Duplicate Device Detection

Question

I would like to seek advice on how to prevent cloned (de-duplicated) devices re-registering as new devices in Sophos Central as a result of failover testing of Sophos protected servers to a disaster recovery site. 
 I would like to know if creating a firewall rule on each server at the disaster recovery site (before allowing internet access) that blocks outbound access to the Sophos Management Communications System Client (McsClient.exe) would achieve this? 
 Any other solutions or workarounds would be welcome, however I would like to avoid having to delete de-duplicated devices from Sophos Central that have re-registered as a result of the testing. 
 Kind regards, 
 Lee.

Qoosh · Accepted Answer

Hello Lee, 
 Thank you for reaching out to the Sophos Community. 
 The de-duplication event is generated when a device with the same "unique identifier" as an existing device, checks in to Sophos Central. If you&rsquo;re able to prevent the backed-up systems from communicating out to Sophos Central, this will prevent the de-duplication event from being generated. 
 Another option would be to stop/disable the "Sophos MCS Agent" and "Sophos MCS Client" services once the backup is created. Either option will work so long as the device is not able to communicate with Sophos Central.

Lee Tansey · Answer

Hi Kushal and thank you for your reply. 
 This has resolved my issue and I will mark the answer as verified. For completeness, I have included the steps I followed to achieve this. 
 Prior to assigning the replica VM network adapter to the virtual switch and allowing internet access, sign-in to the Sophos endpoint agent by entering the tamper protection password for the specific server and disable tamper protection by overriding the Sophos Central Policy. This will allow the Sophos MCS Agent and Sophos MCS Client services to be stopped and disabled during failover testing. 
 Kind regards, 
 Lee.

Duplicate Device Detection

Top Replies