This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Computer Inventory

hi,

 

Our company is frequently adding computers from time to time, most of them are in the branches. I just want to ask if does SEC has computer inventory feature for me to check computers doesnt have any SAV installed (i dont want manually running Discover Computers option). Secondly, it will automatically detect new computers in the network and will install SAV automatically on those new computers? AD GPO wont work specially on branches. 

Thanks in advance for the input.

 

Regards,

Warren



This thread was automatically locked due to age.
Parents
  • Hi,

    There is no inventory feature beyond what you are already aware of. The automatic options provided are:

    - Automatically import and protect (push) using AD-Sync - This will get the agent onto the computer for reporting.
    - Use AD or some other third party management software to install (pull) the agent on the computers, i.e. running setup.exe, startup scripts, etc...

    Without the Sophos agent (mainly thinking RMS here) on the computer you require either:
    - something that will scrape the network looking for Sophos markers on the computers or
    - an existing piece of code on the endpoints to check for Sophos markers and report this centrally via some means.

    If you always have a list of computers that should be on the network, I guess, the unprotected (or assumed unprotected) list becomes the unmanaged/protected computers in SEC plus the names of computers not in SEC. You can query this against the SEC database using the Sophos Reporting Interface.  Do you have an authoritative list of computer names?  I assume not but could be an option.

    Beyond that, you would need to script something that looks for markers.  IP scan, remote registry, file read with a global administrative password?  Is this level of access even possible? 

    Do you have any third party management tools on the endpoints you could leverage?

    I guess you/IT don't get to touch the computers as they are added to the network?

    Regards,

    Jak

     

Reply
  • Hi,

    There is no inventory feature beyond what you are already aware of. The automatic options provided are:

    - Automatically import and protect (push) using AD-Sync - This will get the agent onto the computer for reporting.
    - Use AD or some other third party management software to install (pull) the agent on the computers, i.e. running setup.exe, startup scripts, etc...

    Without the Sophos agent (mainly thinking RMS here) on the computer you require either:
    - something that will scrape the network looking for Sophos markers on the computers or
    - an existing piece of code on the endpoints to check for Sophos markers and report this centrally via some means.

    If you always have a list of computers that should be on the network, I guess, the unprotected (or assumed unprotected) list becomes the unmanaged/protected computers in SEC plus the names of computers not in SEC. You can query this against the SEC database using the Sophos Reporting Interface.  Do you have an authoritative list of computer names?  I assume not but could be an option.

    Beyond that, you would need to script something that looks for markers.  IP scan, remote registry, file read with a global administrative password?  Is this level of access even possible? 

    Do you have any third party management tools on the endpoints you could leverage?

    I guess you/IT don't get to touch the computers as they are added to the network?

    Regards,

    Jak

     

Children