Custom compliance check for antivirus on MacOS

Hi,
I’ve been testing the compliance scanning on newer MacOSs and I’ve tried creating custom compliance scans. I’m having a difficult time creating a compliance scan to detect Sophos Intercept X on Mac OS. I’ve also looked at the compliance documentation. Does anyone have any suggestions or pointers?

Hi @Pglopez and welcome to the forum :slight_smile:

I’ve moved your post to the Vulnerability Tests category for now (there is more activity with custom scans here, so hopefully more people see it).

If I understand correctly, other things are working, just the single item of Sophos Intercept X isn’t detected? If it’s not that please describe what kind of problem you are running into.

Edit to add- which software version and edition are you using?

Hi, Thank you for you assistance. Yes, the single item of Sophos Intercept X isn’t detected. I’m using GOS Version: 20.08.13 the community edition.
Here are the instructions I follow to create a compliance policy 12 Performing Compliance Scans and Special Scans — Greenbone Security Manager (GSM) 20.08.13 documentation
All the compliance audits work. I just don’t know how to customize it for just checking if Sophos Intercept X is installed or running on port 80 (HTTP)
443 (HTTPS) domains are * *.sophos.com

  • *.sophosupd.com
  • *.sophosupd.net
  • *.sophosxl.net and on a Apple Mac machine it is installed on

I tried adding a custom Compliance => Compliance Policies (Network Vulnerability Test Preferences (1114))
and ran a scan in Compliance => Compliance Audits however I’m only getting four results.
|CPE Policy Check|Single CPE|

cpe:/a:sophos:intercept_x
CPE Policy Check CPE List
cpe:/a:sophos:intercept_x cpe:/a:sophos:intercept_x:-::central~macos cpe:/a:sophos:intercept_x_endpoint:-:::::::* cpe:2.3:a:sophos:intercept_x_endpoint:-:::::::* cpe:2.3:a:sophos:intercept_x:10.0.3::::central:macos::* cpe:2.3:a:sophos:intercept_x_endpoint cpe:2.3:a:sophos:endpoint_protection:-:::::::* cpe:2.3:a:sophos:intercept_x:-::::central:macos::* cpe:2.3:a:sophos:mobile:-:::::::* cpe:/a:sophos:mobile

Am I missing something?