Deploy Sophos Intercept X using Systems Manager

New here

Deploy Sophos Intercept X using Systems Manager

We would like to install Sophos Intercept X on ~140 Macbooks using Systems Manager. Some quick threading yielded no usable results. Are there documents or use-case scenarios that show a successful deployment? Or is there another path for this seemingly straightforward task?

Paul Kramer
3 Replies 3
Getting noticed

So, admittedly, I'm not familiar with Sophos products, but I'm willing to help you think around this issue if you still need a hand.


based on what I'm reading on the Sophos website, you'll need to start by distributing the files for the installation as stated here """


  1.  Log in to Sophos Central Admin.
  2. Go to Protect Devices, then choose one of the following options:
    • Download Complete macOS Installer
    • Choose Components (this option is available if licensed for multiple features)
  3. The file is then downloaded and is by default saved on the Downloads folder.
  4. Extract its contents to the same folder. The following should then be found where the files are extracted to:
    • Sophos Installer Components folder
    • Sophos

    These files must be in the same location because the file Sophos requires the Sophos Installer Components folder to be in the same location when it runs.
  5. Provide executable permissions to the following files before running the installer. This can be done with the following commands:
    • sudo chmod a+x /Users/<username>/Downloads/Sophos\\ Installer
    • sudo chmod a+x /Users/<username>/Downloads/Sophos\
  6. Run the below install command:
    sudo /Users/<username>/Downloads/Sophos\\ Installer --install

    This command assumes that the Downloads folder contains the extracted files stated in the previous step. If the files were extracted to another location, change the command above to the corresponding folder.




So my thought (have no testing data to back up anything I'm saying, so feel free to quit reading) was that one could take the .zip, distribute it across the devices using Munki. This would require us to step back and determine how we would get Munki client installed on the devices..... which is where SM's ability to distribute .pkg files comes in. 



so now:

1. set up server-side of Munki

2. import Intercept X into Munki Server

3. distribute Munki client .pkg via SM 'apps' interface, which should be able to silently install the Munki client on the targeted machines silently, though you may have to dig for the right flags for the install command

4. On the same page where you would import the Munki client pkg, you can provide CLI arguments. Now you could just put together the arguments to extract, move, and install the Intercept X stuff, but personally I feel like it'd be easier to just write up a script to accomplish this and call the script in that CLI spot. IDK, up to you.

5. By this point, the installation should be pretty much complete to my knowledge... but some additional checks and clean-up can be performed too, as per Sophos' documentation on post-client steps...


I hope that makes any kind of sense, I'm sort of having a day.

Building a reputation

It is easier to put the installer onto a public s3 bucket with a complex name like "our_sohphos_unstaller_for_mdm.domain" and push a script to macs to download, unzip and install it.

Meraki Employee
Meraki Employee

I've used the steps below with other customers to install all sorts of packages. If you use AnyConnect, Umbrella, etc, you're probably familiar with them


You can place all of the files you wish into a DMG. Alternatively, a ZIP will work just as well



Open Terminal


Using mkdir Create a Directory. I’ve used InstallerPackage as the Example


In Terminal Type



cd InstallerPackage
mkdir Scripts
mkdir Content
cd Scripts
touch postinstall



Copy the DMG  you need into the Content Folder


Using a text editor, edit the postinstall file and paste in your script (an example script is at the end of this post) that will move files in /tmp to where ever you need to



chmod a+x postinstall
cd ..



Build the package



sudo pkgbuild --identifier com.meraki.sophosinstaller --root Content --script Scripts --install-location /tmp com.meraki.sophosinstaller.pkg
pkgbuild: Inferring bundle components from contents of Content
pkgbuild: Adding top-level postinstall script
pkgbuild: Wrote package to com.meraki.sophosinstaller.pkg



Double Note: ensure that there is a space between /tmp and com.meraki.sophosinstaller.pkg


An example postinstall:




currentuser="$(id -un)"
usersAppDir="$(sudo -u $currentuser echo $HOME)"

/usr/bin/hdiutil attach "$dmgPath" -nobrowse -quiet
if [[ -e "$mountPath" ]]
		cp -r "$mountPath"/"" /Applications/""

umount "$mountPath"

rm -rf "$dmgPath"

# insert the commands that you need to
# provision your application

exit 0



This may take a few attempts to get right. So, I'd install the installer manually first before deploying via SM


Also note: The name of the bundle ID that you use in SM when creating the custom app HAS to match the bundle ID of Sophos, else SM has no way to know that it's been installed correctly.


Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.