Skip to content

Check security permissions on macOS

You need to grant Sophos Endpoint security permissions to run on your Macs. You may need to do this more than once as Apple frequently updates its security requirements. See Security permissions on macOS.

If you use remote deployment, you grant security permissions during the deployment setup. See Installing Endpoint Protection using Jamf Pro.

You can check that your Mac has the correct permissions in Sophos Endpoint Self Help. You can also use Terminal to check your permissions.

If you're using remote deployment you can also check your permissions. You can do this using Terminal or the management tool you're using for remote deployment.

Check permissions in Sophos Endpoint

You can check your permissions in Sophos Endpoint Self Help. You can also fix any issues with your permissions using the self-help tool.

To check your permissions, do as follows:

  1. Open Sophos Endpoint.
  2. Click About > Diagnostic Tool.
  3. Click Prerequisites.
  4. Check your permissions.

    If there are problems, click the link to fix the issue.

    Check permissions in Sophos Endpoint Self Help

Check permissions using a terminal

You need to add an additional right to check the security permissions using a terminal. This is due to Apple security restrictions.

You need to be an administrator to add this permission.

To check permissions using a terminal, do as follows:

  1. On your Mac, click Settings > Security.
  2. In Security & Privacy, click Privacy.
  3. Click the lock at the bottom of the window and sign in to make changes.

    Sign in to update settings

  4. Scroll down and click Full Disk Access on the left.

    Full disk access permissions

  5. Click the + icon on the right.

  6. Click Terminal in the application list.
  7. Select Terminal.

    Full disk access permissions

  8. Close Security & Privacy.

  9. Open Terminal.
  10. Run the following command:

    sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db 'select * from access' | grep -i sophos

    This shows you all the permissions that have been given to Sophos. Note that the permissions vary depending on your license and installed products.

    Here's an example showing the permissions for a Mac. It has Sophos Anti-Virus for macOS and Sophos MDR installed.

    Example permissions for a MAC

Check permissions for remote deployments

You can check the permissions given to Sophos for your remote deployments either using Terminal or your deployment tool.

Check permissions using Terminal

The settings for your remote deployments are stored in an overrides file. You can find this file in /Library/Application\ Support/com.apple.TCC/MDMOverrides.plist.

You can only access this file using a Terminal window that has full access permissions.

We recommend that you copy this file to another location before opening it. This is due to Apple's security restrictions.

To check permissions, do as follows:

  1. Open a Terminal window with full access permissions. See Check permissions using a terminal.
  2. Run the following command to copy the overrides file to your desktop.

    sudo cp /Library/Application\ Support/com.apple.TCC/MDMOverrides.plist ~/Desktop/

  3. Check the file.

    The file has entries similar to those shown in the previous section. Each entry will also look similar to the following:

    identifier "com.sophos.endpoint.uiserver" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"

    The subject.OU is always 2H5GFH3774. This is Sophos's ID. The certificates should also stay the same.

Check permissions using your deployment tool

You can use Jamf and other Mobile Device Management (MDM) providers to set permissions remotely when you deploy software. You can check the permissions for software in the tool.

The following instructions tell you how to check permissions in Jamf.

We recommend that you check your deployment's tool help for up-to-date instructions on how to check permissions and settings.

In Jamf you deploy permissions using a policy. You need to check the policy settings to see what permissions Sophos has.

To check permissions, do as follows:

  1. Open Jamf.
  2. Go to Settings > Profiles.
  3. Select your Sophos deployment policy.

    A list of settings appears. Under Privacy Preferences Policy Control you will see Access All Application Data and a list of components. There should be several Sophos Components in the list, all flagged as Allowed.

    Here's an example of the information Jamf shows.

    Permissions in Jamf

We read the contents of the applied policy and system settings locally. We then check this against our list of applications.