Sophos, Silent Installation and Uninstallation

How to install and uninstall Sophos silently

Getting the Installer

The Sophos Installer can be found here: http://go.illinois.edu/MacAV. 

How does your EPM system know that Sophos needs to be installed?

Sophos installs in /Applications as "Sophos Anti-Virus.app". The app bundle has an Info.plist file that seems to contain reasonable information that could be useful for more precisely identifying that app. In Munki, we often use an "installs" key that details information to check from the Info.plist file. A useful installs key based on the most recent version of Sophos (as of 2016.11.29) would be this:

<key>installs</key>
        <array>
                <dict>
                        <key>CFBundleIdentifier</key>
                        <string>com.sophos.macendpoint.Sophos-Anti-Virus</string>
                        <key>CFBundleName</key>
                        <string>Sophos Anti-Virus</string>
                        <key>CFBundleShortVersionString</key>
                        <string>9.5.2</string>
                        <key>CFBundleVersion</key>
                        <string></string>
                        <key>path</key>
                        <string>/Applications/Sophos Anti-Virus.app</string>
                        <key>type</key>
                        <string>application</string>
                        <key>version_comparison_key</key>
                        <string>CFBundleShortVersionString</string>
                </dict>
        </array>

Other EPM systems may have built-in functions to check this sort of metadata. If not, there is probably the ability to function a script to check relevance (e.g., with BigFix Relevance Language).

The Info.plist for our Sophos product may not look any different than the home version. If that's a concern, one could craft a script to run alongside the installation that creates some kind of arbitrary file as a "receipt" to certify that our version was installed, not the home version. The installation check script could look for that "receipt" when determining the need to install or not.

Installation

Silent Installation

The product can be installed silently using the regular "Sophos Installer.app". Follow these steps:
  1. Install the "Sophos Installer.app" in a temporary location.
  2. Run the following via the command line: /path/to/temporary/location/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --install
  3. Remove the "Sophos Installer.app".
  4. If your EPM may possibly have installed while nobody was logged in (i.e., at the Login Window) then you should follow up with a restart.
Uninstallation

Silent Uninstallation

The product can be uninstalled silently using a binary that is installed with Sophos in the command line. Follow these steps:
  1. /Library/Application\ Support/Sophos/saas/Installer.app/Contents/MacOS/tools/InstallationDeployer --remove



Keywords:Sophos, antivirus, security, mac   Doc ID:69175
Owner:Ashley H.Group:University of Illinois Technology Services
Created:2016-12-02 14:12 CDTUpdated:2017-09-12 16:05 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0