with the password for the proxy.
Computer name override
Overrides the name of the computer to be used in Sophos Central.
--computernameoverride <name>
Trailing argument
Replace <name>
with the custom computer name.
Don't use quotes around the computer name.
You can only use this option for a new installation.
Domain name override
Overrides the domain name of the computer to be used in Sophos Central.
--domainnameoverride <domain>
Trailing argument
Replace <domain>
with the custom domain name.
You can only use this option for a new installation.
Preferred domain name for usernames in Sophos Central
Sets the client to send usernames as domain\username
instead of machine\username
.
You can only use this option for a new installation.
--mcsPreferredDomainName
Registration server
Specifies the MCS server to connect to.
--mgmtserver <URL>
Trailing argument
Replace <URL>
with the MCS server URL
Customer token
Specifies the token of the Sophos Central customer to associate the endpoint with.
--customertoken <UUID>
Trailing argument
Replace <UUID>
with the UUID which maps to a customer.
Products to install
Specifies a list of products to install. If you specify a product that you don't have a license for, then it isn't installed.
--products <products>
Trailing argument
Replace <products
with a space-separated list of products to install.
Available options are: antivirus
, intercept
, mdr
, xdr
, deviceEncryption
or all
.
Note
The Mac installer is aware of all the message relays and update caches when the installation is downloaded. Changes to caches and relays mean that you need to download a new installation. You can specify relays using the command line as well.
xdr
Restriction
You can only install xdr
on Macs running macOS Big Sur 11 or later.
If you install xdr
only we won't install anti-malware protection. You must have third-party protection installed to protect your devices.
Mac examples
Install Sophos Anti-Virus and Intercept X without user interaction:
sudo ./Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --products antivirus intercept --quiet
Install using a proxy:
sudo ./Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --proxyaddress <IP/FQDN> --proxyport <port>
Replace <IP/FQDN>
with the proxy's IP address or fully qualified domain name (FQDN) and <port>
with the proxy's port number.
Install using a message relay:
sudo ./Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --messagerelays 192.168.10.100:8190
Use a file to change names
Note
If you use command-line options, file-based overrides are ignored.
You can use a file to change names and descriptions for computers and domains. To do this, do as follows:
- Create a new file in
/Library/Preferences/
calledcom.sophos.mcs-overrides.plist
. -
Use the following format:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">; <plist version="1.0"> <dict> <key>ComputerNameOverride</key> <string>OverridingComputerName</string> <key>DomainNameOverride</key> <string>OverridingDomainName</string> <key>ComputerDescriptionOverride</key> <string>OverridingComputerDescription</string> </dict> </plist>
-
Copy and paste the key and string pairs so that you have as many as you need.
-
Change the key and string pairs, as follows:
- To change a computer name, replace the string for
ComputerNameOverride
. - To change the domain name, replace the string for
DomainNameOverride
. - To change a description for a computer, replace the string
ComputerDescriptionOverride
.
- To change a computer name, replace the string for
-
Make sure your entries obey the following rules:
- Length must be from 1 to 256 characters.
- Don't use newline characters.
- Don't use
'\n'
or'\r'
. - Don't use the symbols
<
,>
,&
,'
,"
,/
. - Don't use consecutive whitespace characters. They are replaced with a single space.
-
Remove any key and string pairs that you aren't using. All entries in the file are used.
-
Save the file in
/Library/Preferences/
.You can do this before or after installing Sophos Endpoint Protection. However if you do it after an installation a new computer may appear in Sophos Central with the new details. The old computer is also still present. If you do it before installing we remove the old computer and the new computer appears.
-
To load this file, you can restart the computer or run the following command from Terminal:
sudo launchctl stop com.sophos.mcs
Note
If SMEPreferDomainName
is turned on this also overrides the domain used for the reported user domain.