The warning is to inform us before moving forward with the deprecation.
In the event Apple deprecates it in the next release, only Generic USB redirection will be affected, and will not allow the use of said feature.
ShareConnect’s iOS users can now upload media files and create Microsoft documents (Word, Excel and PowerPoint) from their iOS device to be saved on their remote host computer.
To begin uploading or adding documents to your host computer, you must navigate to any folder on your remote computer from the File Explorer app. Tapping the delimiter will open the Add and Create menu options on your iOS device.
Currently ShareConnect’s iOS users can only upload media files like photos or videos from their iOS device to their remote computer.
To upload files, you must:
1. Tap the Photos Backup button in the app bar on the bottom.
2. Tap the Upload Photos button to access your photos and select them for upload.
- a. If you select Take a Photo or Video, the camera feature on your iOS device will be made active. Tap on Use Photo to save the photo to your remote computer.
- b. If you select Photo Library, a list of albums present on your iOS device is opened. Select the photo you want to upload and tap Upload to save the photo on your remote computer.
3. Tap the Upload button to upload your photos.
Currently ShareConnect’s iOS users can create Microsoft Word, Excel, and PowerPoint documents from their iOS device to store in their remote computer.
To create new documents, you must:
1. Tap the New Filebutton in the app bar on the bottom.
2. Choose the type of file you wish to create.
3. Once you create the document and you save it, you will be asked to give it a name to begin uploading the document to your remote computer.
You can give the power of the desktop to your tablet by accessing applications and running them in an optimized mode.
You can access apps on your iOS or Android device by tapping the Apps tab on the toolbar. A list of popular apps are pre-populated; you can add or delete your apps as desired.
Add and Delete Apps
1. Tap Apps in the app tray.
2. Use the toggle option to either add or disable apps from the app tray.
Added apps will be visible in the app tray for future use.
or
App Sharing Feature
You can switch between apps running on your host computer from your iOS or Android device.
To switch between apps, you must:
1. Tap the app you want to open from the app tray.
2. On the Viewer toolbar, tap the App Switcher icon to see a list of app the apps open on your host computer.
3. Tap to select the app you want to open.
To close the app, you can perform the delete function.
Note: Before closing an app, please save your work. If not, you will be presented with a prompt asking you to either save or discard your changes.
You can now access some of the app’s (browsers, Microsoft Outlook, PowerPoint and Excel) menu options when they begin using the app within their ShareConnect app.
The app toolbar is located at the top of the app’s screen on your iPad.
If you are an Android user, you must click on the Menu button on the Viewer toolbar.
Package name: xms_10.10.0.10403.bin
For: XenMobile Server 10.10.0
Deployment type: On-premises only
Replaces: xms_10.10.0.10305.bin, xms_10.10.0.10202.bin, and xms_10.10.0.10103.bin
Date: October, 2019
Languages supported: English (US)
Readme version: 1.00
Readme Revision History
| Version | Date | Change Description |
| 1.00 | October, 2019 | Initial release |
As a best practice, Citrix recommends that you install this and other updates only if you are affected by the specific issues they resolve.
This document describes the issue(s) resolved by this release and includes installation instructions. For additional product information, see XenMobile Server 10.10 on the Citrix Product Documentation site.
Some Restrictions device policy settings available on supervised or unsupervised devices for previous iOS versions are available only on supervised devices for iOS 13+. The current XenMobile Server console tool tips don’t yet indicate that these settings are for supervised devices for iOS 13+ only.
Allow hardware controls:
Allow apps:
Network – Allow iCloud actions:
Supervised only settings – Allow:
Media content – Allow:
– Explicit music, podcasts, and iTunes U material
These restrictions apply as follows:
[From xms_10.10.0.10403.bin][CXM-72730]
For information about XenMobile Server 10.10.0 Rolling Patch 3 release, see XenMobile Server 10.10.0 Rolling Patch 3.
For information about XenMobile Server 10.10.0 Rolling Patch 2 release, see XenMobile Server 10.10.0 Rolling Patch 2.
For information about XenMobile Server 10.10.0 Rolling Patch 1 release, see XenMobile Server 10.10.0 Rolling Patch 1.
There are no known issues in this release.
The XenMobile Server console responds slowly.
[From xms_10.10.0.10403.bin][CXM-69018]
Apple recently published a knowledge article that lists host names that must remain open to ensure proper operation of macOS, iOS, and iTunes. Blocking those host names can affect the installation, update, and proper operation of the following: iOS, iOS apps, MDM operation, and device and app enrollment. For more information, see https://support.apple.com/en-us/HT201999.
[From xms_10.10.0.10403.bin][CXM-70934]
After enrolling a new device or re-enrolling an old device, an error message intermittently displays on the Manage tab.
[From xms_10.10.0.10403.bin][CXM-72308]
MAM devices wipe apps and app data because of a failure to get user domain details causing the device to assume the user is deleted.
[From xms_10.10.0.10403.bin][CXM-72316]
When attempting to update a public iOS app using XenMobile Server, a configuration error appears.
[From xms_10.10.0.10403.bin][CXM-72353]
The RBAC role “Tier 2 techs” can’t create enrollment invitations to a user group with more than 2000 users. Only full admin users can create the invitations.
[From xms_10.10.0.10403.bin][CXM-72354]
After you deploy the App Access device policy, non-compliant devices don’t trigger the configured action.
[From xms_10.10.0.10403.bin][CXM-72356]
When you check the Tomcat server status, you may get the return value of 1 instead of 0 even though the server status is normal.
[From xms_10.10.0.10403.bin][CXM-72357]
Unable to get the VPP for app version B2B when the platform parameter is incorrectly set in MDM API contentMetadataLookup.
[From xms_10.10.0.10403.bin][CXM-72767]
On iOS devices, administrators may lose the ability to send an “unlock device” command to passcode protected devices after the device is upgraded to iOS 13.1.x. To resolve this issue, see https://support.citrix.com/article/CTX262076.
[From xms_10.10.0.10403.bin][CXM-73150]
Newly imported CA certificates are not visible in the Public-Key Interface (PKI) entries.
[From xms_10.10.0.10305.bin][CXM-67982]
Secure Hub for iOS is timed out when StoreFront server is not reachable, and it does not enumerate any MDX apps.
[From xms_10.10.0.10305.bin][CXM-68133]
On the XenMobile Server console, the value of the client property has a character limit of 256.
[From xms_10.10.0.10305.bin][CXM-68385]
When you configure VPN policy using Citrix SSO VPN on the XenMobile Server iOS platform, and edit the Prompt for PIN when connecting, it is reverted to Off.
[From xms_10.10.0.10305.bin][CXM-68466]
On devices running Android, sometimes you are unable to update the enterprise app.
[From xms_10.10.0.10305.bin][CXM-68640]
The keystore table count keeps increasing, even if the related devices and enrollments are deleted, which might impact system performance.
[From xms_10.10.0.10305.bin][CXM-69017]
In Android Enterprise devices that are already enrolled, the new required apps to the AllUsers delivery group are not displayed in Google Play Store.
[From xms_10.10.0.10305.bin][CXM-69070]
When you update an Enterprise app to the latest version, which was previously updated via REST API, the version number is not updated.
[From xms_10.10.0.10305.bin][CXM-69202]
When adding a VPP account (Settings > iOS Settings), the following message appears if the token exceeds 350 characters: “The entered company token is not valid, please enter a new one.”
[From xms_10.10.0.10202.bin][CXM-68114]
The Secure Hub Apple Push Notification Service (APNs) certificate for XenMobile Server 10.10 will expire on August 2, 2019. As a result, the Agent Notification fails and the application push might be delayed on iOS devices.
With this update, the Secure Hub APNs certificate will be renewed and will expire on July 12, 2020.
[From xms_10.10.0.10202.bin][CXM-68353]
Apple Volume Purchase Program (VPP) apps don’t import into XenMobile Server. This issue occurred after Apple changed the URL for apps from itunes.apple.com to apps.apple.com.
[From xms_10.10.0.10202.bin][CXM-68615]
With iOS VPP configured in XenMobile, iBooks obtained through VPP don’t appear on the Configure > Media page as described in Add media.
[From xms_10.10.0.10103.bin][CXM-66161]
In XenMobile Server, publish an MDX app for iOS or Android platform. The XenMobile Server Public API does not support the modification of App description in the corresponding platform.
[From xms_10.10.0.10103.bin][CXM-66449]
Sometimes when Secure Hub is disconnected, security actions need to be performed twice to trigger Firebase Cloud Messaging (FCM) notifications for an event.
[From xms_10.10.0.10103.bin][CXM-66911]
In the dashboard, the number of Pending Activation Requests under the Notifications section are displayed incorrectly.
[From xms_10.10.0.10103.bin][CXM-66914]
The Firebase Cloud Messaging (FCM) token on the XenMobile Server doesn’t change until you delete or uninstall the Secure Hub.
[From xms_10.10.0.10103.bin][CXM-66923]
While enrolling Android enrolment for devices, the following error appears: Cannot decrypt value.
[From xms_10.10.0.10103.bin][CXM-66928]
The name and owner of your Android Enterprise enterprise might not display correctly in the Google Play store administrator console.
[From xms_10.10.0.10103.bin][CXM-66933]
Note: If your system is configured in cluster mode, follow the steps below to update each node, one after the other.
Important: Before installing this update, take a snapshot of the current settings and create a backup of the database.
To verify the patch deployment
After installing this patch, log on to the XenMobile Server Console as an administrator, then navigate to Settings > Release Management > Updates. Information about the most recent successful patch installation appears in this section.
Hello.
So, I have a couple of MACs running SEP, and recentrly I pushed newest update (14.2 RU2) for them.
This version adds support for OSX Catalina (10.15), and, as far as I can see, on Catalina everything is really fine.
But older OSX versions (10.13, 10.14) face a couple of troubles:
1. Random reboots. I don’t know, how it is called in OSX terminology, but I mean black screen with white text “Your computer restarted because of a problem. Press a key or wait a few seconds to continue starting up.”
2. Firewall notifications. At my SEPM server, my firewall policy for MACs have entry “Display a notification on the computer when the client blocks an application” disabled. But, ignoring this, users began to face notifications about different remote connections with buttons “allow” and “deny”. The strangest part is the header of notifications – it says “Norton Security” 🙂 Tested a bit, withdrawing firewall policy via SEPM prevents notifications from spawning.
Maybe anyone else faced these issues? Any ideas?
Good Morning, I have a problem with the SEP for Mac OS client, the console has been updated to fix the vulnerability and to address the issue of the database not working to back up, after the upgrade, Windows and Windows environment testing and environments were performed. Mac, Windows has worked normally so far, but after testing in Mac environment, it does not work, Client for Mac OS 10.14 has been installed and it installs normally no longer communicates with console, updates vaccine, no longer has communication with the manager, not to impact my environment, had to reinstall the client before 14.2.1031.0100. I wonder if anyone is also having a problem regarding this?
Answer:
When Screen is Locked
Option1: Click the notification, unlock the phone and you will be in the SSO APP, then hit Approve – then hit the home button to close the SSO APP.
Option2: Users need to either force touch (3D touch) or slide the notification to the left ,more and approve or long press and approve
When Screen is Unlocked
Option-1: Drag Down on the notification and Hit Approve.
Option-2: Click the notification, you will be in the SSO APP, then hit Approve – then hit the home button to close the SSO APP.
Note: The app might prompt for Touch-ID/Face-ID/Passcode as an extra factor in which case the app is always launched into foreground.
In Sophos Mac Endpoint 9.9.5, we introduced a notification for “Full disk access required” when the OS is MacOS 10.15 Catalina, and we detect that the full disk access rights detailed in knowledge base article 134552 are not in place.
We have found an issue where customers using an MDM solution (eg: JAMF or Profile Manager) to provide this access will still receive this notice, even with the correct rights in place.
This will be corrected in the 9.9.6 release to Central and On Premise customers near the end of November/beginning of December 2019. It does not prevent the software from working, and is only a visual notice.
Applies to the following Sophos product(s) and version(s)
Central Mac Endpoint 9.9.5
Sophos Anti-Virus for Mac OS X 9.9.5
Customers using an MDM solution to provide disk access rights to Sophos in MacOS 10.15 Catalina will receive a notice on the endpoints titled “Full disk access required” in error.
It does not prevent our software from working, and is a notice only. If rights are added via the dialog, or manually via Security & Privacy on the Endpoint, the message will not appear.
Development have identified the issue and created a fix. This is currently in testing and confirmed for release in 9.9.6 in late November/early December 2019.
It is safe to dismiss the message. It will reappear approximately every 4 hours.
To avoid the message completely, add Full Disk Access rights using the method described in the dialog.
Add Full Disk Access rights using the method described in the dialog or ignore the dialog.]
This article will be updated when information becomes available
If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
This article provides information about support for MacOS 10.15 Catalina, as well as known issues. It is highly advisable to read the known issues as there are several unavoidable issues in this OS release.
Apple has new enforced per application permissions in this version. Some permissions (such as user folders) will present a pop-up notice to the user to allow access, however for system level access, no notification is presented by the OS. Several Sophos services require this system level of access in order to detect and clean threats. This means that Apple will not notify users if these issues are being experienced.
All of our applications and installers are 64-bit, and will not be limited by Apple’s 32-bit restriction.
The following sections are covered:
Applies to the following Sophos products and versions
Central Mac Endpoint
Sophos Anti-Virus for Mac OS X
Operating systems
MacOS 10.15 Catalina
With the release of macOS 10.15 Catalina, Apple has added additional security lock downs to the operating system, including per application disk access lock downs. This results in several large impacting issues that must be corrected for full protection. Please see the Known Issues section below for full details. It is not recommended upgrading to 10.15 until your organization has a transition plan in place.
In order to support macOS 10.15 Catalina, Sophos Endpoint 9.9.4 or above is required. Earlier versions will run if present during an upgrade, but are subject to the same known issues below, but not all permissions can be added (SophosServiceManager and SophosScanAgent cannot be added with 9.9.3), 9.9.3 and below will not install on a 10.15 system, and Central clients 9.9.2 or below will fail to communicate with Central until they update.
Sophos released 9.9.4 to Central in September 2019. 9.9.4 is also Preview subscription for Enterprise Console customers as of mid-September 2019.
For both Central and Enterprise Console, 9.9.5 releases in mid-October 2019 (to Recommended and Preview for Enterprise Console), and includes permissions popup to make installations a bit easier.
Apple has locked down the following User Folders in OS 10.15.
The agents will need to be added to the Full Disk Access area of security and privacy, unless otherwise noted.
The following issues will be experienced after upgrading to macOS 10.15 and before applying the corrective steps.
The following can be performed on OS 10.14, before upgrading to 10.15, or after 10.15 has been installed. The only exception to this is SophosServiceManager, which can only be added on 10.15.
Note: The tool “sweep”, which is /usr/local/bin/, cannot be added via this method as it is not a .app. It will prompt the user the first time the tool is run in order to be allowed. It will only be called if you are using it via command line.
Using an MDM solution like Apple Profile Manager, or JAMF, you can add permissions in TCC to allow these processes. Visit the following kba articles for further instructions:
KNOWN ISSUE: “Full disk access required” message displays on Catalina when using an MDM solution with the correct access (with Sophos 9.9.5). Please see this KB134833
If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
I’ve been able to download and install the SEP 14.2 RU2 in our test environment to support macOS Catalina (10.15). We’re planning on upgrading our production environment in about a week. My question is, why are we not seeing the update for the SEP 15 cloud console? Note that we do not have a hybrid environment. They’re separate systems.
Our SEP 15 system still shows the MAC devices with the “14.2 RU1C 183” agent. Building a new installation package still provides the same “14.2 RU1C 183” version.
