This article gives an overview of the deployment process for Sophos endpoint security software from the central Sophos console.
First seen in
Sophos Enterprise Manager 4.7.0
Sophos Control Center 4.0.0
Enterprise Console 5.0.0
There are three distinct phases to deployment:
- Creation of a remote scheduled task by the computer running the Sophos Management service.
- The Protect Computers wizard will prompt for credentials that are used to authenticate on the remote computer (Administrator or equivalent access). These credentials need to be able to log onto the computer where the Sophos Management Service resides.
- The Sophos Management Service (mgntsvc.exe) then connects to the Microsoft Task Scheduler interface on the remote computer.
- If the requirements have been met, a task will be created (Sophos_InstTask) set with a command line to use Setup.exe.
Note: The specific Setup.exe run can be located in the "Initial Source Location" tab of the AutoUpdate policy applied to the computer's group that is being protected. This path can also be identified in the console under "View" | "Bootstrap Locations...".
- The execution of the task on the endpoint computer.
- The account specified in the Protect Computers wizard will be used to execute the task immediately.
- The task executes Setup.exe located in the distribution point with parameters determined by the options selected in the Protect Computers wizard.
- Installation of the Sophos endpoint security software.
- Sophos AutoUpdate will install after Setup.exe has started. Once complete it will then fetch the additional required packages by connecting to the Updating policy location.This will always include Sophos Remote Management and Sophos Anti-Virus.
Optionally Sophos Client Firewall, Sophos Compliance Agent or Sophos Patch Agent will be downloaded if select during the Protect Computers wizard.
- The packages will install in the following order after Setup.exe has executed:
- Sophos AutoUpdate
- Sophos Remote Management System
- Sophos Anti-Virus
- (Optional) Sophos Client Firewall
- (Optional) Sophos Compliance Agent1
- (Optional) Sophos Encryption2
- (Optional) Sophos Patch Agent3
- Should the installation fail to execute successfully the return code will be sent to console as a failure to install.
1Available in Enterprise Console v3+ only
2Available in Enterprise Console v5.1
3Available in Enterprise Console v5.0+
For more information on protecting and managing endpoint computers from the console see the Sophos endpoint deployment guide.