yesterday some ouf our Sophos Central Clients received program updates whilst working on the computer. This resulted in slow performance and a loss of Security Heartbeat to the firewall when the Heartbeat Service restarted. The restart of the Service is quick but the reconnection of the Heartbeat with the firewall takes over a minute. This causes applications to crash or interruption of active web meetings.
Is there a way to manage this behaviour?
We want automated installation and I don't want to push updates manually. But there should be some warning like "your Sophos Software needs update, install now or later" like 15 minutes, 1 hour and so on.
Any way to achieve this?
At least there should be a possibility to select a general time frame that an administrator can create for program upgrades. So for example: only install updates from 12 until 1pm. Missted schedule: install after next reboot.
What about the option under the Update Management policy:
Set the day and time when you want product updates to become available for computers. Remember: if they aren't on, they won’t…
You can control product updates manually for the endpoints. This stops automatic updating so that you can decide when to test new product versions and roll them out to your computers. Please check out this link to set up manual updates.
Thanks for your answer and the link. I will read into it.
Unfortunately, manual update was not what I was looking for.
But this reads interessting "If you prefer, you can control how your computers update. For example, you can stop updates on all computers during a busy period"
after checking this in Central there is a lack of functionality. "stop updates on all computers during a busy period" only means you can pause updates in a known period of high activity. It does not mean, stop update, when computer is busy (or in active use).Using manual updates just means an extra task for an admin who is already busy.
For us it would be OK if the user gets a notification about a automatically scheduled upgrade and can decide to delay it until a deadline where the upgrade is installed anyway.
Set the day and time when you want product updates to become available for computers. Remember: if they aren't on, they won’t get the update until the next time they start.Note: This doesn't affect security updates, such as identities used to protect you against new threats.
So easy! Why I did not find that?
That would meet our second choice - to set a specific time for installation. Do you know if it really installs updates at that time or is there some sort of hidden random +/- time?
The time is local to each computer, if you select 9 pm, each computer will get the update at 9 pm local time for the computer. Just need to make sure that the computers are on.