This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PureMessage installed - Manage Sophos AV with Enterprise Console

I recently installed PureMessage for Exchange.  As expected, it installed Sophos Endpoint Protection with the proper Exchange exclusions.   How do I "move" the EPP protection of my exchange server to the our Enterprise Console that controls EPP for our desktop computers?  I've built the updating policy and have a group for the exchange server in SEC, but am confused on how to bring it in as a managed computer.

:57130


This thread was automatically locked due to age.
  • Hello mpq247,

    normally you'd install the managed Endpoint product before installing PureMessage. The following PureMessage for Microsoft Exchange article suggests though that it should be possible to reinstall the Endpoint component (guess you can also "move" to the managed version this way). Please note that you have to correctly (i.e. with the Secondary location Sophos) configure the updating policy and that the exclusions will be lost (i.e. you'd have to add them manually to the AV policy on the console).

    Christian 

    :57144
  • Thanks for the reply Christian.  I saw the article you referrenced prior to installing PM, but it doesn't address the problem I have.  PM is updating its spam policies without a problem.  I guess what I'm asking is how would you take a standalone endpoint running EPP and bring it into the SEC as a managed end point?

    :57150
  • Hello mpq247,

    only the last item (6) is of relevance. I read between the lines that running setup.exe from the CID won't harm the Puremessage installation (might not even be necessary to uninstall AutoUpdate first).

    Another option would be:

    • Open the SESC GUI -> Configure updating
    • Set the Primary location to the applicable CID (your update location)
    • Set the Secondary to Sophos, close the GUI
    • Edit the file C:\ProgramData\Sophos\AutoUpdate\Config\iupd.cfg, scroll to the section
      ;RMS 2000/XP
      [iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}]
      AllowLocalConfig = 1
    • change the next line (likely contains Action = 0x200107) to
      Action = 0x400107

    AutoUpdate should then download RMS from the CID and install it.

    HTH

    Christian

    :57154
  • Christin,

    thank you for the assistance.  I was able to apply the setting changes as you outlined.  I did run into an issue where the RMSNT product would not install.  I searched through some other posts on that issue and resolved that by creating the C:\Program Files (x86)\Sophos\Remote Management System\ directory and copying the cac.pem and mrinit.conf files from another managed system to the EP computer.  All is working and it is showing up in my SEC now as a managed device.

    Thanks!

    :57183
  • Hello mpq247,

    copying the cac.pem and mrinit.conf files

    my bad, sorry, should have remembered that. Kudos for your self-help and posting the final outcome.

    Christian

    :57192