Connectwise RMM/ Sophos install Script

Does anyone have a Script for ConnectWise RMM to install Sophos Endpoint?

We have used some of the other legacy scripts and attempted to convert it to Connectwise RMM but have been unsuccessful.



Added tags
[edited by: GlennSen at 6:06 AM (GMT -8) on 30 Jan 2024]
Parents Reply Children
  • If you are looking to deploy a script to Windows devices, installer command line options can be found on the following page. 
    - Installer command-line options for Windows

    You can also file a PS1 script in the following article.
    - Automate the software deployment to devices

    $temp = "C:\temp\"
    $SophosInstalled = Test-Path -Path "C:\Program Files\Sophos"
    $InstallerSource = "your installer download link"
    $destination = "$temp\SophosSetup.exe"
    
    If ($SophosInstalled){
    Write-Host "Sophos is already installed. "
    Sleep 3
    Exit
    } Else {
    Write-Host "Beginning the installation"
    
    If (Test-Path -Path $temp -PathType Container){
    Write-Host "$temp already exists" -ForegroundColor Red
    } Else {
    New-Item -Path $temp -ItemType directory
    }
    
    Invoke-WebRequest $InstallerSource -OutFile $destination
    $WebClient = New-Object System.Net.WebClient
    $webclient.DownloadFile($InstallerSource, $destination)
    }
    
    Start-Process -FilePath "$temp\SophosSetup.exe" -ArgumentList "--quiet"


     If you wish to script this differently, you can obtain the direct download URL for the installer using the steps in the following article.
    Endpoint and Server installation methods > Installation via installer link

    For MacOS devices, I suggest checking the contents of the installer download package, as this contains a bash script inside the "Deployment Tools" folder.

    You can also reach out to Sophos Profesional services if you'd like more hands-on assistance with your environment and deployment tools.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • We are an MSP with over 100 clients.   We would like to automate the installation Sophos to the endpoints without having to write 100's of individual scripts.  We were doing this just fine with Ninja RMM but have switched to ConnectWise RMM.  

    I have setup custom fields for each company that contain the Customer Token and product selection. We can then pass the variables to the script, but I have been unsuccessful in creating a working script.  

  • Hello Ronnie,

    I'm interested in learning more about the structure and development of your script, as I believe it could be very insightful. Also, I noticed that you're an MSP - are you by chance utilizing the Sophos Enterprise Dashboard? If so, we might be able to leverage the Sophos API to enhance the script's capabilities.

    However, if you're looking for a standalone script where you only need to adjust the customer token and products, I'd be more than happy to assist. Could you possibly share the script with me? This will allow me to better understand its current setup and how I might be able to help optimize or modify it according to your needs.

    Thank you

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • I have Figured it out.  Your welcome to publish this.  I ported another script, but figured out how CW RMM handles everything.

    Connectwise RMM

    Sophos Installer Script

     

    Connectwise RMM Setup

    1. Goto Settings à Custom Fields
    2. Add Custom Fields - Click add
      1. Name = CustomerToken
      2. Level=Company
      3. Type=Text Box
      4. Leave Default Value empty
      5. Description = Sophos CustomerToken
      6. Click Save
      7. Name =ProductSelection
      8. Level=Company
      9. Type=Text Box
      10. Leave Default Value empty
      11. Description = Sophos CustomerToken
      12. Click Save
    3. Add Customer Information
      1. goto Client Management à Company Management
      2. open Each Company and goto Custom Fields at the Top under the company name
      3. Click on the edit icon and add the information accordingly
        1. CustomerToken is found on Sophos Partner Portal under deployment
          1. You can download the csv file of all your customers
        2. ProductSelection – Set Product Selection based on each clients product
          1. CIXA
            1. Antivirus, Intercept
          2. CIXAXDR
            1. Antivirus, Intercept, XDR
          3. MDR
            1. mdr
          4. ALL
            1. all
          5. Encrypt
            1. Device Encryption
          6. Create Script
            1. Goto Automation à Tasks
            2. Click on Add and then select Script Editor
            3. Set name to Sophos Iinstaller
            4. Click on the Script Editor tab
            5. On the First Row Select Function and then Set Pre-Defined Variable
              1. Variable Name = CustomerToken
              2. Select Custom Field and Select CustomerToken
            6. Add Row
              1. Variable Name = ProductSelection
              2. Select Custom Field and Select ProductSelection
            7. Add Row
              1. Variable Name = Name
              2. Select System Variable and Select ClientId
            8. Add Row
              1. Select Function - Script Log
              2. Set Script log message
                1. %output$
              3. Add Row
                1. Select Function then Powershell Script
                2. Add the script ( see next page)
    • Save and save again
    1. Add row
      1. Select Function - Script Log
      2. Set Script log message
        1. %output$

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    # -----------------------------------------------------------------------------------------------

    # Component: Sophos Central Deployment for Windows

    # Platform: CW RMM

    # Purpose: Using the new Sophos Thin installer,

    #          perform default install of Sophos Central using the defined parameters

    # Version 1.0

    # -----------------------------------------------------------------------------------------------

    # Define Functions

     

    function Get-SophosInstalled {

    $Global:installed = (gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*).DisplayName -contains "Sophos Endpoint Agent"

    $Global:mcsclient = Get-Service -name "Sophos MCS Client" -ea SilentlyContinue

    $Global:mcsagent = Get-Service -name "Sophos MCS Agent" -ea SilentlyContinue

    }

     

    # Define Variables

     

    $customertoken="@customertoken@"

    $productselection="@productselection@"

    $name=@name@

    # Sophos Central Installation

     

     

    Write-Host "Starting the Sophos Central Installation based on the variables defined in the site"

    Write-Host ""

    Write-Host "Checking to see if Sophos is Already Installed"

     

    Get-SophosInstalled

    if ($installed -eq "True") {

                    Write-Host "--Sophos Central Endpoint Agent Installed"

                    if ($mcsclient.Status -eq "Running"){      

                    Write-Host "--Sophos MCS Client is Running"

                    Exit 0

                    }

    }

    else {

                    Write-Host "--Sophos Central is Not Installed"

                    Write-Host "Sophos MCS Client is Not Running"

                    }

     

    # Check for the Site Variables

    Write-Host ""

    Write-Host "Checking the Variables"

     

    if (!$CustomerToken)

                    {Write-Host "--Customer Token Not Set or Missing"   

                    Exit 1}

    else

                    {Write-Host "--CustomerToken = "$CustomerToken""}

     

    #Pull Device OS Info for Workstation or Server Detection

     

    $osInfo = Get-WmiObject -Class Win32_OperatingSystem

     

    # Sophos Workstation Product Selection

    if ($osInfo.ProductType -eq '1') {

                    if (!$ProductSelection) {

                                    Write-Host "--Product Not Set or Missing"

                                    Exit 1

                    } 

                                    elseif ($ProductSelection -eq 'CIXE') {

                                    $Products = "antivirus,intercept"

                    } 

                                    elseif ($ProductSelection -eq 'CIXA') {

                                    $Products = "antivirus,intercept"

                    }

                                    elseif ($ProductSelection -eq 'CIXAXDR') {

                                    $Products = "antivirus,intercept,xdr"

                    }

                                    elseif ($ProductSelection -eq 'MDR') {

                                    $Products = "antivirus,intercept,xdr,mdr"

                    }

                                    elseif ($ProductSelection -eq 'ALL') {

                                    $Products = "all"

                    }

                                    elseif ($ProductSelection -eq 'Encrypt') {

                                    $Products = "DeviceEncryption"

                    }

    }

    # Sophos Server Product Selection

    else {

                    if (!$ProductSelection) {

                                    Write-Host "--Product Not Set or Missing"

                                    Exit 1

                    } 

                                    elseif ($ProductSelection -eq 'CIXE') {

                                    $Products = "antivirus,intercept"

                    } 

                                    elseif ($ProductSelection -eq 'CIXA') {

                                    $Products = "antivirus,intercept"

                    }

                                    elseif ($ProductSelection -eq 'CIXAXDR') {

                                    $Products = "antivirus,intercept,xdr"

                    }

                                    elseif ($ProductSelection -eq 'MDR') {

                                    $Products = "antivirus,intercept,xdr,mdr"

                    }

                                    elseif ($ProductSelection -eq 'ALL') {

                                    $Products = "all"

                    }

    }

     

    # Sophos parameters are defined from the site specific variables

     

    $arguments = "--customertoken=""" + $CustomerToken + """ --epinstallerserver=" + """dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com"

    $arguments = $arguments + """ --products=""" + $Products

    $arguments = $arguments + """ --quiet"

     

    # Check to see if a previous SophosSetup Process is running

    Write-Host ""

    Write-Host "Checking to see if SophosSetup.exe is already running"

    if ((get-process "sophossetup" -ea SilentlyContinue) -eq $Null){

            Write-Host "--SophosSetup Not Running"

    }

    else {

        Write-Host "Sophos Currently Running, Will Kill the Process before Continuing"

        Stop-Process -processname "sophossetup"

     }

     

    #Force PowerShell to use TLS 1.2

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

     

    #Check for Existing SophosSetup Installer

    if ((Test-Path c:\temp\SophosSetup.exe) -eq "True"){

                                    Write-Host "--Removing the existing SophosSetup Installer"

                                    Remove-Item -path c:\temp\SophosSetup.exe

    }

    # Check if c:\temp Exists if not create it

     

    $directoryPath = "C:\\temp"

    if(-not (Test-Path $directoryPath))

    {

        New-Item -ItemType Directory -Force -Path $directoryPath

        Write-Host "Directory created"

    }

    else

    {

        Write-Host "Directory already exists"

    }

     

    # Download of the Central Customer Installer

    Write-Host ""

    Write-Host "Downloading Sophos Central Installer"

    Invoke-WebRequest -Uri "">central.sophos.com/.../SophosSetup.exe" -OutFile c:\temp\SophosSetup.exe

    if ((Test-Path c:\temp\SophosSetup.exe) -eq "True"){

                                    Write-Host "--Sophos Setup Installer Downloaded Successfully"

    }

    else {

                    Write-Host "--Sophos Central Installer Did Not Download - Please check Firewall or Web Filter"

                    Exit 1

    }

     

    # This Section starts the installer using the arguments defined above

    Write-Host ""

    Write-Host "Installing Sophos Central Endpoint:"

    Write-Host ""

    Write-Host "SophosSetup.exe "$arguments""

    Write-Host ""

     

    start-process c:\temp\SophosSetup.exe $arguments

     

     

    $timeout = new-timespan -Minutes 5

    $install = [diagnostics.stopwatch]::StartNew()

    while ($install.elapsed -lt $timeout){

        if ((Get-Service "Sophos MCS Client" -ea SilentlyContinue)){

                    Write-Host "Sophos MCS Client Found - Breaking the Loop"

                    Break

                    }

        start-sleep -seconds 60

    }

    Write-Host ""

    Write-Host "Sophos Setup Completed"

     

    # Verify that Sophos Central Endpoint Agent Installed

    Write-Host ""

    Write-Host "Verifying that Sophos Central Endpoint installed and is Running"

     

    Get-SophosInstalled

    if ($installed -eq "True") {

                    Write-Host "--Sophos Central Endpoint Agent Installed Successfully"

                    if ($mcsclient.Status -eq "Running"){

                    Write-Host "--Sophos MCS Client is Running"

                                    if ($mcsagent.Status -eq "Running"){

                                    Write-Host ""

                                    Write-Host "--Sophos MCS Agent is Running"

                                    Write-Host ""

                                    Write-Host "Sophos Central Agent is Installed and Running"

                                    Write-Host ""

                                    Exit 0

                                    }

                    }

    }

    else {

                    Write-Host "--Sophos Central Install Failed"

                    Write-Host ""

                    Write-Host "Please check the Sophos Central Install Logs for more details"

                    Write-Host ""

                    Write-Host "Log Location - <system>\programdata\Sophos\Cloudinstaller\Logs\"

                    Exit 1

                    }