- 18 Jun 2024
- 2 読む分
- 印刷する
- PDF
Auto-assign permissions for Sophos software
- 更新日 18 Jun 2024
- 2 読む分
- 印刷する
- PDF
The following Payload helps IT Admins to auto-assign the below-mentioned permissions for Sophos software. This payload will work on Apple silicon and intel-chip based Macbooks.
Notification - SophosUserAgent
Notification - Sophos Encryption Agent
Full disk access - SophosServiceManager
Full disk access - SophosUserAgent
Full disk access - SophosScanAgent
Full disk access - SophosCleanD
Full disk access - com.sophos.endpoint.scanextension
Login Items - Sophos
System extension - SophosScanD
System extension - SophosNetworkExtension
Copy the contents directly from below and add it in Custom Settings in the Device Profile or click here to download the file and import it in the Device Profile.
Markup
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadDescription</key> <string>Configures Privacy Preferences Policy Control settings</string> <key>PayloadDisplayName</key> <string>Privacy Preferences Policy Control</string> <key>PayloadIdentifier</key> <string>com.promobitech.scalefusion.D2BF65F3-AF57-4261-8ED6-85C869EE3089.com.apple.TCC.configuration-profile-policy.4CA144AC-BE23-46FF-BAFF-DC12E1EA8E3D</string> <key>PayloadOrganization</key> <string>Scalefusion</string> <key>PayloadType</key> <string>com.apple.TCC.configuration-profile-policy</string> <key>PayloadUUID</key> <string>4CA144AC-BE23-46FF-BAFF-DC12E1EA8E3D</string> <key>PayloadVersion</key> <integer>1</integer> <key>Services</key> <dict> <key>SystemPolicyAllFiles</key> <array> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.sophos.macendpoint.CleanD" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.sophos.macendpoint.CleanD</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <false/> </dict> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.sophos.SophosScanAgent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.sophos.SophosScanAgent</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <false/> </dict> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.sophos.macendpoint.SophosServiceManager" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.sophos.macendpoint.SophosServiceManager</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <false/> </dict> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.sophos.endpoint.uiserver" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.sophos.endpoint.uiserver</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <false/> </dict> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>identifier "com.sophos.endpoint.scanextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774"</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>/Library/SystemExtensions/3944A47C-EAAE-41E4-A36D-C275F7060371/com.sophos.endpoint.scanextension.systemextension</string> <key>IdentifierType</key> <string>path</string> <key>StaticCode</key> <false/> </dict> </array> </dict> </dict> <dict> <key>NotificationSettings</key> <array> <dict> <key>AlertType</key> <integer>1</integer> <key>BadgesEnabled</key> <true/> <key>BundleIdentifier</key> <string>com.sophos.endpoint.uiserver</string> <key>CriticalAlertEnabled</key> <false/> <key>NotificationsEnabled</key> <true/> <key>ShowInLockScreen</key> <true/> <key>ShowInNotificationCenter</key> <true/> <key>SoundsEnabled</key> <true/> </dict> <dict> <key>AlertType</key> <integer>1</integer> <key>BadgesEnabled</key> <true/> <key>BundleIdentifier</key> <string>com.sophos.enc.Sophos-Encryption-Agent</string> <key>CriticalAlertEnabled</key> <false/> <key>NotificationsEnabled</key> <true/> <key>ShowInLockScreen</key> <true/> <key>ShowInNotificationCenter</key> <true/> <key>SoundsEnabled</key> <true/> </dict> </array> <key>PayloadDescription</key> <string>Configures Notification settings for macOS apps</string> <key>PayloadDisplayName</key> <string>Notifications</string> <key>PayloadIdentifier</key> <string>com.promobitech.scalefusion.D2BF65F3-AF57-4261-8ED6-85C869EE3089.com.apple.notificationsettings.686BE003-7602-4572-9EE8-356463C83FDC</string> <key>PayloadOrganization</key> <string>Scalefusion</string> <key>PayloadType</key> <string>com.apple.notificationsettings</string> <key>PayloadUUID</key> <string>686BE003-7602-4572-9EE8-356463C83FDC</string> <key>PayloadVersion</key> <integer>1</integer> </dict> <dict> <key>PayloadDescription</key> <string>Control the user experience for ServiceManagement login items (including launchd agents and daemons) in Login Items Settings.</string> <key>PayloadDisplayName</key> <string>Service Management - Managed Login Items</string> <key>PayloadIdentifier</key> <string>com.promobitech.scalefusion.D2BF65F3-AF57-4261-8ED6-85C869EE3089.com.apple.servicemanagement.48589B6C-5B71-43B4-895B-7815ABA24735</string> <key>PayloadOrganization</key> <string>Scalefusion</string> <key>PayloadType</key> <string>com.apple.servicemanagement</string> <key>PayloadUUID</key> <string>48589B6C-5B71-43B4-895B-7815ABA24735</string> <key>PayloadVersion</key> <integer>1</integer> <key>Rules</key> <array> <dict> <key>Comment</key> <string>Sophos</string> <key>RuleType</key> <string>TeamIdentifier</string> <key>RuleValue</key> <string>2H5GFH3774</string> </dict> </array> </dict> <dict> <key>AllowUserOverrides</key> <true/> <key>AllowedTeamIdentifiers</key> <array> <string>2H5GFH3774</string> </array> <key>PayloadDescription</key> <string>Configures System Extensions Policy</string> <key>PayloadDisplayName</key> <string>System Extension Policy</string> <key>PayloadIdentifier</key> <string>com.promobitech.scalefusion.D2BF65F3-AF57-4261-8ED6-85C869EE3089.com.apple.system-extension-policy.13D6AFE9-D428-4935-9124-F6BC37D31DCE</string> <key>PayloadOrganization</key> <string>Scalefusion</string> <key>PayloadType</key> <string>com.apple.system-extension-policy</string> <key>PayloadUUID</key> <string>13D6AFE9-D428-4935-9124-F6BC37D31DCE</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string>Payload to configure Sophos permissions</string> <key>PayloadDisplayName</key> <string>Sophos Configuration</string> <key>PayloadIdentifier</key> <string>com.promobitech.scalefusion.D2BF65F3-AF57-4261-8ED6-85C869EE3089</string> <key>PayloadOrganization</key> <string>Scalefusion</string> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>D2BF65F3-AF57-4261-8ED6-85C869EE3089</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>
Follow our guide on how to add the Custom Payload in the Device Profile & deploy it to devices.
Notes:
The Payload and its contents are sourced from various albeit authenticated Apple Developer communities and forums.
Please validate them on a test machine before deploying them on all your managed devices.
Scalefusion has tested these Payloads, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these payloads.