Does anyone have a Script for ConnectWise RMM to install Sophos Endpoint?
We have used some of the other legacy scripts and attempted to convert it to Connectwise RMM but have been unsuccessful.
This thread was automatically locked due to age.
Does anyone have a Script for ConnectWise RMM to install Sophos Endpoint?
We have used some of the other legacy scripts and attempted to convert it to Connectwise RMM but have been unsuccessful.
Hi Ronnie,
Thanks for reaching out to the Sophos Community Forum.
Let me know if the resources on the following page contain what you're looking for, namely the "Deployment Configuration" section.
- Sophos Integrations > Connectwise Automate
If you are looking to deploy a script to Windows devices, installer command line options can be found on the following page.
- Installer command-line options for Windows
You can also file a PS1 script in the following article.
- Automate the software deployment to devices
$temp = "C:\temp\" $SophosInstalled = Test-Path -Path "C:\Program Files\Sophos" $InstallerSource = "your installer download link" $destination = "$temp\SophosSetup.exe" If ($SophosInstalled){ Write-Host "Sophos is already installed. " Sleep 3 Exit } Else { Write-Host "Beginning the installation" If (Test-Path -Path $temp -PathType Container){ Write-Host "$temp already exists" -ForegroundColor Red } Else { New-Item -Path $temp -ItemType directory } Invoke-WebRequest $InstallerSource -OutFile $destination $WebClient = New-Object System.Net.WebClient $webclient.DownloadFile($InstallerSource, $destination) } Start-Process -FilePath "$temp\SophosSetup.exe" -ArgumentList "--quiet"
You can also reach out to Sophos Profesional services if you'd like more hands-on assistance with your environment and deployment tools.
We are an MSP with over 100 clients. We would like to automate the installation Sophos to the endpoints without having to write 100's of individual scripts. We were doing this just fine with Ninja RMM but have switched to ConnectWise RMM.
I have setup custom fields for each company that contain the Customer Token and product selection. We can then pass the variables to the script, but I have been unsuccessful in creating a working script.
Hello Ronnie,
I'm interested in learning more about the structure and development of your script, as I believe it could be very insightful. Also, I noticed that you're an MSP - are you by chance utilizing the Sophos Enterprise Dashboard? If so, we might be able to leverage the Sophos API to enhance the script's capabilities.
However, if you're looking for a standalone script where you only need to adjust the customer token and products, I'd be more than happy to assist. Could you possibly share the script with me? This will allow me to better understand its current setup and how I might be able to help optimize or modify it according to your needs.
Thank you
Ismail Jaweed Ahmed (Ismail)
Senior Professional Service Engineer
I have Figured it out. Your welcome to publish this. I ported another script, but figured out how CW RMM handles everything.
Connectwise RMM
Sophos Installer Script
Connectwise RMM Setup
# -----------------------------------------------------------------------------------------------
# Component: Sophos Central Deployment for Windows
# Platform: CW RMM
# Purpose: Using the new Sophos Thin installer,
# perform default install of Sophos Central using the defined parameters
# Version 1.0
# -----------------------------------------------------------------------------------------------
# Define Functions
function Get-SophosInstalled {
$Global:installed = (gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*).DisplayName -contains "Sophos Endpoint Agent"
$Global:mcsclient = Get-Service -name "Sophos MCS Client" -ea SilentlyContinue
$Global:mcsagent = Get-Service -name "Sophos MCS Agent" -ea SilentlyContinue
}
# Define Variables
$customertoken="@customertoken@"
$productselection="@productselection@"
$name=@name@
# Sophos Central Installation
Write-Host "Starting the Sophos Central Installation based on the variables defined in the site"
Write-Host ""
Write-Host "Checking to see if Sophos is Already Installed"
Get-SophosInstalled
if ($installed -eq "True") {
Write-Host "--Sophos Central Endpoint Agent Installed"
if ($mcsclient.Status -eq "Running"){
Write-Host "--Sophos MCS Client is Running"
Exit 0
}
}
else {
Write-Host "--Sophos Central is Not Installed"
Write-Host "Sophos MCS Client is Not Running"
}
# Check for the Site Variables
Write-Host ""
Write-Host "Checking the Variables"
if (!$CustomerToken)
{Write-Host "--Customer Token Not Set or Missing"
Exit 1}
else
{Write-Host "--CustomerToken = "$CustomerToken""}
#Pull Device OS Info for Workstation or Server Detection
$osInfo = Get-WmiObject -Class Win32_OperatingSystem
# Sophos Workstation Product Selection
if ($osInfo.ProductType -eq '1') {
if (!$ProductSelection) {
Write-Host "--Product Not Set or Missing"
Exit 1
}
elseif ($ProductSelection -eq 'CIXE') {
$Products = "antivirus,intercept"
}
elseif ($ProductSelection -eq 'CIXA') {
$Products = "antivirus,intercept"
}
elseif ($ProductSelection -eq 'CIXAXDR') {
$Products = "antivirus,intercept,xdr"
}
elseif ($ProductSelection -eq 'MDR') {
$Products = "antivirus,intercept,xdr,mdr"
}
elseif ($ProductSelection -eq 'ALL') {
$Products = "all"
}
elseif ($ProductSelection -eq 'Encrypt') {
$Products = "DeviceEncryption"
}
}
# Sophos Server Product Selection
else {
if (!$ProductSelection) {
Write-Host "--Product Not Set or Missing"
Exit 1
}
elseif ($ProductSelection -eq 'CIXE') {
$Products = "antivirus,intercept"
}
elseif ($ProductSelection -eq 'CIXA') {
$Products = "antivirus,intercept"
}
elseif ($ProductSelection -eq 'CIXAXDR') {
$Products = "antivirus,intercept,xdr"
}
elseif ($ProductSelection -eq 'MDR') {
$Products = "antivirus,intercept,xdr,mdr"
}
elseif ($ProductSelection -eq 'ALL') {
$Products = "all"
}
}
# Sophos parameters are defined from the site specific variables
$arguments = "--customertoken=""" + $CustomerToken + """ --epinstallerserver=" + """dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com"
$arguments = $arguments + """ --products=""" + $Products
$arguments = $arguments + """ --quiet"
# Check to see if a previous SophosSetup Process is running
Write-Host ""
Write-Host "Checking to see if SophosSetup.exe is already running"
if ((get-process "sophossetup" -ea SilentlyContinue) -eq $Null){
Write-Host "--SophosSetup Not Running"
}
else {
Write-Host "Sophos Currently Running, Will Kill the Process before Continuing"
Stop-Process -processname "sophossetup"
}
#Force PowerShell to use TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
#Check for Existing SophosSetup Installer
if ((Test-Path c:\temp\SophosSetup.exe) -eq "True"){
Write-Host "--Removing the existing SophosSetup Installer"
Remove-Item -path c:\temp\SophosSetup.exe
}
# Check if c:\temp Exists if not create it
$directoryPath = "C:\\temp"
if(-not (Test-Path $directoryPath))
{
New-Item -ItemType Directory -Force -Path $directoryPath
Write-Host "Directory created"
}
else
{
Write-Host "Directory already exists"
}
# Download of the Central Customer Installer
Write-Host ""
Write-Host "Downloading Sophos Central Installer"
Invoke-WebRequest -Uri "">central.sophos.com/.../SophosSetup.exe" -OutFile c:\temp\SophosSetup.exe
if ((Test-Path c:\temp\SophosSetup.exe) -eq "True"){
Write-Host "--Sophos Setup Installer Downloaded Successfully"
}
else {
Write-Host "--Sophos Central Installer Did Not Download - Please check Firewall or Web Filter"
Exit 1
}
# This Section starts the installer using the arguments defined above
Write-Host ""
Write-Host "Installing Sophos Central Endpoint:"
Write-Host ""
Write-Host "SophosSetup.exe "$arguments""
Write-Host ""
start-process c:\temp\SophosSetup.exe $arguments
$timeout = new-timespan -Minutes 5
$install = [diagnostics.stopwatch]::StartNew()
while ($install.elapsed -lt $timeout){
if ((Get-Service "Sophos MCS Client" -ea SilentlyContinue)){
Write-Host "Sophos MCS Client Found - Breaking the Loop"
Break
}
start-sleep -seconds 60
}
Write-Host ""
Write-Host "Sophos Setup Completed"
# Verify that Sophos Central Endpoint Agent Installed
Write-Host ""
Write-Host "Verifying that Sophos Central Endpoint installed and is Running"
Get-SophosInstalled
if ($installed -eq "True") {
Write-Host "--Sophos Central Endpoint Agent Installed Successfully"
if ($mcsclient.Status -eq "Running"){
Write-Host "--Sophos MCS Client is Running"
if ($mcsagent.Status -eq "Running"){
Write-Host ""
Write-Host "--Sophos MCS Agent is Running"
Write-Host ""
Write-Host "Sophos Central Agent is Installed and Running"
Write-Host ""
Exit 0
}
}
}
else {
Write-Host "--Sophos Central Install Failed"
Write-Host ""
Write-Host "Please check the Sophos Central Install Logs for more details"
Write-Host ""
Write-Host "Log Location - <system>\programdata\Sophos\Cloudinstaller\Logs\"
Exit 1
}
I have Figured it out. Your welcome to publish this. I ported another script, but figured out how CW RMM handles everything.
Connectwise RMM
Sophos Installer Script
Connectwise RMM Setup
# -----------------------------------------------------------------------------------------------
# Component: Sophos Central Deployment for Windows
# Platform: CW RMM
# Purpose: Using the new Sophos Thin installer,
# perform default install of Sophos Central using the defined parameters
# Version 1.0
# -----------------------------------------------------------------------------------------------
# Define Functions
function Get-SophosInstalled {
$Global:installed = (gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*).DisplayName -contains "Sophos Endpoint Agent"
$Global:mcsclient = Get-Service -name "Sophos MCS Client" -ea SilentlyContinue
$Global:mcsagent = Get-Service -name "Sophos MCS Agent" -ea SilentlyContinue
}
# Define Variables
$customertoken="@customertoken@"
$productselection="@productselection@"
$name=@name@
# Sophos Central Installation
Write-Host "Starting the Sophos Central Installation based on the variables defined in the site"
Write-Host ""
Write-Host "Checking to see if Sophos is Already Installed"
Get-SophosInstalled
if ($installed -eq "True") {
Write-Host "--Sophos Central Endpoint Agent Installed"
if ($mcsclient.Status -eq "Running"){
Write-Host "--Sophos MCS Client is Running"
Exit 0
}
}
else {
Write-Host "--Sophos Central is Not Installed"
Write-Host "Sophos MCS Client is Not Running"
}
# Check for the Site Variables
Write-Host ""
Write-Host "Checking the Variables"
if (!$CustomerToken)
{Write-Host "--Customer Token Not Set or Missing"
Exit 1}
else
{Write-Host "--CustomerToken = "$CustomerToken""}
#Pull Device OS Info for Workstation or Server Detection
$osInfo = Get-WmiObject -Class Win32_OperatingSystem
# Sophos Workstation Product Selection
if ($osInfo.ProductType -eq '1') {
if (!$ProductSelection) {
Write-Host "--Product Not Set or Missing"
Exit 1
}
elseif ($ProductSelection -eq 'CIXE') {
$Products = "antivirus,intercept"
}
elseif ($ProductSelection -eq 'CIXA') {
$Products = "antivirus,intercept"
}
elseif ($ProductSelection -eq 'CIXAXDR') {
$Products = "antivirus,intercept,xdr"
}
elseif ($ProductSelection -eq 'MDR') {
$Products = "antivirus,intercept,xdr,mdr"
}
elseif ($ProductSelection -eq 'ALL') {
$Products = "all"
}
elseif ($ProductSelection -eq 'Encrypt') {
$Products = "DeviceEncryption"
}
}
# Sophos Server Product Selection
else {
if (!$ProductSelection) {
Write-Host "--Product Not Set or Missing"
Exit 1
}
elseif ($ProductSelection -eq 'CIXE') {
$Products = "antivirus,intercept"
}
elseif ($ProductSelection -eq 'CIXA') {
$Products = "antivirus,intercept"
}
elseif ($ProductSelection -eq 'CIXAXDR') {
$Products = "antivirus,intercept,xdr"
}
elseif ($ProductSelection -eq 'MDR') {
$Products = "antivirus,intercept,xdr,mdr"
}
elseif ($ProductSelection -eq 'ALL') {
$Products = "all"
}
}
# Sophos parameters are defined from the site specific variables
$arguments = "--customertoken=""" + $CustomerToken + """ --epinstallerserver=" + """dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com"
$arguments = $arguments + """ --products=""" + $Products
$arguments = $arguments + """ --quiet"
# Check to see if a previous SophosSetup Process is running
Write-Host ""
Write-Host "Checking to see if SophosSetup.exe is already running"
if ((get-process "sophossetup" -ea SilentlyContinue) -eq $Null){
Write-Host "--SophosSetup Not Running"
}
else {
Write-Host "Sophos Currently Running, Will Kill the Process before Continuing"
Stop-Process -processname "sophossetup"
}
#Force PowerShell to use TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
#Check for Existing SophosSetup Installer
if ((Test-Path c:\temp\SophosSetup.exe) -eq "True"){
Write-Host "--Removing the existing SophosSetup Installer"
Remove-Item -path c:\temp\SophosSetup.exe
}
# Check if c:\temp Exists if not create it
$directoryPath = "C:\\temp"
if(-not (Test-Path $directoryPath))
{
New-Item -ItemType Directory -Force -Path $directoryPath
Write-Host "Directory created"
}
else
{
Write-Host "Directory already exists"
}
# Download of the Central Customer Installer
Write-Host ""
Write-Host "Downloading Sophos Central Installer"
Invoke-WebRequest -Uri "">central.sophos.com/.../SophosSetup.exe" -OutFile c:\temp\SophosSetup.exe
if ((Test-Path c:\temp\SophosSetup.exe) -eq "True"){
Write-Host "--Sophos Setup Installer Downloaded Successfully"
}
else {
Write-Host "--Sophos Central Installer Did Not Download - Please check Firewall or Web Filter"
Exit 1
}
# This Section starts the installer using the arguments defined above
Write-Host ""
Write-Host "Installing Sophos Central Endpoint:"
Write-Host ""
Write-Host "SophosSetup.exe "$arguments""
Write-Host ""
start-process c:\temp\SophosSetup.exe $arguments
$timeout = new-timespan -Minutes 5
$install = [diagnostics.stopwatch]::StartNew()
while ($install.elapsed -lt $timeout){
if ((Get-Service "Sophos MCS Client" -ea SilentlyContinue)){
Write-Host "Sophos MCS Client Found - Breaking the Loop"
Break
}
start-sleep -seconds 60
}
Write-Host ""
Write-Host "Sophos Setup Completed"
# Verify that Sophos Central Endpoint Agent Installed
Write-Host ""
Write-Host "Verifying that Sophos Central Endpoint installed and is Running"
Get-SophosInstalled
if ($installed -eq "True") {
Write-Host "--Sophos Central Endpoint Agent Installed Successfully"
if ($mcsclient.Status -eq "Running"){
Write-Host "--Sophos MCS Client is Running"
if ($mcsagent.Status -eq "Running"){
Write-Host ""
Write-Host "--Sophos MCS Agent is Running"
Write-Host ""
Write-Host "Sophos Central Agent is Installed and Running"
Write-Host ""
Exit 0
}
}
}
else {
Write-Host "--Sophos Central Install Failed"
Write-Host ""
Write-Host "Please check the Sophos Central Install Logs for more details"
Write-Host ""
Write-Host "Log Location - <system>\programdata\Sophos\Cloudinstaller\Logs\"
Exit 1
}