This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can I use Sophos Endpoint Security without the Enterprise Console?

Good morning all,

Apologies if this is a repeat question but I have had a search and cannot see a straight forward answer so figured I would just ask!

Basically we have an air-gapped customer system that cannot have the Enterprise console installed on to the boxes.  Would it be possible to install the Endpoint software on to their CentOS machines without the console and manually update the virus definitions via USB?

Any insights would be much appreciated.



This thread was automatically locked due to age.
Parents
  • Hello John Weller,

    cannot have the Enterprise console installed
    so no Windows server in this network?

    It is possible and furthermore one of the servers can act as update server for the others. Please see chapter 4 in the Stand-Alone Startup Guide.
    manually update the virus definitions You can't update just the definitions, you'd have to update the server from a copy of a cache or a SEC-managed CID.

    Christian

  • Hi Christian,

    Thanks for taking the time to reply.  Unfortunately there are no Windows machines at all on the network only a dozen or so CentOS 7.6 boxes.

    Reading that section in the stand-alone guide, as none of the machines on the network have access to the internet I wasn't sure if I could run the update script to download all of the relevant files to an internet connected machine and then literally copy that whole directory in to the secure network using a USB?  Or whether the fact that I cannot run those scripts from the box it will ultimately be installed on could mean dependencies would be missed and cause issues with the software running?

    I hope that makes sense.  Basically there is no access to this network other than physical USB drives.

  • Hello John Weller,

    as said, you'd need either a Linux machine or a SEC/SUM that updates from Sophos as source for the USB copy. I'm not aware of dependencies other than the Talpa binary packs. Using the PrimaryUpdateAllDistros option all packs will be downloaded but otherwise the other endpoints would normally compile Talpa locally. Apart from that an endpoint's cache mirrors the download location and can be used by other endpoints of the same platform.

    Christian 

Reply
  • Hello John Weller,

    as said, you'd need either a Linux machine or a SEC/SUM that updates from Sophos as source for the USB copy. I'm not aware of dependencies other than the Talpa binary packs. Using the PrimaryUpdateAllDistros option all packs will be downloaded but otherwise the other endpoints would normally compile Talpa locally. Apart from that an endpoint's cache mirrors the download location and can be used by other endpoints of the same platform.

    Christian 

Children