Connectwise RMM/ Sophos install Script

Hi Ronnie,

Thanks for reaching out to the Sophos Community Forum. 

Let me know if the resources on the following page contain what you're looking for, namely the "Deployment Configuration" section. 
- Sophos Integrations > Connectwise Automate

ConnectWise Automate is a different product.  Automate has an integratoin already

Connectwise RMM was acquired from Continuum 3 years ago.  

If you are looking to deploy a script to Windows devices, installer command line options can be found on the following page. 
- Installer command-line options for Windows

You can also file a PS1 script in the following article.
- Automate the software deployment to devices

$temp = "C:\temp\"
$SophosInstalled = Test-Path -Path "C:\Program Files\Sophos"
$InstallerSource = "your installer download link"
$destination = "$temp\SophosSetup.exe"

If ($SophosInstalled){
Write-Host "Sophos is already installed. "
Sleep 3
Exit
} Else {
Write-Host "Beginning the installation"

If (Test-Path -Path $temp -PathType Container){
Write-Host "$temp already exists" -ForegroundColor Red
} Else {
New-Item -Path $temp -ItemType directory
}

Invoke-WebRequest $InstallerSource -OutFile $destination
$WebClient = New-Object System.Net.WebClient
$webclient.DownloadFile($InstallerSource, $destination)
}

Start-Process -FilePath "$temp\SophosSetup.exe" -ArgumentList "--quiet"

 If you wish to script this differently, you can obtain the direct download URL for the installer using the steps in the following article.
- Endpoint and Server installation methods > Installation via installer link

You can also reach out to Sophos Profesional services if you'd like more hands-on assistance with your environment and deployment tools.

We are an MSP with over 100 clients.   We would like to automate the installation Sophos to the endpoints without having to write 100's of individual scripts.  We were doing this just fine with Ninja RMM but have switched to ConnectWise RMM.  

I have setup custom fields for each company that contain the Customer Token and product selection. We can then pass the variables to the script, but I have been unsuccessful in creating a working script.  

Hello Ronnie,

I'm interested in learning more about the structure and development of your script, as I believe it could be very insightful. Also, I noticed that you're an MSP - are you by chance utilizing the Sophos Enterprise Dashboard? If so, we might be able to leverage the Sophos API to enhance the script's capabilities.

However, if you're looking for a standalone script where you only need to adjust the customer token and products, I'd be more than happy to assist. Could you possibly share the script with me? This will allow me to better understand its current setup and how I might be able to help optimize or modify it according to your needs.

Thank you

I have Figured it out.  Your welcome to publish this.  I ported another script, but figured out how CW RMM handles everything.

Connectwise RMM

Sophos Installer Script

 

Connectwise RMM Setup

1. Goto Settings à Custom Fields
2. Add Custom Fields - Click add
   1. Name = CustomerToken
   2. Level=Company
   3. Type=Text Box
   4. Leave Default Value empty
   5. Description = Sophos CustomerToken
   6. Click Save
   7. Name =ProductSelection
   8. Level=Company
   9. Type=Text Box
   10. Leave Default Value empty
   11. Description = Sophos CustomerToken
   12. Click Save
3. Add Customer Information
   1. goto Client Management à Company Management
   2. open Each Company and goto Custom Fields at the Top under the company name
   3. Click on the edit icon and add the information accordingly
      1. CustomerToken is found on Sophos Partner Portal under deployment
         1. You can download the csv file of all your customers
      2. ProductSelection – Set Product Selection based on each clients product
         1. CIXA
            1. Antivirus, Intercept
         2. CIXAXDR
            1. Antivirus, Intercept, XDR
         3. MDR
            1. mdr
         4. ALL
            1. all
         5. Encrypt
            1. Device Encryption
         6. Create Script
            1. Goto Automation à Tasks
            2. Click on Add and then select Script Editor
            3. Set name to Sophos Iinstaller
            4. Click on the Script Editor tab
            5. On the First Row Select Function and then Set Pre-Defined Variable
               1. Variable Name = CustomerToken
               2. Select Custom Field and Select CustomerToken
            6. Add Row
               1. Variable Name = ProductSelection
               2. Select Custom Field and Select ProductSelection
            7. Add Row
               1. Variable Name = Name
               2. Select System Variable and Select ClientId
            8. Add Row
               1. Select Function - Script Log
               2. Set Script log message
                  1. %output$
               3. Add Row
                  1. Select Function then Powershell Script
                  2. Add the script ( see next page)

• Save and save again

1. Add row
   1. Select Function - Script Log
   2. Set Script log message
      1. %output$

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

# -----------------------------------------------------------------------------------------------

# Component: Sophos Central Deployment for Windows

# Platform: CW RMM

# Purpose: Using the new Sophos Thin installer,

#          perform default install of Sophos Central using the defined parameters

# Version 1.0

# -----------------------------------------------------------------------------------------------

# Define Functions

 

function Get-SophosInstalled {

$Global:installed = (gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*).DisplayName -contains "Sophos Endpoint Agent"

$Global:mcsclient = Get-Service -name "Sophos MCS Client" -ea SilentlyContinue

$Global:mcsagent = Get-Service -name "Sophos MCS Agent" -ea SilentlyContinue

}

 

# Define Variables

 

$customertoken="@customertoken@"

$productselection="@productselection@"

$name=@name@

# Sophos Central Installation

 

 

Write-Host "Starting the Sophos Central Installation based on the variables defined in the site"

Write-Host ""

Write-Host "Checking to see if Sophos is Already Installed"

 

Get-SophosInstalled

if ($installed -eq "True") {

                Write-Host "--Sophos Central Endpoint Agent Installed"

                if ($mcsclient.Status -eq "Running"){      

                Write-Host "--Sophos MCS Client is Running"

                Exit 0

                }

}

else {

                Write-Host "--Sophos Central is Not Installed"

                Write-Host "Sophos MCS Client is Not Running"

                }

 

# Check for the Site Variables

Write-Host ""

Write-Host "Checking the Variables"

 

if (!$CustomerToken)

                {Write-Host "--Customer Token Not Set or Missing"   

                Exit 1}

else

                {Write-Host "--CustomerToken = "$CustomerToken""}

 

#Pull Device OS Info for Workstation or Server Detection

 

$osInfo = Get-WmiObject -Class Win32_OperatingSystem

 

# Sophos Workstation Product Selection

if ($osInfo.ProductType -eq '1') {

                if (!$ProductSelection) {

                                Write-Host "--Product Not Set or Missing"

                                Exit 1

                } 

                                elseif ($ProductSelection -eq 'CIXE') {

                                $Products = "antivirus,intercept"

                } 

                                elseif ($ProductSelection -eq 'CIXA') {

                                $Products = "antivirus,intercept"

                }

                                elseif ($ProductSelection -eq 'CIXAXDR') {

                                $Products = "antivirus,intercept,xdr"

                }

                                elseif ($ProductSelection -eq 'MDR') {

                                $Products = "antivirus,intercept,xdr,mdr"

                }

                                elseif ($ProductSelection -eq 'ALL') {

                                $Products = "all"

                }

                                elseif ($ProductSelection -eq 'Encrypt') {

                                $Products = "DeviceEncryption"

                }

}

# Sophos Server Product Selection

else {

                if (!$ProductSelection) {

                                Write-Host "--Product Not Set or Missing"

                                Exit 1

                } 

                                elseif ($ProductSelection -eq 'CIXE') {

                                $Products = "antivirus,intercept"

                } 

                                elseif ($ProductSelection -eq 'CIXA') {

                                $Products = "antivirus,intercept"

                }

                                elseif ($ProductSelection -eq 'CIXAXDR') {

                                $Products = "antivirus,intercept,xdr"

                }

                                elseif ($ProductSelection -eq 'MDR') {

                                $Products = "antivirus,intercept,xdr,mdr"

                }

                                elseif ($ProductSelection -eq 'ALL') {

                                $Products = "all"

                }

}

 

# Sophos parameters are defined from the site specific variables

 

$arguments = "--customertoken=""" + $CustomerToken + """ --epinstallerserver=" + """dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com"

$arguments = $arguments + """ --products=""" + $Products

$arguments = $arguments + """ --quiet"

 

# Check to see if a previous SophosSetup Process is running

Write-Host ""

Write-Host "Checking to see if SophosSetup.exe is already running"

if ((get-process "sophossetup" -ea SilentlyContinue) -eq $Null){

        Write-Host "--SophosSetup Not Running"

}

else {

    Write-Host "Sophos Currently Running, Will Kill the Process before Continuing"

    Stop-Process -processname "sophossetup"

 }

 

#Force PowerShell to use TLS 1.2

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

 

#Check for Existing SophosSetup Installer

if ((Test-Path c:\temp\SophosSetup.exe) -eq "True"){

                                Write-Host "--Removing the existing SophosSetup Installer"

                                Remove-Item -path c:\temp\SophosSetup.exe

}

# Check if c:\temp Exists if not create it

 

$directoryPath = "C:\\temp"

if(-not (Test-Path $directoryPath))

{

    New-Item -ItemType Directory -Force -Path $directoryPath

    Write-Host "Directory created"

}

else

{

    Write-Host "Directory already exists"

}

 

# Download of the Central Customer Installer

Write-Host ""

Write-Host "Downloading Sophos Central Installer"

Invoke-WebRequest -Uri "">central.sophos.com/.../SophosSetup.exe" -OutFile c:\temp\SophosSetup.exe

if ((Test-Path c:\temp\SophosSetup.exe) -eq "True"){

                                Write-Host "--Sophos Setup Installer Downloaded Successfully"

}

else {

                Write-Host "--Sophos Central Installer Did Not Download - Please check Firewall or Web Filter"

                Exit 1

}

 

# This Section starts the installer using the arguments defined above

Write-Host ""

Write-Host "Installing Sophos Central Endpoint:"

Write-Host ""

Write-Host "SophosSetup.exe "$arguments""

Write-Host ""

 

start-process c:\temp\SophosSetup.exe $arguments

 

 

$timeout = new-timespan -Minutes 5

$install = [diagnostics.stopwatch]::StartNew()

while ($install.elapsed -lt $timeout){

    if ((Get-Service "Sophos MCS Client" -ea SilentlyContinue)){

                Write-Host "Sophos MCS Client Found - Breaking the Loop"

                Break

                }

    start-sleep -seconds 60

}

Write-Host ""

Write-Host "Sophos Setup Completed"

 

# Verify that Sophos Central Endpoint Agent Installed

Write-Host ""

Write-Host "Verifying that Sophos Central Endpoint installed and is Running"

 

Get-SophosInstalled

if ($installed -eq "True") {

                Write-Host "--Sophos Central Endpoint Agent Installed Successfully"

                if ($mcsclient.Status -eq "Running"){

                Write-Host "--Sophos MCS Client is Running"

                                if ($mcsagent.Status -eq "Running"){

                                Write-Host ""

                                Write-Host "--Sophos MCS Agent is Running"

                                Write-Host ""

                                Write-Host "Sophos Central Agent is Installed and Running"

                                Write-Host ""

                                Exit 0

                                }

                }

}

else {

                Write-Host "--Sophos Central Install Failed"

                Write-Host ""

                Write-Host "Please check the Sophos Central Install Logs for more details"

                Write-Host ""

                Write-Host "Log Location - <system>\programdata\Sophos\Cloudinstaller\Logs\"

                Exit 1

                }

I have Figured it out.  Your welcome to publish this.  I ported another script, but figured out how CW RMM handles everything.

Connectwise RMM

Sophos Installer Script

 

Connectwise RMM Setup

1. Goto Settings à Custom Fields
2. Add Custom Fields - Click add
   1. Name = CustomerToken
   2. Level=Company
   3. Type=Text Box
   4. Leave Default Value empty
   5. Description = Sophos CustomerToken
   6. Click Save
   7. Name =ProductSelection
   8. Level=Company
   9. Type=Text Box
   10. Leave Default Value empty
   11. Description = Sophos CustomerToken
   12. Click Save
3. Add Customer Information
   1. goto Client Management à Company Management
   2. open Each Company and goto Custom Fields at the Top under the company name
   3. Click on the edit icon and add the information accordingly
      1. CustomerToken is found on Sophos Partner Portal under deployment
         1. You can download the csv file of all your customers
      2. ProductSelection – Set Product Selection based on each clients product
         1. CIXA
            1. Antivirus, Intercept
         2. CIXAXDR
            1. Antivirus, Intercept, XDR
         3. MDR
            1. mdr
         4. ALL
            1. all
         5. Encrypt
            1. Device Encryption
         6. Create Script
            1. Goto Automation à Tasks
            2. Click on Add and then select Script Editor
            3. Set name to Sophos Iinstaller
            4. Click on the Script Editor tab
            5. On the First Row Select Function and then Set Pre-Defined Variable
               1. Variable Name = CustomerToken
               2. Select Custom Field and Select CustomerToken
            6. Add Row
               1. Variable Name = ProductSelection
               2. Select Custom Field and Select ProductSelection
            7. Add Row
               1. Variable Name = Name
               2. Select System Variable and Select ClientId
            8. Add Row
               1. Select Function - Script Log
               2. Set Script log message
                  1. %output$
               3. Add Row
                  1. Select Function then Powershell Script
                  2. Add the script ( see next page)

• Save and save again

1. Add row
   1. Select Function - Script Log
   2. Set Script log message
      1. %output$

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

# -----------------------------------------------------------------------------------------------

# Component: Sophos Central Deployment for Windows

# Platform: CW RMM

# Purpose: Using the new Sophos Thin installer,

#          perform default install of Sophos Central using the defined parameters

# Version 1.0

# -----------------------------------------------------------------------------------------------

# Define Functions

 

function Get-SophosInstalled {

$Global:installed = (gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*).DisplayName -contains "Sophos Endpoint Agent"

$Global:mcsclient = Get-Service -name "Sophos MCS Client" -ea SilentlyContinue

$Global:mcsagent = Get-Service -name "Sophos MCS Agent" -ea SilentlyContinue

}

 

# Define Variables

 

$customertoken="@customertoken@"

$productselection="@productselection@"

$name=@name@

# Sophos Central Installation

 

 

Write-Host "Starting the Sophos Central Installation based on the variables defined in the site"

Write-Host ""

Write-Host "Checking to see if Sophos is Already Installed"

 

Get-SophosInstalled

if ($installed -eq "True") {

                Write-Host "--Sophos Central Endpoint Agent Installed"

                if ($mcsclient.Status -eq "Running"){      

                Write-Host "--Sophos MCS Client is Running"

                Exit 0

                }

}

else {

                Write-Host "--Sophos Central is Not Installed"

                Write-Host "Sophos MCS Client is Not Running"

                }

 

# Check for the Site Variables

Write-Host ""

Write-Host "Checking the Variables"

 

if (!$CustomerToken)

                {Write-Host "--Customer Token Not Set or Missing"   

                Exit 1}

else

                {Write-Host "--CustomerToken = "$CustomerToken""}

 

#Pull Device OS Info for Workstation or Server Detection

 

$osInfo = Get-WmiObject -Class Win32_OperatingSystem

 

# Sophos Workstation Product Selection

if ($osInfo.ProductType -eq '1') {

                if (!$ProductSelection) {

                                Write-Host "--Product Not Set or Missing"

                                Exit 1

                } 

                                elseif ($ProductSelection -eq 'CIXE') {

                                $Products = "antivirus,intercept"

                } 

                                elseif ($ProductSelection -eq 'CIXA') {

                                $Products = "antivirus,intercept"

                }

                                elseif ($ProductSelection -eq 'CIXAXDR') {

                                $Products = "antivirus,intercept,xdr"

                }

                                elseif ($ProductSelection -eq 'MDR') {

                                $Products = "antivirus,intercept,xdr,mdr"

                }

                                elseif ($ProductSelection -eq 'ALL') {

                                $Products = "all"

                }

                                elseif ($ProductSelection -eq 'Encrypt') {

                                $Products = "DeviceEncryption"

                }

}

# Sophos Server Product Selection

else {

                if (!$ProductSelection) {

                                Write-Host "--Product Not Set or Missing"

                                Exit 1

                } 

                                elseif ($ProductSelection -eq 'CIXE') {

                                $Products = "antivirus,intercept"

                } 

                                elseif ($ProductSelection -eq 'CIXA') {

                                $Products = "antivirus,intercept"

                }

                                elseif ($ProductSelection -eq 'CIXAXDR') {

                                $Products = "antivirus,intercept,xdr"

                }

                                elseif ($ProductSelection -eq 'MDR') {

                                $Products = "antivirus,intercept,xdr,mdr"

                }

                                elseif ($ProductSelection -eq 'ALL') {

                                $Products = "all"

                }

}

 

# Sophos parameters are defined from the site specific variables

 

$arguments = "--customertoken=""" + $CustomerToken + """ --epinstallerserver=" + """dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com"

$arguments = $arguments + """ --products=""" + $Products

$arguments = $arguments + """ --quiet"

 

# Check to see if a previous SophosSetup Process is running

Write-Host ""

Write-Host "Checking to see if SophosSetup.exe is already running"

if ((get-process "sophossetup" -ea SilentlyContinue) -eq $Null){

        Write-Host "--SophosSetup Not Running"

}

else {

    Write-Host "Sophos Currently Running, Will Kill the Process before Continuing"

    Stop-Process -processname "sophossetup"

 }

 

#Force PowerShell to use TLS 1.2

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

 

#Check for Existing SophosSetup Installer

if ((Test-Path c:\temp\SophosSetup.exe) -eq "True"){

                                Write-Host "--Removing the existing SophosSetup Installer"

                                Remove-Item -path c:\temp\SophosSetup.exe

}

# Check if c:\temp Exists if not create it

 

$directoryPath = "C:\\temp"

if(-not (Test-Path $directoryPath))

{

    New-Item -ItemType Directory -Force -Path $directoryPath

    Write-Host "Directory created"

}

else

{

    Write-Host "Directory already exists"

}

 

# Download of the Central Customer Installer

Write-Host ""

Write-Host "Downloading Sophos Central Installer"

Invoke-WebRequest -Uri "">central.sophos.com/.../SophosSetup.exe" -OutFile c:\temp\SophosSetup.exe

if ((Test-Path c:\temp\SophosSetup.exe) -eq "True"){

                                Write-Host "--Sophos Setup Installer Downloaded Successfully"

}

else {

                Write-Host "--Sophos Central Installer Did Not Download - Please check Firewall or Web Filter"

                Exit 1

}

 

# This Section starts the installer using the arguments defined above

Write-Host ""

Write-Host "Installing Sophos Central Endpoint:"

Write-Host ""

Write-Host "SophosSetup.exe "$arguments""

Write-Host ""

 

start-process c:\temp\SophosSetup.exe $arguments

 

 

$timeout = new-timespan -Minutes 5

$install = [diagnostics.stopwatch]::StartNew()

while ($install.elapsed -lt $timeout){

    if ((Get-Service "Sophos MCS Client" -ea SilentlyContinue)){

                Write-Host "Sophos MCS Client Found - Breaking the Loop"

                Break

                }

    start-sleep -seconds 60

}

Write-Host ""

Write-Host "Sophos Setup Completed"

 

# Verify that Sophos Central Endpoint Agent Installed

Write-Host ""

Write-Host "Verifying that Sophos Central Endpoint installed and is Running"

 

Get-SophosInstalled

if ($installed -eq "True") {

                Write-Host "--Sophos Central Endpoint Agent Installed Successfully"

                if ($mcsclient.Status -eq "Running"){

                Write-Host "--Sophos MCS Client is Running"

                                if ($mcsagent.Status -eq "Running"){

                                Write-Host ""

                                Write-Host "--Sophos MCS Agent is Running"

                                Write-Host ""

                                Write-Host "Sophos Central Agent is Installed and Running"

                                Write-Host ""

                                Exit 0

                                }

                }

}

else {

                Write-Host "--Sophos Central Install Failed"

                Write-Host ""

                Write-Host "Please check the Sophos Central Install Logs for more details"

                Write-Host ""

                Write-Host "Log Location - <system>\programdata\Sophos\Cloudinstaller\Logs\"

                Exit 1

                }