Overview
On Monday, October 24, 2022, Apple is releasing macOS Ventura.
This new macOS version updates a record in the operating system that inadvertently causes any existing application using security client extensions with Full Disk Access to lose that privilege. There is a scenario where the impact is that security scans are turned off without warning to the administrator for some endpoint security products, including Sophos Endpoint Protection.
You can use Application Control in Sophos Central to prevent end-users from upgrading to macOS Ventura. In your Application Control policy settings, select “macOS 13 Installer” in the “System tool” category. Instructions on creating and editing policies can be found in the Sophos Central Admin Help.
Product and Environment
- macOS Ventura
- Sophos Central macOS Endpoint (Intercept X)
- Version 10.4.1 or later is required when using macOS Ventura. This version is already available in early access and customers will be automatically upgraded starting the week of October 24, 2022.
Note: Sophos Enterprise Console (SEC) managed systems only support up to macOS 12 Monterey.
Main Issue
Upgrading a device to macOS Ventura
When upgrading to macOS Ventura, please follow the steps below after the upgrade to Ventura completes.
Devices managed by a Mobile Device Management (MDM) solution
There is no action required. Sophos Endpoint Protection will protect the device as expected.
Installing Sophos Endpoint Protection onto a device that has already been upgraded to macOS Ventura.
There is no additional action required. Sophos Endpoint Protection will protect the device as expected.
Upgrading to macOS Ventura on a device that is already running Sophos Endpoint Protection
Please follow these steps:
- Open the System Preferences.
- Select Privacy and Security.
- Select Full Disk Access in the left list.
- Click the lock to be able to make changes and authenticate.
- Select the Sophos Endpoint scan extension, even if it is toggled on, and click - to remove it from the list.
- Wait a minute, and the Sophos Endpoint scan extension should automatically re-appear in the list.
- Select the toggle switch to turn on Full Disk Access.
Uninstalling and reinstalling Sophos Endpoint Protection does not correct this issue. The above steps must still be performed.
Other Known Compatibility Issues
Sophos Endpoint Protection's web protection does not function on macOS Ventura virtual machines
Sophos Endpoint Protection web protection functions normally on physical systems running macOS Ventura but does not work with virtual machines running macOS Ventura. We have opened a case with Apple regarding this.
Sophos Endpoint Protection agent can be turned off through System Settings
In macOS Ventura, users with Administrator credentials can turn off Sophos Protection Agent through System Settings > General > Login Items.
This setting can be controlled by deploying an MDM profile. See Installing Endpoint Protection on Macs for more information.
Turning off background items for the Sophos Endpoint prevents its functionality.
The Sophos Endpoint UI may stop responding after opening [Fixed in 10.4.1]
In macOS Ventura, the Sophos Endpoint UI may stop responding after opening. Please upgrade to Sophos Endpoint Protection version 10.4.1 or later.
Red health status after update [Fixed in 10.4.1]
When updating the Sophos Endpoint agent on macOS Ventura, the device remains in red health even after a restart. Another device restart is needed to complete the installation and return the device to Green health status. Please upgrade to Sophos Endpoint Protection version 10.4.1 or later to avoid this issue.