I’m getting a script running on machines at regular intervals called ‘Sophos Central Install and Register’. It’s running repeatedly, sometimes succeeding, sometimes failing. I took a look at the script and it looks like it’s trying to perform an install? It only began this morning after I assigned tenants.
It's running in response to an alert template, but I can’t figure out where that’s coming from and how it chooses what to run on. At one client where we have a mix of AV (we’re in the middle of swapping them out) it’s run on some and not others. It doesn’t seem to be location based, and I’m concerned it’s going to push Sophos out to machines that are not ready receive it.
Additionally, I noted in the location section of the plugin, 'Exclude Auto-deploy' is set to no for all tenants, yet if I select one the popup shows that exclude auto-deploy was NOT checked off. Additionally, it's showing as there being server products and an exclude auto-deploy listed for a client that doesn't even have sophos. I checked the old plugin edfs and it definitely wasn't set up - they don't even have a listing in the portal. They're not a sophos client.
This thread was automatically locked due to age.