The command line interface (CLI) of the UTM Managed Endpoint installer

  • Article ID: 117630
  • Updated: 04 Jul 2013

The Sophos UTM endpoint installer accepts command line parameters and hence allows you to script the installation/deployment of Sophos Endpoint Security and Control to your network computers.

This article explains what command line interface (CLI) options are available and how you can install Sophos Endpoint Security and Control without manually running the executable file interactively.

Known to apply to the following Sophos product(s) and version(s)

UTM Managed Endpoint (Windows 2000+)

For Sophos installations managed from Sophos UTM

You can perform customized installations of endpoint software (Sophos Anti-Virus, Sophos AutoUpdate and Sophos Management Communications System) on Windows computers by running the UTM installer program from a command line. This allows you to deploy endpoint software to your network using a startup script and the installation method of your choice, as well as invoking some of the special features described below.

The UTM Installer Program

The UTM installer is supplied as a single executable, named (for example):

  • SophosMcsEndpoint_1234567890ABCDEFG.exe

Important: If you rename the installer program and run the exe by double-clicking on it the installation will fail.  The file will either have to be renamed back to the original filename or the file run from the command line with the '-code' parameter.  Further advice on this option is available later in this article.

The name of the installer program is constructed as follows:

  • The first part of the name (SophosMcsEndpoint_) identifies this program as the Sophos UTM installer. 
  • The first 13 characters of the second part of the name (e.g., 1234567890ABC) is the token value. The token is used as part of the registration process with the Sophos LiveConnect service; it associates the installed software with the Astaro Security Gateway (ASG) that is to manage it. Each ASG has a different installation code.

Modes of Operation

By default, the UTM installer runs in a graphical user-interface (GUI) mode. This allows you to install the Sophos protection software by following the on-screen instructions.

Alternatively, you can make the UTM installer execute quietly, i.e., without the GUI, by using the ‘-q’ command. This is useful, for example, if you want to deploy the Sophos UTM protection software using a startup script.

The UTM Installer Command Line

This takes the form SophosMcsEndpoint_<installation-code>.exe [-code <code>][-tps <action>][-q]

Example 1
SophosMcsEndpoint_1234567890ABCDEFG.exe -code 1234567890ABC -tps remove –q

This example uses the installer package with the token code, –tps remove to remove third party security software, and –q to make it run silently.

Example 2
SophosEndpoint.exe -code 1234567890ABC -tps remove –q

This example shows the installer package renamed with the required token code, –tps remove to remove third party security software, and –q to make it run silently. 

Note: If you rename the installer file the following applies:

  • You cannot launch the installer manually because the installation will fail due the file having been renamed. 
  • You have to use the command line procedure, using the required token value as indicated above. See article 117522 for more information on deployment methods.
Command Default Description
-code <code> <installation code> this comes from the UTM installer’s program-name (see above). The installation code is used by the UTM protection software for registering with the Sophos LiveConnect service. (You may need this command if, for some reason, your installation code has changed since receiving the installer program).
-tps detect This option indicates the action to be performed by the UTM installer if the endpoint is running third-party security software. There are three options:
  • detect: The UTM installer detects third-party security software and stops the installation.
  • ignore: The UTM installer ignores the presence of third-party security software, and attempts to install the Sophos protection software.
  • remove: The UTM installer will remove the third-party security software before installing the Sophos protection software (recommended).
If you are running the GUI, and you have specified the third-party security software action on the command-line, then no Remove Software page is displayed.
-q n/a Run quietly i.e. without GUI

  • If you do not use the -code command:
    The UTM protection software uses the installation-code from the UTM installer’s program-name. This is how the UTM installer will usually be used.

  • If you do not use the -tps command:
    The action taken by the installer depends on whether the installer is running with or without the GUI:
    • With the GUI: In the GUI specify the action on the Remove Software page, by checking or unchecking the 'Remove conflicting third-party security software' check-box. Check the box to remove the third-part software or uncheck it to just detect the third-party software.
    • Without the GUI: The detect action is assumed.

  • In the absence of the -q command:
    The installer runs with the GUI.

The UTM Installer Result

  • If you run the installer with the GUI, it will report installation status in the GUI when the installer completes.
  • The UTM installer always reports a result value to the operating system on completion, regardless of whether or not you are running the GUI. Result value 0 (zero) means installation successful; any other value means that the installation failed.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent