This post shows the steps to deploy Sophos endpoint protection agent using SCCM. For a big organization protecting computers is the major task. While there are lot of anti-virus solutions out there, Sophos is also in the top list of AV’s. Sophos also allows security admins to manage all Sophos products from a single, cloud-based console. Sophos provides different methods for automating the deployment of software to Windows computers. SCCM makes it easier to deploy Sophos central installer to multiple window computers. If you have access to Sophos central and looking to deploy agents across your organization, this post should help you.
Sophos Endpoint Protection Command line switches
Sophos provides few command line switches to install endpoint protection agent. The below switches applies to Sophos Cloud Managed Endpoint, Central Endpoint Standard and Endpoint Advanced. Sophos cloud installer switches include:-
|Switch||What it does|
|-q||Installs Sophos agent with no user interface.|
|-tps detect/ignore/remove||detect – Stops the installation if Sophos finds another security software.
ignore – Ignore the existing security software and install Sophos protection software.
remove – removes existing security software and then installs Sophos agent.
Deploy Sophos Endpoint Protection Agent using SCCM
Let’s look at steps to deploy Sophos endpoint protection agent using SCCM. Login to Sophos Central console and click on Protected Devices. Under Endpoint Protection, click Download Complete Windows Installer. Save the installer and copy it to sources drive or any shared path. This path should be accessible by configuration manager.
Specify Content location (path where content is located). In the next step specify install and uninstall commands as shown below. The sophos installer batch file contains the code to install Sophos cloud endpoint. The code is available here. Copy the code into notepad, you need to replace line pushd \\servername\share with the location of the installer package on your network. Save it as a batch file and use it as installation program.
Installation program - "Sophosinstaller.bat" Uninstall program - "C:\\Program Files\\Sophos\\Sophos Endpoint Agent\\uninstallcli.exe"
Setting Type - File System Type - File Path - %ProgramFiles(x86)%\Sophos\Management Communications System\Endpoint File or folder name - McsClient.exe
Select The file system must satisfy the following rule to indicate the presence of this application.
Property - Version Operator - Greater than or equal to Value - 188.8.131.52
For second detection rule add the following.
Setting Type - File System Type - File Path - %ProgramFiles(x86)%\Sophos\Management Communications System\Endpoint File or folder name - McsClient.exe Property - Version Operator - Greater than or equal to Value - 184.108.40.206
The next steps are simple to perform. Distribute the app to distribution points and deploy this app to device collection. The client computers will need internet connectivity to complete the installation of Sophos endpoint protection agent.