Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
You can distribute the current versions of the Sophos Endpoint Security and Control (SESC) as part of a disk image and add it in a disk image for cloned virtual machines. This procedure will make sure that the endpoints that were applied with the image has the following:
The following sections are covered:
Applies to the following Sophos products and versions Sophos Endpoint Security and Control
Note: Paths and locations listed here may vary slightly according to which version of Windows you are running. Also, they may vary depending on what the system drive on the template endpoint is, and whether the Sophos Anti-Virus was installed to the default location.
Install the Sophos Endpoint Security and Control on the template endpoint.
You can perform the installation from the SEC or by running setup.exe from the Central Installation Directory. For more information on how to install SESC, you can also refer to the Enterprise Console quick startup guide which you can find in the Enterprise Console page. Make sure that post-installation reboots (if any) have already been performed on the template endpoint.
Configure your Sophos Anti-Virus and Sophos AutoUpdate policies.
You can perform the configuration now, on the template endpoint. This means that the configuration you set will be conferred on all the endpoints that are imaged from it. Alternatively, you can perform the configuration after the image has been put on the endpoints and they have been joined to the network, at which stage they will appear in the Sophos Enterprise Console. If you want to configure the template endpoint now, do one of the following:
[HKEY_LOCAL_MACHINE\Software\[Wow6432Node]\Sophos\Remote Management System\ManagementAgent\Private]
[HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Web Intelligence\Web Control\EndpointId]
C:\Program Files\Sophos\Sophos Patch Agent\
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Sophos Patch Agent
If the security identifier (SID) value is changed during the imaging process, it is possible to encounter errors in the SEC or on endpoints wherein the image has been applied. To resolve this issue, refer to the knowledge base article 113207.
Note: The above set of instructions are not required if running the Sophos Endpoint Security and Control version 10.3.7 and later. Altering the SID value on these versions will cause a Comparison failure to appear in SEC.
In some desktop virtualization scenarios, the target endpoints are used as virtual desktops and are frequently reverted to their original state (i.e. the state immediately after the imaging process has completed). This means that the Sophos Endpoint Security and Control will need to perform an update each time the desktop is reverted to this state and then run again. In order to minimize the security and performance impact of this update, the following steps are recommended:
Note: In SEC 5.2.1 and up to version 5.3.1, the ability to subscribe to a fixed version has been removed. For your reference, take a look at the knowledge base article Sophos Enterprise Console: Simplified subscription management.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable for us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.