Intercep X client installation with script issue

Hi,

I followed instruction on Sophos KB with scripted installation ( https://community.sophos.com/kb/en-us/120611 )

 

I created the startup script as described in that article and deployed it via GPO. The Agent installed on the client, but I wonder, what happens the next time, the client starts, because there is a part in the script, that is irritating me

 

IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%"

 

Even after installation this path does not exist on the client, so I assume next run of the script will lead in installing the software again. Any idea?

 

This is the whole script recommended by Sophos:

 

@echo off
SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe
IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALL
exit /b 0

:X86_PROG
IF NOT EXIST "%ProgramFiles%\%MCS_ENDPOINT%" GOTO INSTALL
exit /b 0

:INSTALL
pushd \\servername\share
SophosSetup.exe --quiet
Popd

 

Parents
  • There is this partial path to the "MCSClient.exe" maker which is used to check if the computer already has been protected:

    "Sophos\Management Communications System\Endpoint\McsClient.exe"

    This is stored in the MCS_ENDPOINT variable.

    Then a quick architecture check checks if the computer is 32-bit or 64-bit so it can add prefix the above path with either:

    %ProgramFiles(x86)%

    or 

    %ProgramFiles%

    to form the full path for the given computer, factoring in if it's 32 or 64-bit.

    Regrards,

    Jak

Reply
  • There is this partial path to the "MCSClient.exe" maker which is used to check if the computer already has been protected:

    "Sophos\Management Communications System\Endpoint\McsClient.exe"

    This is stored in the MCS_ENDPOINT variable.

    Then a quick architecture check checks if the computer is 32-bit or 64-bit so it can add prefix the above path with either:

    %ProgramFiles(x86)%

    or 

    %ProgramFiles%

    to form the full path for the given computer, factoring in if it's 32 or 64-bit.

    Regrards,

    Jak

Children
  • Hi Jak,

     

    I think you are mistaken with your assumption, what the script does:

     

    SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe

     

    This sets the variable everytime the scripts runs. No check at all

     

    IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG

     

    This indeed checks, if x86 or amd64. In our case it is always amd64

     

    Now comes the interesting part. In our environment, the script resp. the check will always walk to ths point, see above.

     

    IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALL

     

    It checks for the existence of a directory. Sure, the first time the script runs the directory is not there, but the second time it should be there, because following the logic of the script 

     

    "SophosSetup.exe --quiet"

     

    should create that directory, so the Sophos Agent gets only installed once.

     

    BUT: This directory does not exist after installtion

     

    So in my understanding, everytime this startup script gets called it will do "SophosSetup.exe --quiet"

     

    So I wonder, if the script is outdated and Sophos did not update it.