1.Purpose of the article
This article will guide you on how to control application access on a user’s Mac via Sophos Central.
Thegioifirewall will prepare a Mac running MacOS Catalina version 10.15.5 with Sophos Endpoint installed.
3. What to do ?
- Configure the Application Control policy on Sophos Central
4.1 Configure the Application Control policy on Sophos Central
To configure the application control we log into Sophos Central’s admin page with the admin account, then go to Endpoint Protection> Policies.
Click Add Policy to add a new policy.
The Add Policy table appears, we will select the following information:
- Feature: select Application Control from drop down menu
- Type : We can choose to apply this policy to a user or to a device, in this article I will choose Device.
The Create New Computer Policy table will appear, we need to fill in the following information:
Policy Name: Test_App_Control
- We will select the computer that the Mac is using, here we will select the MacOS15’s Mac computer from the Available Computers panel and click the right arrow to switch this computer to the Assigned Computers panel.
The first step we need to click on Add / Edit List to add the application we want to ban to the list.
Next, the Add / Edit Application List table appears, with the left panel showing the categories of applications that Sophos supports and on the right is a list of applications under the category.
In this article we will prohibit users from using Telegram, to add this application we select the Instant Messaging category in the left column, the applications of this category will appear in the right column.
We will search for the Telegram application then tick it and click Save to List to complete.
After saving you will see the Telegram application will be in the list.
Next, we will click the switch at Detect controlled applications when users access them (You will be notified) so that Sophos Central will immediately detect and ban the application when users use it.
In addition, you can also schedule a ban to use this application for a certain period of time by pressing the Detect Controlled applications during scheduled and on-demand scans.
After configuring the policy we will go to the prepared mac and perform the test.
Turn on the Telegram application on the device and we will see the results as shown below
Turn on the Sophos Endpoint application on a mac and we will see a log where Sophos Endpoint has blocked Telegram access.
Next we will check the log to see if Sophos Central records the log.
To view the log we go to Logs and Reports> General Logs> Events.
As a result we will see log lines saved when the user violated the policy.
The log also provides very detailed information such as the date of the violation, the blocked path, the identity of the violating user …