This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wrong Installer Downloaded - Please Help/Guidance?!

Hi, 

 

I have a license for UTM 9 for home. I was doing some testing on a VM and got "could not contact server" for updates to the AV. This kept happening over a long period of a week. 

 

I then decided to google for a "normal" Sophos installer for EndPoint and then planned to enter in the settings for my UTM to receive updates. Unfortunately, I googled the name of a Sophos.exe which brought me to this page "http://sophos.oh-isp.com/downloads/Sophos10SW/" which I thought was from the Official Sophos site, how wrong I was.

 

I then downloaded one of the EXE's, installed it on a VM and it received updates, however it had update settings previously entered on it and is obviously a company's Sophos installer, that I have accidentally installed on my system. 

 

I'm concerned about this now, I installed it on a machine that was joined to my home domain, however had no user data on it. I was logged on as Domain Admin and was only used for testing. What legalities are there to this situation, if any? I have killed the VM however I did receive a notification that when installing that I had a newer version of Sophos Update installed. I installed version 10.0 and on all my other machines I have 11.0 UTM. I don't know why these setups are unattended now, but I feel stupid that I've accidentally installed another version that has linked to some company's server (I think?)

 

This was a stupid decision of mine, and after some looking the installer seems to belong to a subsidiary of Capita Group. Brilliant. 

 

Please could anyone give advice as to what to do, I only came across the page because Google had indexed it, although I don't think it should have been accessible? 

 

Thanks all.

John



This thread was automatically locked due to age.
Parents
  • Hello John,

    that these apparently outdated downloads are publicly available is not your fault. Friends (if you count Google among them) can err. The names suggest that these are SA versions which usually don't have an update location configured. If I understand you correctly you've stopped using it as soon as you'd noticed anyway so there's nothing which would be put forth against you.

    AFAIK the Home UTM does not come with endpoint AV or do you mean with a license for UTM 9 for home that you have a paid AV license for use with the UTM?

    Christian

  • Hi Christian, 

     

    I have the Sophos UTM 9 Home license which gives me ten licenses for Sophos Endpoint Security and Control (the predecessor of Sophos XG Firewall). I did kill the virtual machine as soon as I realised this software version was inadvertently installed on my system. I killed the VM before my daily backup was meant to start meaning that all traces of the software are completely removed from my system.

     

    In regards to progressing forward with this, do I just leave it as I have killed the VM or am I somewhat duty bound inform Capita of this? I think it was stupid putting the installers on the internet, but equally I should have been more careful when installing files that looked to be from the Sophos website. I suppose if anything were to happen, I would have been contacted by now? How would these machines "check in" over the internet, I have only used Sophos Enterprise Console once and what personal information, if any would have been collected?

    I'm grateful for your information and help thus far, it is much appreciated.

     

    John

     

Reply
  • Hi Christian, 

     

    I have the Sophos UTM 9 Home license which gives me ten licenses for Sophos Endpoint Security and Control (the predecessor of Sophos XG Firewall). I did kill the virtual machine as soon as I realised this software version was inadvertently installed on my system. I killed the VM before my daily backup was meant to start meaning that all traces of the software are completely removed from my system.

     

    In regards to progressing forward with this, do I just leave it as I have killed the VM or am I somewhat duty bound inform Capita of this? I think it was stupid putting the installers on the internet, but equally I should have been more careful when installing files that looked to be from the Sophos website. I suppose if anything were to happen, I would have been contacted by now? How would these machines "check in" over the internet, I have only used Sophos Enterprise Console once and what personal information, if any would have been collected?

    I'm grateful for your information and help thus far, it is much appreciated.

     

    John

     

Children
  • Hello John,

    just my personal opinion - you haven't transgressed when you downloaded this installer. It turns up on a public search, there's no security whatsoever, likely there wasn't any EULA (apart from perhaps Sophos') you had to agree to. Dunno if you are legally bound to inform them (or Sophos) that these (legacy) installers are publicly available. They are of no use without appropriate downloading credentials.
    There's no personal information involved. all that is collected is perhaps an IP and credentials used but frankly, who'd be interested in tracking down one or two update attempts and their originator? That's not Sophos' and likely not Capita's as well business model [:)].

    Christian

  • Hi again Christian, 

     

    Thanks again for getting back in touch. I agree that I didn't violate any security in order to gain access this installer and no, there wasn't any EULA apart from the default Sophos one. I'm of the mindset that I shan't create any unnecessary contact with Capita as they haven't got in contact with me, and I additionally agree that tracking people down isn't part of their business model! 

     

    Thank you for also informing me about the data collected after running the installer, as my Public IP has changed then apart from contacting my ISP there's virtually no trace. I did feel somewhat uneasy and liable after running the installer accidentally, hence me creating this thread. I'm grateful for the reassurance you've given me.

     

    I consider this matter solved now, and if there is an option to I'll give you kudos for all posts you've given on the thread.

     

    Thanks again for all the help, it has helped me massively!

     

    John.