Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
When using virtual machines that run on a virtualization server, it is possible to run several instances of the same virtual machine from an original gold image. Identity is normally set at the time of software installation. Therefore, if multiple instances of the gold image run at the same time, they will all attempt to use the same identity. Following this, if the Sophos Central Endpoint software is installed into the original gold image, all the virtual machines created from that gold image will have the same identity in the Central Admin console.
This article describes how to install Sophos Central Endpoint software on a gold image so that every instance of a virtual machine run from that single gold image gets its own unique identity. This allows it to be managed correctly from the Sophos Central.
Applies to the following Sophos products and versions Sophos Cloud Managed EndpointSophos Cloud Managed Server 1.4.0
In order to run Sophos Central Endpoint on gold images, you must force the MCS component to re-register with the Central servers so that a new ID is assigned. This must be done when the new instance of the gold image is started for the first time.
C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist
%ALLUSERSPROFILE%\Application Data\Sophos\Management Communications System\Endpoint\Persist
C:\ProgramData\Sophos\Management Communications System\Endpoint\Cache
%ALLUSERSPROFILE%\Application Data\Sophos\Management Communications System\Endpoint\Cache
C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\data
C:\ProgramData\Sophos\Managed Threat Response\data\osquery.db
C:\ProgramData\Sophos\Managed Threat Response\config\policy.xml
C:\ProgramData\Sophos\Management Communications System\Endpoint\Config
%ALLUSERSPROFILE%\Application Data\Sophos\Management Communications System\Endpoint\Config
We have prepared a batch file which you can set to run on shutdown so that when the gold image is updated or amended, these steps are automatically completed to avoid having to manually prepare the machine each time.
There are three parameters which must be modified in order for this to work in your environment:
Note: Once each parameter has been amended as per the below, please rename the script to SophosGoldImagePrep.bat
This is just the host name of the gold image which can be confirmed by following the below steps:.
IF /i "%COMPUTERNAME%" == "CLOUD-WIN10" GOTO RESET
This is the tamper protection password for the gold image. In order to locate this, please follow the below steps:
"C:\Program Files\Sophos\Endpoint Defense\SEDcli.exe" -TPoff 486447717958 | rem
Echo Token= bf3wseder45450038705a59eb2f384b3cebb300f8f1b47be10d512e024258e1c >> "%ProgramData%\Sophos\Management Communications System\Endpoint\Config\registration.txt"
Below are the steps on how to set up a scheduled task to trigger the script to run at shutdown. This is just one example of how you can perform these steps.
Note: Before applying the script, it is highly recommended that you first manually run the script, and check to confirm that it has deleted and created the required files as per the manual steps above.
Completes preparation steps in Sophos KBA 120560
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.