I followed instruction on Sophos KB with scripted installation ( https://community.sophos.com/kb/en-us/120611 )
I created the startup script as described in that article and deployed it via GPO. The Agent installed on the client, but I wonder, what happens the next time, the client starts, because there is a part in the script, that is irritating me
IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%"
Even after installation this path does not exist on the client, so I assume next run of the script will lead in installing the software again. Any idea?
This is the whole script recommended by Sophos:
@echo offSET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exeIF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROGIF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALLexit /b 0:X86_PROGIF NOT EXIST "%ProgramFiles%\%MCS_ENDPOINT%" GOTO INSTALLexit /b 0:INSTALLpushd \\servername\shareSophosSetup.exe --quietPopd
There is this partial path to the "MCSClient.exe" maker which is used to check if the computer already has been protected:
"Sophos\Management Communications System\Endpoint\McsClient.exe"
This is stored in the MCS_ENDPOINT variable.
Then a quick architecture check checks if the computer is 32-bit or 64-bit so it can add prefix the above path with either:
to form the full path for the given computer, factoring in if it's 32 or 64-bit.
I think you are mistaken with your assumption, what the script does:
SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe
This sets the variable everytime the scripts runs. No check at all
IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
This indeed checks, if x86 or amd64. In our case it is always amd64
Now comes the interesting part. In our environment, the script resp. the check will always walk to ths point, see above.
IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALL
It checks for the existence of a directory. Sure, the first time the script runs the directory is not there, but the second time it should be there, because following the logic of the script
should create that directory, so the Sophos Agent gets only installed once.
BUT: This directory does not exist after installtion
So in my understanding, everytime this startup script gets called it will do "SophosSetup.exe --quiet"
So I wonder, if the script is outdated and Sophos did not update it.