Skip to content

Security permissions on macOS

You need to grant Sophos Endpoint security permissions to run on your Macs. You may need to do this more than once as Apple frequently updates its security requirements.

If you use remote deployment, you grant security permissions during the deployment setup. See Installing Endpoint Protection using Jamf Pro.

We check that we have the permissions we need every 30 minutes. We use the Sophos Service Manager to do this.

You can manually check you have the correct permissions by closing the Sophos Service Manager. You do this in Activity Monitor. Sophos Service Manager restarts automatically and checks permissions after 30 seconds. It then checks every 30 minutes.

Sophos Endpoint shows a notification when it needs permissions. You can grant permissions from this notifiication.

Grant permissions

To grant permissions, do as follows:

  1. In the notification, click Details.
  2. Click Open Security & Privacy preferences.
  3. In Security & Privacy, click Privacy.
  4. Click the lock at the bottom of the window and sign in to make changes.

    Sign in to update permissions

  5. Scroll down and click Full Disk Access on the left.

    Full disk access permissions

  6. Drag the Sophos icon from Sophos Endpoint to Security & Privacy.

    Adding full access permissions for Sophos Endpoint

  7. You need to grant full disk access to Sophos Endpoint UIServer. Choose from the following options:

    • Click Select Quit & Reopen to do this immediately.
    • Click Later to give permissions and carry on working. You will need to restart your Mac to give full disk access. You're still protected.
  8. Close Security & Privacy.