This knowledge base article provides information about the command line switches that can be used with the new Sophos Central Endpoint installer.
Sophos Partners have access to the installer through the Partner Dashboard. Please see Sophos Central Partner: Thin installer deployment method for managed service provider installations detailing how to use it across multiple customers.
The following sections are covered:
Applies to the following Sophos products and versions Central Endpoint Advanced 11.5.11Central Endpoint Standard 11.5.11
The latest version of the Sophos Central installer for Windows supports the following command line arguments:
Enable the logging of message content between the endpoint and Sophos Central during installation. This should only be used for troubleshooting Sophos Central communication issues.
As these logs contain potentially sensitive information; We advise purging these logs after installation.
Note: This option must be disabled following installation as detailed in the KBA Sophos Central Endpoint: Enabling a diagnostic message trail of Sophos MCS.
This command is to be used to re-register an already installed Cloud endpoint. e.g. If an endpoint was registered with the wrong customer: 1. Disable tamper protection for endpoint in the current account 2. Run installer downloaded from the destination account with --registeronly
--crtcatalogpath=<path to CRT catalog>
--messagerelays=<comma-separated message relay list of IPs including the port>
The IP address of the message relay must be specified along with the port 8190. Example: --messagerelays=IPADDRESS:8190
--proxyaddress=<custom proxy address>
--proxyusername=<custom proxy user name>
--proxypassword=<custom proxy password>
--computernameoverride=<override for computer name>
--computerdescriptionoverride=<override for description>
--domainnameoverride=<override for domain>
--customertoken=<the customer token>
--products=<comma-separated list of products>
antivirus, intercept, mdr, deviceEncryption, uem
If you wish to pre-populate the cache, you can take a copy of the files from an already installed endpoint or from your Update Cache if applicable.
Even if a populated local install source is provided, internet access is still required and some files will be downloaded. The amount of data downloaded will depend on various factors including, for example:
For the purpose of this example SomeContent represents the files and folders within the Warehouse folder.
Note: There is no command line option regarding installation from an update cache. The installer will automatically assess connectivity to any update caches set up in the Central account and install from them if appropriate.
SophosSetup.exe --products=antivirus,intercept --quiet
The latest version of the Sophos Central installer for Mac supports the following command line arguments:
--devicegroup <Central group>
--messagerelays <space separated message relay list of IPs including the port>
--messagerelays IPADDRESS:8190 IPADDRESS:8190
--proxyaddress <custom proxy address>
--proxyport <proxy port>
--proxyusername <custom proxy user name>
--proxypassword <custom proxy password>
--computernameoverride <override for computer name>
--computerdescriptionoverride <override for description>
--domainnameoverride <override for domain>
--epinstallerserver<registration server URL>
--customertoken <the customer token>
--products <space separated list of products to install>
Note: The Mac installer is aware of all the message relays and update caches when the install is downloaded. Changes to Caches and Relays will need a new installer downloaded. Relays can be specified via command line as well.
sudo ./Sophos\ Installer.app/Contents/MacOs/Sophos\ Installer --products antivirus intercept --quiet
sudo ./Sophos\ Installer.app/Contents/MacOs/Sophos\ Installer --proxyaddress <ProxyIP/FQDN> --proxyport <Port>
sudo ./Sophos\ Installer.app/Contents/MacOs/Sophos\ Installer --messagerelays 192.168.10.100:8190
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.