Skip to content

Check security permissions on macOS

You need to grant Sophos Endpoint security permissions to run on your Macs. You may need to do this more than once as Apple frequently updates its security requirements. See Security permissions on macOS.

If you use remote deployment, you grant security permissions during the deployment setup. See Installing Endpoint Protection using Jamf Pro.

You can check that your Mac has the correct permissions in Sophos Endpoint Self Help. You can also use Terminal to check your permissions.

If you're using remote deployment you can also check your permissions. You can do this using Terminal or the management tool you're using for remote deployment.

Check permissions in Sophos Endpoint

You can check your permissions in Sophos Endpoint Self Help. You can also fix any issues with your permissions using the self-help tool.

To check your permissions, do as follows:

  1. Open Sophos Endpoint.
  2. Click About > Diagnostic Tool.
  3. Click Prerequisites.
  4. Check your permissions.

    If there are problems, click the link to fix the issue.

    Check permissions in Sophos Endpoint Self Help.

Check permissions using a terminal

You need to add an additional right to check the security permissions using a terminal. This is due to Apple security restrictions.

You need to be an administrator to add this permission.

To check permissions using a terminal, do as follows:

  1. On your Mac, go to System Preferences > Security & Privacy.
  2. Click the Privacy tab.
  3. In the left pane, scroll down and then click Full Disk Access.

    Full disk access permissions.

  4. Click the lock at the bottom of the window.

  5. Enter your Mac username and password.

    Sign in to update settings.

  6. Click Unlock to authorize changes.

  7. At the bottom of Full Disk Access, click the plus icon.

    A list of applications displays.

  8. Click Terminal.

  9. Select the Terminal checkbox.

    Full disk access permissions.

  10. Close Security & Privacy.

  11. Open Terminal.
  12. Run the following command:

    sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db 'select * from access' | grep -i sophos
    

    This shows you all the permissions that have been given to Sophos. Note that the permissions vary depending on your license and installed products.

    Here's an example showing the permissions for a Mac. It has Sophos Anti-Virus for macOS and Sophos MDR installed.

    Example permissions for a Mac.

  1. On your Mac, go to System Settings > Privacy & Security.
  2. In Privacy & Security, click Full Disk Access.

    Full disk access.

  3. At the bottom of Full Disk Access, click the plus icon.

    A list of applications displays.

  4. Under Utilities, select Terminal.

  5. Click Open. The Terminal displays in the list of applications with Full Disk Access.

    Make sure that Terminal is turned on.

  6. Enter your Mac password if asked.

    The dialog to enter the Mac password.

  7. Close Security & Privacy.

  8. Open Terminal.
  9. Run the following command:

    sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db 'select * from access' | grep -i sophos
    

    This shows you all the permissions that have been given to Sophos. Note that the permissions vary depending on your license and installed products.

    Here's an example showing the permissions for a Mac. It has Sophos Anti-Virus for macOS and Sophos MDR installed.

    Example permissions for a Mac.

Check permissions for remote deployments

You can check the permissions given to Sophos for your remote deployments either using Terminal or your deployment tool.

Check permissions using Terminal

The settings for your remote deployments are stored in an overrides file. You can find this file in /Library/Application\ Support/com.apple.TCC/MDMOverrides.plist.

You can only access this file using a Terminal window that has full access permissions.

We recommend that you copy this file to another location before opening it. This is due to Apple's security restrictions.

To check permissions, do as follows:

  1. Open a Terminal window with full access permissions. See Check permissions using a terminal.
  2. Run the following command to copy the overrides file to your desktop.

    sudo cp /Library/Application\ Support/com.apple.TCC/MDMOverrides.plist ~/Desktop/

  3. Check the file.

    The file has entries similar to those shown in the previous section. Each entry will also look similar to the following:

    identifier "com.sophos.endpoint.uiserver" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"

    The subject.OU is always 2H5GFH3774. This is Sophos's ID. The certificates should also stay the same.

Check permissions using your deployment tool

You can use Jamf and other Mobile Device Management (MDM) providers to set permissions remotely when you deploy software. You can check the permissions for software in the tool.

The following instructions tell you how to check permissions in Jamf.

We recommend that you check your deployment's tool help for up-to-date instructions on how to check permissions and settings.

In Jamf you deploy permissions using a policy. You need to check the policy settings to see what permissions Sophos has.

To check permissions, do as follows:

  1. Open Jamf.
  2. Go to Settings > Profiles.
  3. Select your Sophos deployment policy.

    A list of settings appears. Under Privacy Preferences Policy Control you will see Access All Application Data and a list of components. There should be several Sophos Components in the list, all flagged as Allowed.

    Here's an example of the information Jamf shows.

    Permissions in Jamf.

We read the contents of the applied policy and system settings locally. We then check this against our list of applications.