Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 5038 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Duplicate Device Detection

Lee Tansey

I would like to seek advice on how to prevent cloned (de-duplicated) devices re-registering as new devices in Sophos Central as a result of failover testing of Sophos protected servers to a disaster recovery site.

I would like to know if creating a firewall rule on each server at the disaster recovery site (before allowing internet access) that blocks outbound access to the Sophos Management Communications System Client (McsClient.exe) would achieve this?

Any other solutions or workarounds would be welcome, however I would like to avoid having to delete de-duplicated devices from Sophos Central that have re-registered as a result of the testing.

Kind regards,

Lee.



This thread was automatically locked due to age.
  • +1

    Hello Lee,

    Thank you for reaching out to the Sophos Community. 

    The de-duplication event is generated when a device with the same "unique identifier" as an existing device, checks in to Sophos Central. If you’re able to prevent the backed-up systems from communicating out to Sophos Central, this will prevent the de-duplication event from being generated. 

    Another option would be to stop/disable the "Sophos MCS Agent" and "Sophos MCS Client" services once the backup is created. Either option will work so long as the device is not able to communicate with Sophos Central.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    Hi Kushal and thank you for your reply.

    This has resolved my issue and I will mark the answer as verified. For completeness, I have included the steps I followed to achieve this.

    Prior to assigning the replica VM network adapter to the virtual switch and allowing internet access, sign-in to the Sophos endpoint agent by entering the tamper protection password for the specific server and disable tamper protection by overriding the Sophos Central Policy. This will allow the Sophos MCS Agent and Sophos MCS Client services to be stopped and disabled during failover testing.

    Kind regards,

    Lee.

Unfiltered HTML