Auto-assign permissions for Sophos software
  • 18 Jun 2024
  • 2 読む分
  • PDF

Auto-assign permissions for Sophos software

  • PDF

The content is currently unavailable in Ja - 日本語. You are viewing the default English version.
記事の要約

The following Payload helps IT Admins to auto-assign the below-mentioned permissions for Sophos software. This payload will work on Apple silicon and intel-chip based Macbooks.

  • Notification - SophosUserAgent

  • Notification - Sophos Encryption Agent

  • Full disk access - SophosServiceManager

  • Full disk access - SophosUserAgent

  • Full disk access - SophosScanAgent

  • Full disk access - SophosCleanD

  • Full disk access - com.sophos.endpoint.scanextension

  • Login Items - Sophos

  • System extension - SophosScanD

  • System extension - SophosNetworkExtension

  1. Copy the contents directly from below and add it in Custom Settings in the Device Profile or click here to download the file and import it in the Device Profile.

    Markup

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    	<key>PayloadContent</key>
    	<array>
    		<dict>
    			<key>PayloadDescription</key>
    			<string>Configures Privacy Preferences Policy Control settings</string>
    			<key>PayloadDisplayName</key>
    			<string>Privacy Preferences Policy Control</string>
    			<key>PayloadIdentifier</key>
    			<string>com.promobitech.scalefusion.D2BF65F3-AF57-4261-8ED6-85C869EE3089.com.apple.TCC.configuration-profile-policy.4CA144AC-BE23-46FF-BAFF-DC12E1EA8E3D</string>
    			<key>PayloadOrganization</key>
    			<string>Scalefusion</string>
    			<key>PayloadType</key>
    			<string>com.apple.TCC.configuration-profile-policy</string>
    			<key>PayloadUUID</key>
    			<string>4CA144AC-BE23-46FF-BAFF-DC12E1EA8E3D</string>
    			<key>PayloadVersion</key>
    			<integer>1</integer>
    			<key>Services</key>
    			<dict>
    				<key>SystemPolicyAllFiles</key>
    				<array>
    					<dict>
    						<key>Allowed</key>
    						<true/>
    						<key>CodeRequirement</key>
    						<string>identifier "com.sophos.macendpoint.CleanD" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"</string>
    						<key>Comment</key>
    						<string></string>
    						<key>Identifier</key>
    						<string>com.sophos.macendpoint.CleanD</string>
    						<key>IdentifierType</key>
    						<string>bundleID</string>
    						<key>StaticCode</key>
    						<false/>
    					</dict>
    					<dict>
    						<key>Allowed</key>
    						<true/>
    						<key>CodeRequirement</key>
    						<string>identifier "com.sophos.SophosScanAgent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"</string>
    						<key>Comment</key>
    						<string></string>
    						<key>Identifier</key>
    						<string>com.sophos.SophosScanAgent</string>
    						<key>IdentifierType</key>
    						<string>bundleID</string>
    						<key>StaticCode</key>
    						<false/>
    					</dict>
    					<dict>
    						<key>Allowed</key>
    						<true/>
    						<key>CodeRequirement</key>
    						<string>identifier "com.sophos.macendpoint.SophosServiceManager" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"</string>
    						<key>Comment</key>
    						<string></string>
    						<key>Identifier</key>
    						<string>com.sophos.macendpoint.SophosServiceManager</string>
    						<key>IdentifierType</key>
    						<string>bundleID</string>
    						<key>StaticCode</key>
    						<false/>
    					</dict>
    					<dict>
    						<key>Allowed</key>
    						<true/>
    						<key>CodeRequirement</key>
    						<string>identifier "com.sophos.endpoint.uiserver" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"</string>
    						<key>Comment</key>
    						<string></string>
    						<key>Identifier</key>
    						<string>com.sophos.endpoint.uiserver</string>
    						<key>IdentifierType</key>
    						<string>bundleID</string>
    						<key>StaticCode</key>
    						<false/>
    					</dict>
    					<dict>
    						<key>Allowed</key>
    						<true/>
    						<key>CodeRequirement</key>
    						<string>identifier "com.sophos.endpoint.scanextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"</string>
    						<key>Comment</key>
    						<string></string>
    						<key>Identifier</key>
    						<string>/Library/SystemExtensions/3944A47C-EAAE-41E4-A36D-C275F7060371/com.sophos.endpoint.scanextension.systemextension</string>
    						<key>IdentifierType</key>
    						<string>path</string>
    						<key>StaticCode</key>
    						<false/>
    					</dict>
    				</array>
    			</dict>
    		</dict>
    		<dict>
    			<key>NotificationSettings</key>
    			<array>
    				<dict>
    					<key>AlertType</key>
    					<integer>1</integer>
    					<key>BadgesEnabled</key>
    					<true/>
    					<key>BundleIdentifier</key>
    					<string>com.sophos.endpoint.uiserver</string>
    					<key>CriticalAlertEnabled</key>
    					<false/>
    					<key>NotificationsEnabled</key>
    					<true/>
    					<key>ShowInLockScreen</key>
    					<true/>
    					<key>ShowInNotificationCenter</key>
    					<true/>
    					<key>SoundsEnabled</key>
    					<true/>
    				</dict>
    				<dict>
    					<key>AlertType</key>
    					<integer>1</integer>
    					<key>BadgesEnabled</key>
    					<true/>
    					<key>BundleIdentifier</key>
    					<string>com.sophos.enc.Sophos-Encryption-Agent</string>
    					<key>CriticalAlertEnabled</key>
    					<false/>
    					<key>NotificationsEnabled</key>
    					<true/>
    					<key>ShowInLockScreen</key>
    					<true/>
    					<key>ShowInNotificationCenter</key>
    					<true/>
    					<key>SoundsEnabled</key>
    					<true/>
    				</dict>
    			</array>
    			<key>PayloadDescription</key>
    			<string>Configures Notification settings for macOS apps</string>
    			<key>PayloadDisplayName</key>
    			<string>Notifications</string>
    			<key>PayloadIdentifier</key>
    			<string>com.promobitech.scalefusion.D2BF65F3-AF57-4261-8ED6-85C869EE3089.com.apple.notificationsettings.686BE003-7602-4572-9EE8-356463C83FDC</string>
    			<key>PayloadOrganization</key>
    			<string>Scalefusion</string>
    			<key>PayloadType</key>
    			<string>com.apple.notificationsettings</string>
    			<key>PayloadUUID</key>
    			<string>686BE003-7602-4572-9EE8-356463C83FDC</string>
    			<key>PayloadVersion</key>
    			<integer>1</integer>
    		</dict>
    		<dict>
    			<key>PayloadDescription</key>
    			<string>Control the user experience for ServiceManagement login items (including launchd agents and daemons) in Login Items Settings.</string>
    			<key>PayloadDisplayName</key>
    			<string>Service Management - Managed Login Items</string>
    			<key>PayloadIdentifier</key>
    			<string>com.promobitech.scalefusion.D2BF65F3-AF57-4261-8ED6-85C869EE3089.com.apple.servicemanagement.48589B6C-5B71-43B4-895B-7815ABA24735</string>
    			<key>PayloadOrganization</key>
    			<string>Scalefusion</string>
    			<key>PayloadType</key>
    			<string>com.apple.servicemanagement</string>
    			<key>PayloadUUID</key>
    			<string>48589B6C-5B71-43B4-895B-7815ABA24735</string>
    			<key>PayloadVersion</key>
    			<integer>1</integer>
    			<key>Rules</key>
    			<array>
    				<dict>
    					<key>Comment</key>
    					<string>Sophos</string>
    					<key>RuleType</key>
    					<string>TeamIdentifier</string>
    					<key>RuleValue</key>
    					<string>2H5GFH3774</string>
    				</dict>
    			</array>
    		</dict>
    		<dict>
    			<key>AllowUserOverrides</key>
    			<true/>
    			<key>AllowedTeamIdentifiers</key>
    			<array>
    				<string>2H5GFH3774</string>
    			</array>
    			<key>PayloadDescription</key>
    			<string>Configures System Extensions Policy</string>
    			<key>PayloadDisplayName</key>
    			<string>System Extension Policy</string>
    			<key>PayloadIdentifier</key>
    			<string>com.promobitech.scalefusion.D2BF65F3-AF57-4261-8ED6-85C869EE3089.com.apple.system-extension-policy.13D6AFE9-D428-4935-9124-F6BC37D31DCE</string>
    			<key>PayloadOrganization</key>
    			<string>Scalefusion</string>
    			<key>PayloadType</key>
    			<string>com.apple.system-extension-policy</string>
    			<key>PayloadUUID</key>
    			<string>13D6AFE9-D428-4935-9124-F6BC37D31DCE</string>
    			<key>PayloadVersion</key>
    			<integer>1</integer>
    		</dict>
    	</array>
    	<key>PayloadDescription</key>
    	<string>Payload to configure Sophos permissions</string>
    	<key>PayloadDisplayName</key>
    	<string>Sophos Configuration</string>
    	<key>PayloadIdentifier</key>
    	<string>com.promobitech.scalefusion.D2BF65F3-AF57-4261-8ED6-85C869EE3089</string>
    	<key>PayloadOrganization</key>
    	<string>Scalefusion</string>
    	<key>PayloadScope</key>
    	<string>System</string>
    	<key>PayloadType</key>
    	<string>Configuration</string>
    	<key>PayloadUUID</key>
    	<string>D2BF65F3-AF57-4261-8ED6-85C869EE3089</string>
    	<key>PayloadVersion</key>
    	<integer>1</integer>
    </dict>
    </plist>

  2. Follow our guide on how to add the Custom Payload in the Device Profile & deploy it to devices.

Notes:

  1. The Payload and its contents are sourced from various albeit authenticated Apple Developer communities and forums.

  2. Please validate them on a test machine before deploying them on all your managed devices.

  3. Scalefusion has tested these Payloads, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these payloads.




この記事は役に立ちましたか?