Anti-Virus for macOS

These instructions are primarily for people who want to install Sophos Central Endpoint (Anti-Virus) onto their self-managed or BYOD Apple macOS devices. Please check with your local IT Support Staff about antivirus protection for college and departmental systems as local arrangements often apply, and installing the version intended for personal systems may cause problems.

Table of Contents

  1. Installing the Sophos Software
  2. Sophos Endpoint for macOS machines
  3. Checking the status of Sophos 
  4. Keeping Sophos up to date
  5. Frequently Asked Questions (FAQ)
  6. Uninstalling Sophos
  7. Further information and documentation

Installing Sophos

If you haven't already obtained Sophos you can download it via the following link: https://register.it.ox.ac.uk/software. When the download is complete, navigate to the area it has been downloaded to and open the file named 'mac_sophos_central_install.zip'. The unzipped file should contain two items: Sophos Installer Components and the Sophos Installer. Please check that your device meets the necessary system requirements before opening the 'Sophos Installer'. You will then be presented with the window displayed below.

Please note: before installing the Sophos software you must uninstall any other anti-virus software you may have installed on the machine (read the software manufacturer's instructions on how to do this).

sophos mac install

Click 'Install'. This will begin the installation. You will then be prompted to insert your administrator username and password. Once you have added these credentials, please click 'Install Helper'.

sophos mac install

Sophos normally takes just a few minutes to install and then you'll see a completion screen. This will confirm that Sophos Endpoint for macOS has successfully installed, the machine has been registered with Sophos Central and the software has been correctly configured. Click 'Quit' when you are ready to continue.

Installing Sophos Endpoint on macOS for the first time

Once you have installed Sophos Endpoint for macOS from https://register.it.ox.ac.uk/software as per the instructions above, there are a couple of extra steps to take for those machines running MacOS regarding security permissions.  

Full details on how to grant these permissions can be found on the Sophos Central help pages here.

Checking the status of Sophos

When the software has been successfully installed, navigate to the menu bar at the top of your screen. You should now see an icon depicting the symbol of a shield, which you can use to easily access the Sophos Endpoint software. When you click on this icon you should be presented with the status of Sophos running on your machine. As per the screen shot below, it should confirm that your machine is protected.

sophos mac menu bar

Upon clicking 'Open Sophos Endpoint' you will be presented with the below window. It shows a summary of detected threats that Sophos has protected your device from, as well as options to view Events and more detailed Scan Information. The status of your machine is also displayed here.

sophos mac endpoint

Keeping Sophos up to date

Sophos Endpoint is configured to automatically download and install updates to keep your defences against viruses, trojans, and worms as up-to-date as possible. On networked computers, this occurs once an hour for the Sophos detection engine and every 10 minutes for the threat detection data. 

If either the automatic update or the manual update fails for any reason the shield on the menu bar will have a cross in the middle of it. Your computer does need to be connected to the Internet in order to download updates so if you see this icon when you are not connected this is normal and nothing to be concerned about. When you reconnect to the Internet it may take up to an hour before Sophos tries to update again and the shield returns to normal. In this instance you may wish to 'Update Now' manually to bring the machine back to date promptly. To find out when the program last updated itself, click on the shield on the menu bar, select 'Open Endpoint' then 'About'.

You should see a window showing the last date and time that Sophos was updated.

sophos zoom

You can also update Sophos manually at any time by clicking 'Update Now'.

Frequently Asked Questions (FAQ)

Below we have answered a number of frequently asked questions regarding Sophos Endpoint for MacOS.

I would like to run a scan on my machine – how do I do this?

In order to run a scan, open Sophos Endpoint. You have two options, either to start the scan using the 'Scan Now' button on the intial window, or navigate to the 'Scan Info' option.

sophos mac scan now

Click 'Scan Now' to initiate a scan of your machine. This may take some time, but you can see the progress in the form of a completion bar, as well as the number of files that are remaining to scan and any detections.

I have an issue with Sophos - how can I get assistance?

In order to report an issue with Sophos Endpoint for macOS on your BYOD device, please speak with the IT Services Service Desk. They can be contacted at https://help.it.ox.ac.uk/get-support or 01865 (6)12345. When reporting this issue it is important to include the following information:

  • Version of macOS
  • Your unique Endpoint ID
  • Version of Sophos

Rather helpfully, all of this information can be found within Sophos itself. In order to find this information, open Sophos Endpoint and navigate to the 'About' section. You should then click the 'Run Diagnostic Tool' button. This will open the Sophos Endpoint Self Help tool.

sophos self help

This tool provides more in-depth detail into Sophos Endpoint and the background process and policies set up for this device. In this instance, please navigate to the 'System' option. You will be presented with a screen similar to the below screenshot. We recommend providing these details to the Service Desk when reporting an issue so that they have all the data required to begin an investigation.

sophos self help 2

Uninstalling Sophos

In order to uninstall Sophos Endpoint, navigate to your Applications folder and locate the application 'Remove Sophos Endpoint'. Run this application.

sophos uninstall

Click 'Continue', then insert your administrator password to continue. The uninstall will then proceed to run. When the uninstall has completed, you will be presented with the following screen.

sophos uninstall

Further Information and Documentation

If you encounter any problems there is a Frequently Asked Questions (FAQ) web page with answers to some of the most common issues that people encounter.

Sophos provide full documentation in their Sophos Central documentation.

Support Contacts

For a personally managed device or for general advice, please contact the IT Services Service Desk.

For a University or Department owned device, please contact your Local IT Support Staff.

IT Support Staff to contact OxCERT.

About this Service

This service is provided by

OxCERT logo

For more details about service governance refer to the service catalogue entry.