MSI Installer for EndPoint Protection or Intune compatible deployment method

It's not possible.  The only way you could deploy the install as an MSI would be to author an MSI to call SophosSetup.exe.  Would that even help?

Regards,

Jak

Hello,

Not possible or not available?

I don't see what installer could possibly doing that couldn't now be done with an MSI.

I tried out the re-authoring of an MSI that wraps the SophosSetup.exe and it did work but it was unnecessarily complicated and slightly messy.

Regards

Sam

I'll keep at it then and try advanced installer, thanks for taking the time to reply :)

I do agree though, having a cloud based application to surely attract cloud based systems yet not supporting one of the main MDM systems via an msi installer is crazy.

No worries.

It does seem crazy.

I would suggest downloading and install WiX.  You can create a MSI with just a couple of commands and some XML.  For example.

1. Download WiX - http://wixtoolset.org/releases/ and install it.

2. Add the installation path of WiX to your PATH.  E.g. Add the following to your PATH variable:
C:\Program Files (x86)\WiX Toolset v3.11\bin

3. Save the attached file as SophosExeWrapper.wxs to say C:\sophosmsi\.  You could use the .txt but it should be .wxs.

4. Download the correctly configured Cloud installer SophosSetup.exe from Central and save it to C:\sophosmsi\

5. In an admin prompt, CD to \sophosmsi

6. Run:
candle SophosExeWrapper.wxs

7. Run
light SophosExeWrapper.wixobj

You should then have a MSI file.

Things to change in the XML (Product section at the top) first:
1. UpgradeCode, go to: https://www.guidgenerator.com/online-guid-generator.aspx and generate a new GUID.
2. Name if you wish for the package to appear differently.
3. Manufacturer to be your company name for example.

I hope it helps.

There maybe some more tweaking you'd like to do to the XML after reading the WiX documentation but this could be a starting point.

Regards,
Jak

4520.SophosExeWrapper.txt

many thanks for this.  Running the msi alone seems to work unlike my previous tries.  I'm just trying to get intune to play nicely with it now...

ok, it seems to install via intune but doesn't fully install.

The central admin console lists the computer, but no green tick.  Go in to the computer properties in the central admin console and endpoint advanced is under the assigned products, however, there is no status tab.  there is no Sophos icon in the taskbar, but I can see some of the components in the process list.

Can anybody point me in the right direction of what I need to check next?

The installer log for sophossetup. It is in \programdata\sophos\cloudinstaller\logs\. I think cloud installer is the right directory off the top of my head. Can you attach it?

arrgghhh, got in this morning and somebody had re-imaged the machine.  I'll try again and if the same thing happens I'll get the log attached.  

ok, so I think it's sorted now on the install side.  However, I now have the opposite problem.  When I go to programs and features and try to uninstall the sophos endpoint package, I press uninstall, get the UAC prompt, press ok, then nothing happens.  That means that I cannot now uninstall the client.

does anybody have any ideas where to look to troubleshoot this please?

Well the Programs and Features entry in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos Endpoint Agent\
UnintallString 

Should point to: "C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallgui.exe"

I assume that file exists on disk and that component installed OK?

Regards,

Jak

yes, it all appears to be installed correctly, the sophos central is all good for that computer and the registry key is there.  However, clicking uninstall still does nothing, it doesn't even register in the application event log that I tried to uninstall it.  It's very odd.

yes, it all appears to be installed correctly, the sophos central is all good for that computer and the registry key is there.  However, clicking uninstall still does nothing, it doesn't even register in the application event log that I tried to uninstall it.  It's very odd.

If that file is there it is very odd.  The only think I can suggest at this point is to run it while running Process Monitor (docs.microsoft.com/.../procmon) to see what happens?  Maybe some of the events in a trace make it obvious.

Regards,
Jak

I'm going to reset the pc and see if it's the msi installer that's causing the issues first by manually installing from the .exe instead.  I'll let you know.

nope, totally did the same with installer downloaded from the cloud central.  Will see if I can't log a ticket with sophos, this is crazy!

If running:
"C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallgui.exe"

does nothing, that is very odd indeed.

I'd be equally interested to try launching an admin command prompt and:

CD "C:\Program Files\Sophos\Sophos Endpoint Agent"
run:
uninstallcli.exe

Does that work?

I'd still be interested to see a Process Monitor Capture when running uninstallgui.exe if Support draw a blank.

Regards,
Jak

sorry for the late reply.  I did log a support call with Sophos but since sending them the logs they seem to have hidden.  No response!

Firstly, the problem only occurs on our Surface devices - desktops can uninstall without a problem.  odd!

I ran the uninstallcli.exe and that worked - hurrah!  thank you for that.  However, I'd still like sophos to investigate why it's not uninstalling from the control panel as it should work.  If they ever get back with an answer I will update the thread, but for now, we have a workable solution - thank you :)

Does the uninstallgui.exe process get created?  I guess this would be the first test.

If you run Process Monitor, you should see the uninstallgui.exe process get created.  Does this happen?

Regards,

Jak

just to update with no update.  No particularly impressed with the slowness of sophos support.  Seems to be they ask a question, you reply, then you have to wait almost a week for somebody to ask a similar question!  

Hi James,

I am sorry for the inconveniences you have been experiencing. 

Can you please DM me your ticket number so that I can have a look ? 

Regards,

dm sent :)