HTTPS updates

The files are all check-summed and signed so even if HTTP is used, the endpoint wouldn't deploy anything not expected. None of the files pulled over the updating channel are unique to you they are just the standard files of the install sets.

https://community.sophos.com/kb/en-us/127537 should answer at least part of the question.

The biggest issue I've seen with HTTP is third party proxies/devices blocking Sophos files as suspicious as they are downloaded by AutoUpdate. As less of those will be doing SSL inspection, there should be less false positives from third party vendors breaking updating.

At the client, evidence of AutoUpdate using HTTPS for updates is the flag "UseHttps = 1" in the file C:\ProgramData\Sophos\AutoUpdate\Config\iconn.cfg

Regards,

Jak

The files are all check-summed and signed so even if HTTP is used, the endpoint wouldn't deploy anything not expected. None of the files pulled over the updating channel are unique to you they are just the standard files of the install sets.

https://community.sophos.com/kb/en-us/127537 should answer at least part of the question.

The biggest issue I've seen with HTTP is third party proxies/devices blocking Sophos files as suspicious as they are downloaded by AutoUpdate. As less of those will be doing SSL inspection, there should be less false positives from third party vendors breaking updating.

At the client, evidence of AutoUpdate using HTTPS for updates is the flag "UseHttps = 1" in the file C:\ProgramData\Sophos\AutoUpdate\Config\iconn.cfg

Regards,

Jak