Sophos Anti-Virus for Mac: Risk of privilege escalation when using the Sophos endpoint installer

We are aware of a security risk only affects the initial installation of the endpoint protection for Mac. Once it is successfully installed there is no further risk.

There is a very narrow window of opportunity for an attacker to inject a program into the installation package and run it with elevated privileges on a macOS (OS/X) system. This opportunity exists only when the user is being prompted for their administrative credentials during initial installation. The injection cannot occur before the installer has been run or before the prompt, as the Sophos installer performs a self-check to mitigate against this type of attack. Only an attack while the prompt is displayed can be successful using this injection technique. Successful exploitation requires the attacker to be running their malicious code on the system prior to the user launching the Sophos installer.

This vulnerability will be addressed in an update in the last quarter of 2017.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Home

Sophos Anti-Virus for Mac Home Edition

Sophos Anti-Virus for Mac OS X

Sophos Cloud Managed Endpoint 9.6.3 (Mac)

An effective mitigation against this attack is to install using the command line. Secure the installation package first against tampering by unauthorized users then verify if it is a legitimate version of the installer.

How to validate and lock down the installation package using a terminal

  1. Elevate your privileges to root:

    sudo su -

  2. Change directory (cd) into the location containing the Sophos installation package, then change ownership and permissions on the entire package:

    chown -R root:wheel Sophos Installer.app

    chmod -R a-w Sophos Installer.app

  3. Verify the authenticity of the Sophos installation package:

    codesign -v Sophos Installer.app ; echo $?

    The expected success return value is zero. Any other return value indicates the package has been corrupted and must not be used. Do not proceed if the codesign tool returns error messages or a non-zero result code.

  4. Once verified, run the command line installation tool:

    Sophos Installer.app/Contents/MacOS/tools/InstallationDeployer --install

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

Ghost Console Won’t Run Remote Batch File

I need a solution

We have been doing a two-Task process to deploy a piece of software to computers using Ghost Console 11.5.1.2266:

Task 1) Deploy an installer and batch file to a specified directory on the target machine(s).

Task 2) Run the batch file in the deployment directory on the target machine, which successfully installs the program.

I tried this with a new piece of software, and while Task 1 copies the installer and batch file into the directory successfully, Task 2 does nothing other than claim to have completed successfully. When I run the deployed batch file on the target machine it works properly, just not through the Ghost Console Task. I tried this on multiple machines with the same results.

When I run the batch file on the target machine I can see Windows Command Processor open in Task Manager, which does not happen when I run the Task through Ghost. I do see the Ghost System Tray Provider open while the warning window comes up, but then it closes and nothing else happens.

I took the successful Task 2 for the first piece of software and changed the target information to match the new program, and it still did nothing. Then I changed it back to the original target and it worked properly for that software.

Any ideas?

0

Related:

DPA: The dpa.config file is not created on new DPA Agent installation

Article Number: 495822 Article Version: 3 Article Type: Break Fix



Data Protection Advisor 6.2 SP3,Data Protection Advisor 6.3

After a new installation of a Data Protection Advisor (DPA) Agent, it is observed that the dpa.config file is missing from the installation. This file is normally present and is required for the DPA Agent to function properly.

This is an issue caused by User error.

In the one instance where this was observed a User had created the DPA Agent directory structure and copied in a custom dpaagent_config.xml file into the directory. The presence of the dpaagent_config.xml file in the directory caused the DPA Agent installer to skip over the dpa.config and other files normally created.

The DPA product is functioning as designed.

Before installing the DPA Agent, ensure the DPA Agent directories (if they exist) are empty of all files. If a custom file such as dpaagent_config.xml is required, it may be copied in after the DPA Agent installation.

Please contact Dell EMC Technical Support for further details or information.

Related:

  • No Related Posts

Silent Installation/Upgrade SEP Client V 14.2.770

I need a solution

We are using a software distribution tool to push the SEP Clients. So far we have been successful with the Windows Clients.

I got a .zip file from the SEP Admin that contains two folders “Additional Resources” & “Symantec Endpoint Protection Installer.app”.

The Folder “Additional Resources” contains the file SEP.mpkg which I tried installing with the following parameters:

installer __Download/SEP.mpkg -target /

However, it didn’t work. I haven’t found a document that explains how to install the client in silent mode. Whether the client is not installed or there is an older version, we want to get a script to install this version of the agent on MAC OSx.

What is the approach that we should follow? 

0

Related:

  • No Related Posts

7023377: Sequencing EXTRA! 9.x as a Virtual Application with Microsoft Application Virtualization 5.x

Before using the Microsoft Sequencer Package Configuration Wizard to sequence EXTRA! X-treme 9.5, document the sequencing requirements and steps by determining which EXTRA! X-treme components and features are to be installed, the location of installation files, and the location of any configured user data, such as session documents. Some EXTRA! application components may not be needed and it is recommended to install EXTRA! on a stand-alone PC to help identify and document the installation steps in advance.

If EXTRA! has any service packs or updates, ensure that the service pack installer file, *.MSP, is available for installation during the sequencing process. The EXTRA! Microsoft Office Tools have not been tested to work with Microsoft Office streamed as a virtual application.

Use the Custom Installation Wizard (CIW) to create customized installation packages. See https://support.microfocus.com/kb/doc.php?id=7021288. Also refer to the Preparing to Deploy EXTRA! X-treme – A System Administrator’s Guide as a resource, which is available from http://docs.attachmate.com/extra/x-treme/8.x/CentralManagementWalkthrough.pdf The following steps assume that an Administrative Installation has been performed per the system Administrator’s Guide.

Use the Application Virtualization Sequencer Wizard to start the sequencing process with EXTRA! X-treme 9.5:

1. Launch the Microsoft Application Virtualization Sequencer

2. Select “Create a New Virtual Application Package”

3. For the Packaging Method select “Create Package (default)”

4. Press Next

5. Resolve any issues shown on the Prepare Computer list

6. Press Next

7. For the Type of Application choose “Standard Application (default)”

8. Press Next

9. On the Select Installer dialog choose “Select the installer for the application”

Use the Browse button to find the EXTRA! X-treme SETUP.EXE program in the EXTRA! Administrative Installation location

10. Press Next

11. On the Package Name screen enter the Virtual Application Package Name of your choice, like ” EXTRA! X-treme 9.5″

Enter the Primary Virtual Application Directory (required) name:

For example: C:Program Files (x86)Micro FocusEXTRA!

12. Press Next

13. Wait for the Virtual Environment to load.

14. Select your install language, and then click OK.

15. In the Setup Wizard, click Next.

16. Accept the License Agreement, and then click Next.

17. Enter a User Name, Organization, and under “Install this application for,” select “Anyone who uses this computer (all users).” Click Next.

18. Specify a Destination Folder, and then click Next.

19. For User Data Location, select User Defined Directory, and then click Next.

20. On the User Data Destination Folder screen, click Browse. The Attachmate variable called USERID should be entered in the path string as shown below.

c:UsersUSERIDDocumentsMicro FocusEXTRA!

and click OK, and then click Next.

Note the following:

The USERID parameter needs to be all upper case. At EXTRA!’s runtime the USERID parameter will be resolved to the currently logged-in user.

The files located at

c:Program FilesMicro FocusEXTRA!macros | schemes | sessionsENU

or

c:Program Files (x86)Micro FocusEXTRA!macros | schemes | sessionsENU

will be copied to the user’s personal folders location the first time EXTRA! is run for that particular user.

21. Select Custom, and then click Next.

22. On the Custom Setup dialog, de-select any features not needed so that they will not install.

For example, de-select the following:

Application OptionsAPI Options

Application OptionsUtilities

UtilitiesKerberos Manager

UtilitiesKey Agent

23. Click Next.

24. Click the “Install” button.

25. When the Installation has completed successfully, click the Finish button.

26. If service packs or updates are to be installed to EXTRA! X-treme:

a. On the Installation dialog of the App-V sequencer, press the “Run” button

b. Select the appropriate *.MSP file(s) to install a service pack, update or patch.

27. When the update or patch is installed or if there is no further .MSP updates to install, continue on.

28. When the install is complete, check the box that says “I am finished installing”

29. Press Next

30. Wait while App-V collects the system changes and the Configure Software screen displays.

31. From the Configure Software screen, highlight the EXTRA! X-treme choice and click on “Run Selected” to launch the application.

(Do NOT click Run All.)

32. To create a new session document, select “Create a new session”.

Save the session file in the C:UsersPublicDocumentsMicro FocusEXTRA! folder to be available for all end-users.

33. Launch and then close any session document to create the App-V files that will be used for streaming.

If you launch the Reflection FTP client, or any session document, and a Sequencer error displays:

“The Sequencer could not stop the MSIServer service,” click OK and try again.

34. After all the applications and EXTRA! Host sessions have been run and closed, press Next.

35. Verify the data on the Installation Report screen and resolve any issues

36. Press Next.

37. On the Customize screen decide if further customization is needed.

For example: if restrictions are required concerning different operating systems this is the time to do it.

38. If no further customization is needed select “Stop now. Create a basic virtualization package (default).”

39. Press Next.

40. Select “Save the package now” and enter the Save Location for the package contents

41. Press Create.

By default the App-V package will be located on the desktop of App-V Sequencing PC.

42. After the package is created press Close to finish and exit the Application Virtualization Sequencer program.

43. Copy the completed sequenced App-V package files to the Distribution Point or Virtual Application Server.

Related:

  • No Related Posts

Re: Dell EMC Unity Laptop Demo Install error

Hello,

I am trying to install the Unity laptop demo on my Windows7 VM running on my Mac with Fusion 8.1.1. It appears that the Anywhere installer thinks there are multiple instances running and quits. See the attached screen shot. This seem to be an issue within the Fusion VM since I can install it on my home PC.

Checking Anywhere’s support website, there is an article that indicates there is a .tmp file that might need to be deleted in my home directory, but I am unable to find it.

Has anyone tried to install this demo on a Windows VM?

Thanks,

Alan Kobuke

Related:

7023270: An installation of MSS was not found on this system

Received message below when installing MSS for ZFE 2.2.x or 2.3.x on to Windows or Unix.

Message on Windows and UNIX using GUI installer:


Message on headless UNIX using command line installer:

Host Access Management and Security Server (MSS) is required for use with Reflection ZFE.

An installation of MSS was not found on this system.

An MSS installer was not found at the expected location or was deemed not

compatible with this release.

Select from one of the available options below.

Use remotely hosted MSS [1, Enter]

Related:

  • No Related Posts

7022812: Sequencing Reflection Desktop 16 as a Virtual Application with Microsoft Application Virtualization 5.x

Before using the Microsoft Sequencer Package Configuration Wizard to sequence Reflection Desktop 16, document the sequencing requirements and steps by determining which Reflection Desktop 16 components and features are to be installed, the location of installation files, and the location of any configured user data, such as session documents. Some Reflection application components may not be needed and it is recommended to install Reflection on a stand-alone PC to help identify and document the installation steps in advance.

If Reflection has any service packs or updates, ensure that the service pack installer file, *.MSP, is available for installation during the sequencing process. Reflection Desktop Productivity Microsoft Office Tools have not been tested to work with Microsoft Office streamed as a virtual application.

Use the Reflection Installation Customization Tool (ICT) to create Companion install packages and to define permissions files; the basic steps which are listed below. Refer to the Installation and Deployment Guide for Reflection Desktop 16 as a resource, which is available from https://www.attachmate.com/documentation/reflection-desktop-v16-1-sp1/deployment-guide/data/bookinfo.htm

The following steps for using the Installation Customization Tool assume that a Reflection Administrative Installation has been performed per the Installation and Deployment Guide.

If desired, use the Installation Customization Tool to create a Companion.MSI file:

1. Navigate to the Reflection Administrative Installation and run Setup.exe /Admin to launch the Installation Customization Tool.

2. Select “Create a new Companion installer.”

3. Click OK.

4. In the left pane, click “Specify install locations.”

Note: It is important to perform steps a. and b. in order.

a. Under Installation type, select the “Installs to all users of a machine” option.

b. In the Default installation folder drop-down list, type in [CommonDocumentsFolder]Micro FocusReflection.

5. In the left pane, click “Add files to”

6. Select the value of [CommonDocumentsFolder]Micro FocusReflection.

7. Click the “Add button” to add files that need to be included.

These files include pre-configured Reflection session documents (.rd3x, .rd5x, .rdox, .rfw, or .rwsp settings files).

8. Click File / Save As.

Save the Companion.MSI file in the same location as Setup.exe.


If desired, use the Installation Customization Tool to define permissions files:

1. If the Companion file created in the previous section is no longer open, open the Companion.MSI file.

Navigate to the Reflection Administrative Installation and run Setup.exe /Admin.

2. In the left pane, click “Specify install locations”.

Verify that “Installs only for the user who installs it” is selected.

(This option may be dimmed; as long as it is selected, there is no cause for concern)

3. In the left pane, click “Modify user settings” to define *.access permission files.

For example to define an .rd3x.access file to restrict TN3270Basic or TN3270Advanced settings.

a. Select the Application – Settings to modify and click the Define button.

b. Select the Group from the Groups drop-down list.

This allows or restricts accessibility for each item listed.

c. Repeat steps a. and b. until the permissions have been configured appropriately.

d. Click Next.

e. Optional: Select Additional security options for Session file encryption.

f. Click Finish.

4. Click File / Save

Save the Companion.MSI in the same location as Setup.exe.


Use the Application Virtualization Sequencer Wizard to start the sequencing process with Reflection Desktop 16:

1. Launch the Microsoft Application Virtualization Sequencer

2. Select “Create a New Virtual Application Package”

3. For the Packaging Method select “Create Package (default)”

4. Press Next

5. Resolve any issues shown on the Prepare Computer list

6. Press Next

7. For the Type of Application choose “Standard Application (default)”

8. Press Next

9. On the Select Installer dialog choose “Select the installer for the application”

Use the Browse button to find the Reflection Desktop SETUP.EXE program in the Reflection Administrative Installation location

10. Press Next

11. On the Package Name screen enter the Virtual Application Package Name of your choice, like “Reflection Desktop 16”

Enter the Primary Virtual Application Directory (required) name:

For example: C:Program Files (x86)Micro FocusReflection

12. Press Next

13. Wait for the Virtual Environment to load.

14. On the Install Micro Focus Reflection Desktop 16 screen, click Continue.

15. Read and accept the License Agreement; then click Continue.

16. Personalize the installation by completing the Full name, Organization, and VPA number fields on the User Information tab.

17. On the File Location tab, verify the File Location by clicking the Browse button.

Following the example in this article:

File Location is specified as C:Program Files (x86)Micro FocusReflection

Default user data directory should be set to C:UsersPublicDocumentsMicro FocusReflection

18. On the Feature Selection tab, de-select any features not needed so that they will not install.

For example, de-select the following:

UtilitiesKerberos Manager

UtilitiesKey Agent

CompatibilityIBM Personal Communications

CompatibilityNetManageRUMBA

Application Programmer Interface

19. On the Advanced tab verify that “Install to this PC” is enabled.

20. Click the “Install Now” button.

21. When the Installation has completed successfully, click the Close button.

22. If service packs or updates are to be installed to Reflection Desktop:

a. On the Installation dialog of the App-V sequencer, press the “Run” button

b. Select the appropriate *.MSP file(s) to install a service pack, update or patch.

23. When the update or patch is installed or if there is no further .MSP updates to install continue on

24. If a Companion install file is to be installed to Reflection Desktop:

a. On the Installation dialog of the App-V sequencer, press the “Run” button

b. Select the appropriate *.MSI file to install the Companion install file.

25. When the install is complete, check the box that says “I am finished installing”

26. Press Next

27. Wait while App-V collects the system changes and the Configure Software screen displays.

28. From the Configure Software screen, highlight the Reflection Workspace choice and click on “Run Selected” to launch the application.

(Do NOT click Run All.)

29. Verify that the Reflection session documents added by the Companion.MSI file created earlier are available.

To create any additional session documents, use the Create New Document wizard.

Save the session file in the C:UsersPublicDocumentsMicro FocusReflection folder to be available for all end-users.

30. Launch and then close each session document to create the App-V files that will be used for streaming.

If you launch the Reflection Workspace, Reflection FTP client, or any session document, and a Sequencer error displays:

“The Sequencer could not stop the MSIServer service,” click OK and try again.

31. After all the applications and Reflection Workspace have been run and closed, press Next.

32. Verify the data on the Installation Report screen and resolve any issues

33. Press Next.

34. On the Customize screen decide if further customization is needed.

For example: if restrictions are required concerning different operating systems this is the time to do it.

35. If no further customization is needed select “Stop now. Create a basic virtualization package (default).”

36. Press Next.

37. Select “Save the package now” and enter the Save Location for the package contents

38. Press Create.

By default the App-V package will be located on the desktop of App-V Sequencing PC.

39. After the package is created press Close to finish and exit the Application Virtualization Sequencer program.

40. Copy the completed sequenced App-V package files to the Distribution Point or Virtual Application Server.

Related: