This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Requested updates to the CWA (ConnectWise Automate) Sophos plugin.

I just installed the CWA Sophos plugin, and appreciate the ability to use a script to deploy Sophos. However this seems to be a black and white solution.

I want to be able to deploy Sophos to agents, but I don't want to auto-push to all the agents in a client/location.

 

The deploy script specifically checks if the "Deploy Sophos" checkbox is enabled at the client level, and will not run if it isn't. Meaning either have full automated push deployments to all agents, or be unable to deploy Sophos at all.

However the main deployment search which populates the group that has this scheduled script on it (Antivirus Software\Sophos Central Missing) already checks for that checkbox as well. So this would seem redundant.

Removing the check from the script would enable us to deploy Sophos for any customer location for which we have filled out the server location and token.

 

Additionally, the search, as written right now, is somewhat convoluted and could be optimized by making the main operator an AND and searching for recurring checks (like the Deploy Sophos EDF at the client level) in a section of its own, and then split out into an OR for workstation and server section.



This thread was automatically locked due to age.
Parents Reply Children
  • Hello Jeroen van der Maat,

    Here's the information we received from the team:

    • I want to be able to deploy Sophos to agents, but I don't want to auto-push to all the agents in a client/location.
      • The Client Level enables everything. You can use the Locations or even each devices override option to designate that Sophos shouldn’t ne installed.
    • The deploy script specifically checks if the "Deploy Sophos" checkbox is enabled at the client level, and will not run if it isn't. Meaning either have full automated push deployments to all agents, or be unable to deploy Sophos at all.
      • Referencing the Deploy option is by design so that it can’t be run on accident against a customer that isn’t using Sophos.
    • However the main deployment search which populates the group that has this scheduled script on it (Antivirus Software\Sophos Central Missing) already checks for that checkbox as well. So this would seem redundant.
      • It is all about having multiple checks. The Group check ensures that we’re not running a script against a machine that does get Sophos. If the Script is manually run against a machine it wouldn’t be checked by the group. Therefore the script checks the Delpoyment Check again to ensure that Deploy is enabled for that customer.
    • Removing the check from the script would enable us to deploy Sophos for any customer location for which we have filled out the server location and token.
      • You can still do this. Set the Client Level Products to None. Then set the Location or individual Clients Override to the Product that gets installed.
    • Additionally, the search, as written right now, is somewhat convoluted and could be optimized by making the main operator an AND and searching for recurring checks (like the Deploy Sophos EDF at the client level) in a section of its own, and then split out into an OR for workstation and server section.
                The AND and OR operators in Connectwise don’t work like and IF/THEN. You have to be really carefully where your AND and OR is located, or the entire logic can break.


    We will be adding additional information to this article
    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.