Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 62 replies
  • Subscribers 0 subscribers
  • Views 195117 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.2.1 and Sophos for MAC OS X Preview (9.0.3)

QC

Decided to give the Preview of Anti-Virus for Mac OS X, version 9.0.3 a try. Chose an old MacBook (running 10.4) as guinea pig. After assigning the alternate policy updating failed with a rather vacuous Error: Could not update Sophos-Anti-Virus at .... Update failed. No indication of the nature or the error and surprisingly no indication of the update location used. 

Now, the error was not unexpected - 9.0.x requires MAC OS X 10.6 minimum but perhaps a more meaningful message could be issued. Anyway I checked the update location and found that it named ESCOSXL as source folder - obviously indicating the changed requirements (though I can't figure out what the L stands for :smileyhappy:).

Admittedly pre-10.6 versions should be rare by now (I've found two 10.5 installations still in use out of about 100). But the folder name change will affect unmanaged or occasionally off-site clients (yes, Cloud is the answer :smileywink:). I've found no reference though (I'd have expected this in the Release Notes). Even as it is Preview you should be required to discover this important information on your own.

Christian   

:43783


This thread was automatically locked due to age.
Parents
  • 0

    Thank you, Bob

    If I understand your post and the Support for Mac OS X Mavericks article correctly there will be no automatic resubscription from 8 Recommended to 9 Recommended and there will not yet be an "unversioned" Recommended (like for Windows), right?

    Meanwhile some endpoints have been upgraded to Mavericks while still updating from the version 8 CID.  I have also learned that one user successfully installed version 8 (we provide the zipped "customized" CID) apparently without problems. Didn't ask whether he fiddled with the security but if he did, he has obviously not found it worth mentioning. Also I saw that the "hack" with com.sophos.sau.plist was effective - the endpoint appeared in Unassigned with the correct update policy set. What to make of it?

    In this context - what is the "best" way (if there is a way at all) to provide an installer package (assuming you do not want to hand out the updating credentials, How to install Endpoint Security and Control manually on networked computers)? The article I mentioned in Mac OS - pre-configuring Autoupdate for version 9.0.x seems to have been withdrawn and while the only potentially applicable article I've found (creating a customized Mac OS X installation file for remote computers) suggests creating a .dmg it seems to require SUM 2.5 for Mac OS X which won't work with version 9.

    True, with RMS working the endpoints will appear in SEC in Unassigned and will receive the correct policy when you move them to the appropriate group. If you're not a 24/7 shop this could cause a significant delay until the Macs can update. Worse, the Mac might "go unmanaged" after install. If you have the - not unusual - configuration of RMS inside only/updates from everywhere it won't receive the policy which would otherwise enable it to update over the (Primary or Secondary) HTTP location. this is, I daresay, rather annoying.

    Christian

    :44553
Reply
  • 0

    Thank you, Bob

    If I understand your post and the Support for Mac OS X Mavericks article correctly there will be no automatic resubscription from 8 Recommended to 9 Recommended and there will not yet be an "unversioned" Recommended (like for Windows), right?

    Meanwhile some endpoints have been upgraded to Mavericks while still updating from the version 8 CID.  I have also learned that one user successfully installed version 8 (we provide the zipped "customized" CID) apparently without problems. Didn't ask whether he fiddled with the security but if he did, he has obviously not found it worth mentioning. Also I saw that the "hack" with com.sophos.sau.plist was effective - the endpoint appeared in Unassigned with the correct update policy set. What to make of it?

    In this context - what is the "best" way (if there is a way at all) to provide an installer package (assuming you do not want to hand out the updating credentials, How to install Endpoint Security and Control manually on networked computers)? The article I mentioned in Mac OS - pre-configuring Autoupdate for version 9.0.x seems to have been withdrawn and while the only potentially applicable article I've found (creating a customized Mac OS X installation file for remote computers) suggests creating a .dmg it seems to require SUM 2.5 for Mac OS X which won't work with version 9.

    True, with RMS working the endpoints will appear in SEC in Unassigned and will receive the correct policy when you move them to the appropriate group. If you're not a 24/7 shop this could cause a significant delay until the Macs can update. Worse, the Mac might "go unmanaged" after install. If you have the - not unusual - configuration of RMS inside only/updates from everywhere it won't receive the policy which would otherwise enable it to update over the (Primary or Secondary) HTTP location. this is, I daresay, rather annoying.

    Christian

    :44553
Children
No Data
Unfiltered HTML