Skip to content
Sophos Central Endpoint: macOS Ventura Compatibility Issues

Sophos Central Endpoint: macOS Ventura Compatibility Issues


On Monday, October 24, 2022, Apple is releasing macOS Ventura.

This new macOS version updates a record in the operating system that inadvertently causes any existing application using security client extensions with Full Disk Access to lose that privilege. There is a scenario where the impact is that security scans are turned off without warning to the administrator for some endpoint security products, including Sophos Endpoint Protection.

You can use Application Control in Sophos Central to prevent end-users from upgrading to macOS Ventura. In your Application Control policy settings, select “macOS 13 Installer” in the “System tool” category. Instructions on creating and editing policies can be found in the Sophos Central Admin Help.

Product and Environment

  • macOS Ventura
  • Sophos Central macOS Endpoint (Intercept X)
    • Version 10.4.1 or later is required when using macOS Ventura. This version is already available in early access and customers will be automatically upgraded starting the week of October 24, 2022.

Note: Sophos Enterprise Console (SEC) managed systems only support up to macOS 12 Monterey.

Main Issue

Upgrading a device to macOS Ventura

When upgrading to macOS Ventura, please follow the steps below after the upgrade to Ventura completes.

Devices managed by a Mobile Device Management (MDM) solution

There is no action required. Sophos Endpoint Protection will protect the device as expected.

Installing Sophos Endpoint Protection onto a device that has already been upgraded to macOS Ventura.

There is no additional action required. Sophos Endpoint Protection will protect the device as expected.

Upgrading to macOS Ventura on a device that is already running Sophos Endpoint Protection

Please follow these steps:

  1. Open the System Preferences.
  2. Select Privacy and Security.
  3. Select Full Disk Access in the left list.
  4. Click the lock to be able to make changes and authenticate.
  5. Select the Sophos Endpoint scan extension, even if it is toggled on, and click - to remove it from the list.
  6. Wait a minute, and the Sophos Endpoint scan extension should automatically re-appear in the list.
  7. Select the toggle switch to turn on Full Disk Access.

Uninstalling and reinstalling Sophos Endpoint Protection does not correct this issue. The above steps must still be performed.

Other Known Compatibility Issues

Sophos Endpoint Protection's web protection does not function on macOS Ventura virtual machines

Sophos Endpoint Protection web protection functions normally on physical systems running macOS Ventura but does not work with virtual machines running macOS Ventura. We have opened a case with Apple regarding this.

Sophos Endpoint Protection agent can be turned off through System Settings

In macOS Ventura, users with Administrator credentials can turn off Sophos Protection Agent through System Settings > General > Login Items.

This setting can be controlled by deploying an MDM profile. See Installing Endpoint Protection on Macs for more information.

Login Itemsx600.png

Turning off background items for the Sophos Endpoint prevents its functionality.



The Sophos Endpoint UI may stop responding after opening [Fixed in 10.4.1]

In macOS Ventura, the Sophos Endpoint UI may stop responding after opening. Please upgrade to Sophos Endpoint Protection version 10.4.1 or later.


Red health status after update [Fixed in 10.4.1]

When updating the Sophos Endpoint agent on macOS Ventura, the device remains in red health even after a restart. Another device restart is needed to complete the installation and return the device to Green health status. Please upgrade to Sophos Endpoint Protection version 10.4.1 or later to avoid this issue.

Previous article Sophos MDR and Third-Party Cybersecurity Technologies
Next article Advisory: Sophos Central Maintenance scheduled

More Sophos News Posts