Tuesday 23 January 2018

Fresh Sophos home for Mac install via TeamViewer Gotcha

17:17 Posted by G No comments
After much pulling of hair, and thinking what am I missing, it turns out that Apple have changed permissions on remote installs in OSX 10.13 (High Sierra) of some software that install kexts .

Anyway I'm sure as anyone who happens to have IT in their job title knows, one becomes the default tech support for all our family.  This is exacerbated by Christmas 'could you just have a quick look at...'

Anyway I was checking the father-in-laws Mac, and to save time I was using Teamviewer so I could do it from the comfort of my own home.  All was going well, I downloaded Sophos home for Mac, and got to the final stage of the install, and needed to 'apply' a setting in system preferences.

I could see it via team viewer, but whatever I tried I couldn't click it !

After many different approaches, like most men I finally reverted to RTFM and found the following on the Sophos website - https://community.sophos.com/kb/en-us/127413

Here's the text from the advisory:

Due to a new security mechanism that Apple has released with MacOS 10.13, called Secure Kernel Extension Loading (SKEL), all non-Apple kernel extension (what we use to intercept files, etc) vendors must be manually added to a trusted list (Any user can add this). This allows the kernel extensions to load and is required for Sophos Anti-Virus to function properly. All 3rd party vendors are impacted by this change, and it is not possible to work around this requirement.
Note: Due to an Apple security restriction, this cannot be done via a remote desktop connection. There must be a locally logged on user. The Allow button will show, but be grayed out if it is accessed via remote desktop.
  1. After installing Sophos Anti-Virus got to Security & Preferences in the Apple System Preferences window.
  2. Near the bottom of the window, it will list the blocked Kernel Extensions (kexts) by Sophos. Click Allow.
Once authorized, all future Sophos kernel extensions are allowed, even after uninstallation.  This step is not needed again on a reinstall. Kernel extensions already installed during an upgrade from MacOS 10.12 are automatically authorized.
So after a quick call to the father-in-law and him pressing 'Apply' locally at the appropriate moment, all is good.  Hope this saves you some time and heartache fellow family IT support !


Post a Comment

Note: only a member of this blog may post a comment.