Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 5382 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Distribution of definitions to offline endpoints

RandomDiceMan

Hi - I'm very new to Sophos and am interested in if anyone has experience in distribution of definitions to offline endpoints (clients that are either stand alone or are on another network cannot talk direct to the management server) and if there willing to post on the forum and share their process and advice.

I'm looking at routinely creating a CD/DVD  with what will be hopefully an easy to follow, low impact, user experience (yes that's right, this distribution method relies on potentially non tech staff inserting the media and  hopefully clicking on an executable that will update their defs from what ever version they may have previously been on).

Thankyou for any help.



This thread was automatically locked due to age.
Parents
  • +1

    Hello RandomDiceMan,

    non tech staff inserting the media and  hopefully clicking on an executable that will update their defs
    well, AV software and its definitions are system files - have these users administrative rights?

    Anyway, the machines are truly disconnected from any larger network and threats would come only via removable media? As you ask in the UTM forum I can't say which Endpoint version is available to you. In principle one would copy the AutoUpdate cache from a regularly updating connected endpoint to the medium, on the offline endpoints configure the drive and the path to the cache folder on it as the update location, insert the medium and from the taskbar Sophos icon request Update now.  

    Christian

  • 0 in reply to QC

    Thanks for the prompt response QC,  found your previous post on a similar topic....

    https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/10776/internet-isolated-installation---manually-updating

    Firstly Yes the users will have admin level rights.

    I'm assuming (sorry i don't know) there will be a range of different client versions and potentially a range of OS's (Windows 32 and 64 bit, server and desktop) - does this matter from a definition point of view, i.e. do I need to source multiple different defs from say 32bit system and a 64 system or various different OS levels such as XP or server 2003.

    Can Sophos use a CLI based commands (for scripting purposes) to identify the 'Autoupdate cache' location and run an 'Update now'?

    All endpoints should be using a 10.x solution.

    Thanks again.

    M

  • 0 in reply to RandomDiceMan

    Moved from Sophos 9.0 UTM forum to endpoint security and control forum

  • +1 in reply to RandomDiceMan

    Hello M,

    there's only one set of definitions for all products and platforms, furthermore there's only one software package for all supported OS versions an OS "family" (like Windows) - if there's a bitness dependency there are specific subfolders.

    the users will have admin level rights
    they are careful, aren't they?

    CLI based commands
    I have a script     intended to be run from a stick. On an online machine it should copy the cache to the stick, on an offline configure the update location and trigger an update. Perhaps needs some refinement. Won't post it here (style's embarrassing) but I can send it via private message.

    Christian

Reply
  • +1 in reply to RandomDiceMan

    Hello M,

    there's only one set of definitions for all products and platforms, furthermore there's only one software package for all supported OS versions an OS "family" (like Windows) - if there's a bitness dependency there are specific subfolders.

    the users will have admin level rights
    they are careful, aren't they?

    CLI based commands
    I have a script     intended to be run from a stick. On an online machine it should copy the cache to the stick, on an offline configure the update location and trigger an update. Perhaps needs some refinement. Won't post it here (style's embarrassing) but I can send it via private message.

    Christian

Children
Unfiltered HTML