Menu Close

Sophos Endpoint Update

A standalone, post-post-install script to (hopefully) update Sophos and detect false-positive installation results


While deploying a recent Sophos EDR pilot, creating a custom installer package with a minimal post-install script a close as possible to Sophos Central: How to deploy Sophos Endpoint for macOS from Command Line seemed like the best approach:

## postinstall


# Install Sophos
echo "* Installing application ..."
/var/tmp/Sophos Endpoint Workforce EDR-2020-10-21/Sophos Installer --install
echo "* Application installed."

# Remove Installer
echo "* Remove installer files ..."
/bin/rm -Rf /var/tmp/Sophos Endpoint Workforce EDR-2020-10-21
echo "* Installer removed."

exit 0      ## Success
exit 1      ## Failure

However, the Jamf Pro policy logs included a false-positive:

7. Verifying package integrity… 8. Installing Sophos Endpoint Workforce EDR-2020-10-21.pkg… 9. Successfully installed Sophos Endpoint Workforce EDR-2020-10-21.pkg.

Yes, the custom package had successfully executed, but the SophosUpdate binary was missing client-side.

Adding the one-liner of …

if [ -f /usr/local/bin/SophosUpdate ]; then /usr/local/bin/SophosUpdate; else /bin/echo "Error: SophosUpdate NOT found"; fi

… to …

Jamf Pro Policy > Options > Files and Processes > Execute Commandstill resulted in a false-positive Jamf Pro Policy Status of Completed.

13. Running command if [ -f /usr/local/bin/SophosUpdate ]; then /usr/local/bin/SophosUpdate; else /bin/echo “Error: SophosUpdate NOT found”; fi… 14. Result of command: Error: SophosUpdate NOT found

Jamf Support confirmed this is the current expected behavior and recommended creating yet another script.


This script is compatible with Jamf Pro and can be pasted directly — without modification — into a new Script window in Jamf Pro (no additional parameters need to be specified).

Add the script to your Sophos Endpoint policy to execute After the installation package.

Posted in Jamf Pro, Scripts

Related Posts