This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X Endpoint Sysprep

Hello,

I am trying to generate a windows 10 image by sysprep, I install the sophos antivirus with the respective step by step to generate the golden image (https://support.sophos.com/support/s/article/KB-000035040?language=en_US) and after this I run the sysprep and the image is damaged, you could tell me that I should take into account in order to have the sophos antivirus installed inside the image. 

 

Best Regards

Kaan



This thread was automatically locked due to age.
  • Hi There,

    Thank you for reaching us. On the script, you use in performing gold image. Did you turn off/disable tamper protection on it? 

    Refer to sample script.

    "C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe" -TPoff 216278579655

    SC STOP "Sophos MCS Client"

    SC CONFIG "Sophos MCS Client" start= delayed-auto

    SC STOP "Sophos Managed Threat Response"

    SC CONFIG "Sophos Managed Threat Response" start= delayed-auto

    pause

    Del "%ProgramData%\Sophos\Management Communications System\Endpoint\Persist\Credentials" /q

    Del "%ProgramData%\Sophos\Management Communications System\Endpoint\Persist\EndpointIdentity.txt" /q

    Del "%ProgramData%\Sophos\Management Communications System\Endpoint\Persist\*.xml" /q

    Del "%ProgramData%\Sophos\Management Communications System\Endpoint\Cache\*.status" /q

    Del "%ProgramData%\Sophos\AutoUpdate\data\machine_ID.txt" /q

    Del "%ProgramData%\Sophos\Managed Threat Response\data\osquery.db\*" /q

    Del "%ProgramData%\Sophos\Managed Threat Response\config\policy.xml" /q

    Echo [McsClient] > "%ProgramData%\Sophos\Management Communications System\Endpoint\Config\registration.txt"

    Echo Token=(Token here) >> "%ProgramData%\Sophos\Management Communications System\Endpoint\Config\registration.txt"

    "C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe" -TPon

    If so? You can turn off tamper protection and try again.


    Also can you confirm if the master image boots successfully before deployment? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Yes, the tamper protection is disabled via the script and the master image boots successfully without sophos.

  • In the script the tamper protection is first disabled an then re-enabled again. So that ist the problem. I deleted this line from the script:

    "C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe" -TPon

    Now it works.

    Regards

    Kaan

  • Hello Kaan,

    Thank you for your confirmation. I'm Glad to hear that you're able to make it work now. If you encounter any issues related to our product please feel free to reach us. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids