How to Enable Sophos Antivirus Background Scanning on MacOS

Sophos have advised that after the Big Sur/macOS 11 upgrade, Sophos background scanning on Macs may stop running.

Sophos are also reporting when upgrading from macOS 14/Sonoma to macOS/15 Sequoia, Apple may trigger a full disk access requirement for the Sophos Updater to update the Sophos files on the system. This was intermittent on Sonoma, but has increased significantly on Sequoia. Note: Sequoia is not officially supported by Sophos Endpoint prior to version 2024.3 (10.9.1) https://support.sophos.com/support/s/article/KBA-000009916?language=en_US

To check this, if you open the Sophos Endpoint console & you see the error below, your Sophos scanning has stopped working.

Sophos Services Not Running Error

This is due to a change in the way the operating system runs which now requires permissions, so you may get prompted to update the “Full Disk Access” permissions for the scanning extension.

So if you see the error above, you can fix it by following these steps:

  1. On the Mac, open System Settings (formerly known as System Preferences).

 

  1. Select Privacy and Security.

 

  1. Scroll down to the option Security and check if there is a prompt "Some system software requires your attention before it can be used".

 

  1. Select Details and provide your credentials when prompted.

 

  1. Select the toggle to turn on SophosScanD and Sophos Network Extension.

 

  1. Select Allow when prompted " Sophos Network Extension Would Like to Filter Network Content".

 

  1. Go back to Privacy and Security in System Settings again

 

  1. Select Full Disk Access

 

  1. Select the com.sophos.endpoint.scanextension, even if it is toggled on, and click the minus sign at the bottom to remove it from the list.

 

  1. Wait a minute, and the Sophos Endpoint scan extension should automatically re-appear in the list.

  2. Select the toggle switch to turn on Full Disk Access.

 

Alternative method if the above does not work via Sophos Endpoint

  1. Open Sophos Endpoint on the end user's Mac

  2. From the Apple Menu bar go to About Sophos Endpoint

     

  3. Run the diagnostic tool from the screen that shows up

     

  4. When on a device that needs this applied you’ll see a screen like this

     

  5. Click and follow the instructions to allow full disk access by dragging the Sophos icon into the full disk access list

  6. Quit and re-open Sophos.

 

If you need help with doing this, then please contact the CSCS Service Desk for further assistance

For reference: