Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
This knowledge base article describes information on how to deploy Sophos Central endpoint software to Windows computers using common automated software deployment methods. It provides a couple of examples to cover common deployment methods.
Before installation, removal of the following software packages is required:
If a device control policy has been set to a computer, the uninstallation of Sophos Anti-Virus requires a restart to unload and re-install the kernel driver sdcfilter.sys.
The following sections are covered:
Applies to the following Sophos product(s) and version(s) Central Windows Endpoint 10.8.1Central Windows Endpoint Intercept X 2.0.0
Note: Though the link shows Complete Windows Installer, this is actually a thin installer which deploys all the features available depending on your license (e.g. Sophos Intercept X Advanced with EDR + Device encryption). Do not use a user-specific SophosSetup.exe as received via the Email Deployment workflow for the deployment methods. If you do, all devices will be associated to the Sophos Central user that sent the email.
SophosSetup.exe requires an administrator privilege to run on the computer. If you wish to deploy using login scripts, the logged in user account should be an administrator of the computer for the installation to succeed.
For the deployment via the Active Directory startup script, the logged in users no longer have to be the local administrators of the computers.
@echo off SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALL exit /b 0 :X86_PROG IF NOT EXIST "%ProgramFiles%\%MCS_ENDPOINT%" GOTO INSTALL exit /b 0 :INSTALL pushd \\servername\share SophosSetup.exe --quiet Popd
To deploy the script via Active Directory, you can either create a new group policy or you can edit an existing one. The steps below shows creating a new group policy:
For details on using Microsoft Intune to deploy the Sophos Central endpoint software, please see article 133877.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.