Sophos Endpoint

Discussions Should Central Endpoint client show from which Central account is managed?

Sophos Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 1 reply
Subscribers 13 subscribers
Views 3406 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Should Central Endpoint client show from which Central account is managed?

KingRolo over 7 years ago

Should Central Endpoint client show from which Central account is managed or this is disabled because safety reasons?

Regards

This thread was automatically locked due to age.

Parents

0 jak over 7 years ago

From the endpoint you can just see the endpoint id and the regional MCS servers it's communicating to.

The endpoint id can be found in the URLs in the"C:\programdata\sophos\management communication system\endpoint\logs\mcsclient.log" or in the file "C:\programdata\sophos\management communication system\endpoint\persist\endpointidentity.txt".

The regional MCS server (this has the region where you chose to store your data) can also be found in the mcsclient.log or in PerferredServer file in the same persist directory.

Note: The endpoint ID, matches up in Central as the ID in the computer URL, e.g.
https://cloud.sophos.com/manage/devices/computers/180985fa-d0d9-e4f9-0b23-f2b5ebe1c733/summary

There is no marker at the client to say it belongs to a certain company, cloud login, etc..

I suppose if you did want to tag something you could add something benign to a policy. For example add a global PUA exclusion as the company name or central login user, this string would then be on all of the endpoints.

In the case of a PUA exclusion it would go to \programdata\sophos\sophos anti-virus\config\machine.xml. Under the quarantineManager\AuthorisedList\... section. In the case of a Mac you could see this benign tag here. I've called it MainCloudAccount.

Regards,
Jak
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 7 years ago

From the endpoint you can just see the endpoint id and the regional MCS servers it's communicating to.

The endpoint id can be found in the URLs in the"C:\programdata\sophos\management communication system\endpoint\logs\mcsclient.log" or in the file "C:\programdata\sophos\management communication system\endpoint\persist\endpointidentity.txt".

The regional MCS server (this has the region where you chose to store your data) can also be found in the mcsclient.log or in PerferredServer file in the same persist directory.

Note: The endpoint ID, matches up in Central as the ID in the computer URL, e.g.
https://cloud.sophos.com/manage/devices/computers/180985fa-d0d9-e4f9-0b23-f2b5ebe1c733/summary

There is no marker at the client to say it belongs to a certain company, cloud login, etc..

I suppose if you did want to tag something you could add something benign to a policy. For example add a global PUA exclusion as the company name or central login user, this string would then be on all of the endpoints.

In the case of a PUA exclusion it would go to \programdata\sophos\sophos anti-virus\config\machine.xml. Under the quarantineManager\AuthorisedList\... section. In the case of a Mac you could see this benign tag here. I've called it MainCloudAccount.

Regards,
Jak
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data