A standalone, post-post-install script to (hopefully) update Sophos and detect false-positive installation results
While deploying a recent Sophos EDR pilot, creating a custom installer package with a minimal post-install script a close as possible to Sophos Central: How to deploy Sophos Endpoint for macOS from Command Line seemed like the best approach:
#!/bin/sh
## postinstall
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
# Install Sophos
echo "* Installing application ..."
/var/tmp/Sophos\ Endpoint\ Workforce\ EDR-2020-10-21/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --install
echo "* Application installed."
# Remove Installer
echo "* Remove installer files ..."
/bin/rm -Rf /var/tmp/Sophos\ Endpoint\ Workforce\ EDR-2020-10-21
echo "* Installer removed."
exit 0 ## Success
exit 1 ## Failure
However, the Jamf Pro policy logs included a false-positive:
- Verifying package integrity...
- Installing Sophos Endpoint Workforce EDR-2020-10-21.pkg...
- Successfully installed Sophos Endpoint Workforce EDR-2020-10-21.pkg.
Yes, the custom package had successfully executed, but the SophosUpdate binary was missing client-side.
Adding the one-liner of …
if [ -f /usr/local/bin/SophosUpdate ]; then /usr/local/bin/SophosUpdate; else /bin/echo "Error: SophosUpdate NOT found"; fi
… to …
Jamf Pro Policy > Options > Files and Processes > Execute Command, still resulted in a false-positive Jamf Pro Policy Status of Completed.
- Running command if [ -f /usr/local/bin/SophosUpdate ]; then /usr/local/bin/SophosUpdate; else /bin/echo "Error: SophosUpdate NOT found"; fi...
- Result of command: Error: SophosUpdate NOT found
Jamf Support confirmed this is the current expected behavior and recommended creating yet another script.
This script is compatible with Jamf Pro and can be pasted directly — without modification — into a new Script window in Jamf Pro (no additional parameters need to be specified).
Add the script to your Sophos Endpoint policy to execute After the installation package.