Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 3769 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Finding unprotected computers on the network

IvanildoGalvão

Hello Gentlemen,

I have a client, a hospital with more than 300 computers, this client uses Sophos Endpoint Standard (EPS) with Enterprise Console.
Today we detected that one of his computers was trying to access a Botnet network and the UTM IPS blocked, the customer's technician picked up the computer and saw that it did not have the Sophos Endpoint agent installed.
On the Enterprise Console I see many computers that are apparently unprotected, but since Active Directory is still very dirty, with orphaned computer accounts that technicians have not removed, there is no way to be sure how many computers do not actually have Sophos Endpoint installed.

I ask: Is there a GUI tool or script that can run on the entire network, in order to find computers on which there is really no antivirus installed?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Kindly take a look at the startup script listed in this article where it checks all of the computers in the group during startup, to see if the Sophos Endpoint Security and Control software is already installed. In case a computer is detected unprotected, it will try to install the software on the computer. Hope this helps. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Hi Shweta,

    maybe it's better to provide the script more userfriendly with variables like this.

    Br Mathias

    ---

    @ECHO ON
    REM
    REM Version: 20200304
    REM
    REM script bases on community.sophos.com/.../13090
    REM obfuscate the username and password: community.sophos.com/.../13094
    REM
    REM C:\sec_551\tools\ObfuscationUtil.exe --obfuscate <USERNAME> -w
    REM C:\sec_551\tools\ObfuscationUtil.exe --obfuscate <PASSWORD> -w
    REM

    REM --------- CONFIGURATION ---------
    set sophos_server=mysophosserver.local

    set sophos_o_user=MYDOM\sophos_setup
    set sophos_o_pwd=supersecure_password

     

    REM --------- Exec ---------


    IF EXIST "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" goto _End
    IF EXIST "C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe" goto _End
    IF EXIST "C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" goto _End
    IF EXIST "C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" goto _End

    REM --- Deploy
    \\%sophos_server%\SophosUpdate\CIDs\S000\SAVSCFXP\Setup.exe -updp "\\%sophos_server%\SophosUpdate\CIDs\S000\SAVSCFXP" -user %sophos_o_user% -pwd %sophos_o_pwd% -mng yes -crt R

    REM --- End of the script
    :_End

    REM pause

    ---

Reply
  • 0 in reply to Shweta

    Hi Shweta,

    maybe it's better to provide the script more userfriendly with variables like this.

    Br Mathias

    ---

    @ECHO ON
    REM
    REM Version: 20200304
    REM
    REM script bases on community.sophos.com/.../13090
    REM obfuscate the username and password: community.sophos.com/.../13094
    REM
    REM C:\sec_551\tools\ObfuscationUtil.exe --obfuscate <USERNAME> -w
    REM C:\sec_551\tools\ObfuscationUtil.exe --obfuscate <PASSWORD> -w
    REM

    REM --------- CONFIGURATION ---------
    set sophos_server=mysophosserver.local

    set sophos_o_user=MYDOM\sophos_setup
    set sophos_o_pwd=supersecure_password

     

    REM --------- Exec ---------


    IF EXIST "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" goto _End
    IF EXIST "C:\Program Files (x86)\Sophos\AutoUpdate\ALSVC.exe" goto _End
    IF EXIST "C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" goto _End
    IF EXIST "C:\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\SAVAdapterConfig" goto _End

    REM --- Deploy
    \\%sophos_server%\SophosUpdate\CIDs\S000\SAVSCFXP\Setup.exe -updp "\\%sophos_server%\SophosUpdate\CIDs\S000\SAVSCFXP" -user %sophos_o_user% -pwd %sophos_o_pwd% -mng yes -crt R

    REM --- End of the script
    :_End

    REM pause

    ---

Children
No Data
Unfiltered HTML