This article provides answers to frequently asked questions (FAQs) regarding the new installer for Sophos Central Endpoint.
The following sections are covered:
Applies to the following Sophos products and versions Central Windows Endpoint 10.8.1Central Windows Endpoint Intercept X 2.0.0Central Windows Device Encryption 1.3.90
The new installer works on Windows Vista onwards and Server 2008 onwards. The Thin Installer is only for use on Windows Endpoints, the Thin Installer is currently not available for Mac OS X. It offers a number of improvements:
The old installer executable is SophosInstall.exe with a size of 25 MB. Sophos AutoUpdate and the Sophos Management Communication components were packed into the executable. The downloaded installer was only valid for a period of 90 days.
The new installer executable is SophosSetup.exe with a size of 1.4 MB and has two stages. Stage 1 is what is downloaded from the Central and contains just a limited set of information like Management Communications System (MCS) server instance it connects to, a registration token and where to get the stage 2 installer. This is why the 90 day lifespan can be removed as the stage 1 installer is just a small downloader that always gets the latest available stage 2 files. Stage 2 is used to download and install the latest version available either from Sophos directly or from the closest Update Cache available.
With the new installer you will NOT be able to create a full installer. To save bandwidth during the deployment, Sophos suggests to use Update Caches in the environment as the new installer now supports initial installation from cache.
Installers which were already downloaded will expire 90 days after.
With the new installer you can specify a proxy via command line. Proxy authentication is supported. For more details about the available command line options please see Sophos Central Endpoint: Installer command line options.
There is no option to specify the Update Cache. The installer will pull the Update Policy from Central which contains all available caches in your environment. The installer then selects the best cache in the same way as the AutoUpdate client does. This applies to the initial installation as well as subsequent updates.
The Invincea Engine has been licensed to other 3rd party vendors. If a product using Invincea technology is installed on your system you have to remove it before you can install the Sophos Endpoint Agent. One example is Dell Protected Workspace.
While we recommend using the Sophos Central Migration Tool to perform the migration, you can use the new installer to migrate an individual endpoint to Sophos Central.
Before performing the migration ensure both tamper protection settings in the Enterprise Console Tamper Protection Policy assigned to the endpoint have been turned off and the policy applied to the endpoint:
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.