A standalone, post-post-install script to (hopefully) update Sophos and detect false-positive installation results
While deploying a recent Sophos EDR pilot, creating a custom installer package with a minimal post-install script a close as possible to Sophos Central: How to deploy Sophos Endpoint for macOS from Command Line seemed like the best approach:
#!/bin/sh ## postinstall pathToScript=$0 pathToPackage=$1 targetLocation=$2 targetVolume=$3 # Install Sophos echo "* Installing application ..." /var/tmp/Sophos Endpoint Workforce EDR-2020-10-21/Sophos Installer.app/Contents/MacOS/Sophos Installer --install echo "* Application installed." # Remove Installer echo "* Remove installer files ..." /bin/rm -Rf /var/tmp/Sophos Endpoint Workforce EDR-2020-10-21 echo "* Installer removed." exit 0 ## Success exit 1 ## Failure
However, the Jamf Pro policy logs included a false-positive:
7. Verifying package integrity… 8. Installing Sophos Endpoint Workforce EDR-2020-10-21.pkg… 9. Successfully installed Sophos Endpoint Workforce EDR-2020-10-21.pkg.
Yes, the custom package had successfully executed, but the
SophosUpdate binary was missing client-side.
Adding the one-liner of …
if [ -f /usr/local/bin/SophosUpdate ]; then /usr/local/bin/SophosUpdate; else /bin/echo "Error: SophosUpdate NOT found"; fi
… to …
Jamf Pro Policy > Options > Files and Processes > Execute Command, still resulted in a false-positive Jamf Pro Policy Status of Completed.
13. Running command if [ -f /usr/local/bin/SophosUpdate ]; then /usr/local/bin/SophosUpdate; else /bin/echo “Error: SophosUpdate NOT found”; fi… 14. Result of command: Error: SophosUpdate NOT found
Jamf Support confirmed this is the current expected behavior and recommended creating yet another script.
This script is compatible with Jamf Pro and can be pasted directly — without modification — into a new Script window in Jamf Pro (no additional parameters need to be specified).
Add the script to your Sophos Endpoint policy to execute After the installation package.