This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Couple of questions about endpoint protection

H,

we have Sophos enterprise console up and running.

We would like to install the endpoint protection on laptops remotely but still be able to alter their policies remotely when required eg lock usb out.

Using the Sophos endpoint packager, when I install RMS (to administer the laptop remotely etc), it fails to update as the laptop is not within the trusted network but at a remote location. Due to this, it doesn't get the initial updates as they need to come from the RMS server. Not installing the RMS, allows us to get the initial updates from Sophos but this then doesn't allow RMS to work.

Anybody came accross this?



This thread was automatically locked due to age.
Parents
  • Hello Louis-M,

    this is a restriction of the Deployment Packager (and there isn't really a viable solution other than building a modified package, or wrapping it up).

    alter their policies remotely
    requires RMS connectivity - if the initial install can't complete due to missing connectivity even if you can work around it you'd subsequently be unable to assign policies. Please see also my reply to your Secondary update location post.

    Christian

Reply
  • Hello Louis-M,

    this is a restriction of the Deployment Packager (and there isn't really a viable solution other than building a modified package, or wrapping it up).

    alter their policies remotely
    requires RMS connectivity - if the initial install can't complete due to missing connectivity even if you can work around it you'd subsequently be unable to assign policies. Please see also my reply to your Secondary update location post.

    Christian

Children
  • Hi Christian,

    thanks for the reply and yes, I was asking multiple questions about this hoping to achieve the same outcome. I'm starting to realise that if I want control of my clients when they are away and I need it reporting, the clients need to be able to communicate with the primary updating server (via nat, dmz etc)

    I'm now making changes to my network to enable this so hope to have it working soon.