This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Intercept X and DeepFreeze

I work at a school where we deployed DeepFreeze to laptops that were given to students for the purpose of online classes. These were also provisioned with Sophos Intercept X to monitor and restrict web access which is really more important to us than viruses on these particular deployment. However, during this past school year, our machines have experienced a lot of random freezing and we have laptops that need to be rebooted many times a day. During our investigations, we have found some of the Intercept X installations have stopped working and Sophos is no longer reporting to the cloud and also, the cloud is no longer able to communicate with the client.

I have tried to place Sophos in a separate partition that is not managed by DeepFreeze. So far I have created this unmanaged partition (Thaw Space as is called in DeepFreeze) and created softlinks in the frozen partition to corresponding directories in the Thaw Space.  I have created three symbolic links to these directories:

C:\Program Files (x86)\Sophos <==> T:\Program Files (x86)\Sophos

C:\Program Files\Sophos <==> T:\Program Files\Sophos

C:\ProgramData\Sophos <==> T:\ProgramData\Sophos

Note: The symbolic links were created using the "mlink /D "C:\Program Files\Sophos" "T:\Program Files\Sophos"" command in an elevated permission Command Prompt.

Sophos churned out a warning before installing indicating that these were symbolic links and these represented a security risk. The Thaw Space partition is hidden. No problems were further encountered during install.

I thought this process would keep Intercept X updated, however, with every reboot, the last update date reverts back to the initially "Frozen by DeepFreeze" state. I assume there are other directories that are involved in the update process that I have not symlink'ed yet.

I am also aware of a White Paper handing out instructions on integrating Sophos with Deep Freeze. This is discussed in Sophos KB article KB-000033853 where it instructs to add the following command to Deep Freeze console. We have already implemented the suggested KB steps:

Alupdate.exe -ManualUpdate -NoGUI -RootPath"C:\Program Files\Sophos\AutoUpdate

My objective is to ensure Sophos can update its components without Deep Freeze blocking it.

If you have further insight into this topic it will be most appreciated.

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • Upon checking with our internal team, They have suggested that you need to reach first the 3rd party vendor "DeepFreeze". and log a case for this. Once communicated with them, Also If you’re using Sophos central to manage your endpoints. You may try using the below path for updating and let us know.

    "C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SophosUpdate.exe" -
    ManualUpdate -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate\"

    In addition, if you're using Sophos Endpoint with Intercept X, we need C:\programdata\Hitmanpro\ folder to not be changed as this may affect the function for Intercept X.
    Note: Support for the relocation of the Users directory and ProgramData directory You can refer to this KB for more information.
    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thanks for your answer. I did also make the same question to Deep Freeze directly, Faronics. They are also looking into the issue and behaviour. I will look into what you suggest and let you know. Thanks GlennSen.

  • Thank you for letting us know. Just keep us posted for the updates. :)

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids