Methods for automating the deploying of Sophos Cloud software to Windows computers

  • Article ID: 120611
  • Rating:
  • 1 customers rated this article 6.0 out of 6
  • Updated: 21 Sep 2014

This article provides information on deploying the Windows Sophos Cloud installer to multiple computers.  It provides a couple of examples to cover common deployment methods.

Important: Before installation to computers, removal of the following software packages is required:

  • Sophos Compliance Agent.
  • Sophos Patch.
  • Sophos Client Firewall.
  • Sophos Encryption as managed by Enterprise Console.
  • Sophos Anti-Virus, if the following components have been enabled on the computer:
    • Web control.
    • Data control.
    • Application control.

Important: If a device control policy has been sent to the computers, on uninstall of Sophos Anti-Virus the computer may need to be restarted in order to unload and therefore be able re-install the kernel driver sdcfilter.sys. 

Applies to the following Sophos product(s) and version(s)

Sophos Cloud

What To Do

  1. Download 'SophosInstall.exe' from Sophos Cloud.  To do so:
    1. From within Sophos Cloud, click on 'Downloads' link.
    2. Choose the 'Windows installer', i.e. 'SophosInstall.exe'.

      Important: Do not use a user specific 'SophosInstall.exe' as received via the 'Email Deployment' workflow for the below deployment methods.  If you do, all devices will be associated to the Sophos Cloud user sent the email.

  2. Choose the options below that best meets your needs in order to deploy 'SophosInstall.exe' to your computers:

Note: If bandwidth is a concern for the initial deployment, the following articles may prove helpful as part of either a scripted or manual installation:

Active Directory (AD) start-up/log-on script

Important: 'SophosInstall.exe' is required to run as an administrator on the computer. If using 'logon' scripts, the logging on user will need to be an administrator on the local computer for the installation to succeed.  If your users are not local administrators then AD start-up scripts should be used.

  1. Copy the file 'SophosInstall.exe' to a shared location which is accessible by the computers you wish to install to.

  2. In a text editor such as Notepad, paste the following text:

    @echo off
    SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe
    exit /b 0

    exit /b 0

    pushd \\servername\share
    SophosInstall.exe -q

  3. Amend the line: 
    pushd \\servername\share
    with the location of the installer package on your network.

    Note: For more information on the command line switches available see article 120613.

  4. Save the file as 'SophosCloudEndpointInstall.bat'.

  5. If required, follow the below articles as general guidance on how to deploy scripts via Active Directory, substituting the batch file created in this article:

    The following Microsoft documentation may also provide assistance: 'Assign computer startup scripts'.

SCCM deployment

  1. Copy the file 'SophosInstall.exe' to a shared location which is accessible by the computers you wish to install to.
  2. Launch SCCM and navigate to 'Software Library', select 'Application Management' and choose 'Packages'.
  3. Right-click on 'Packages' and select 'Create Package'.
  4. On the 'Package' page of the 'Create Package and Program Wizard', specify the following information as required:
    • Name: 'Sophos Cloud Managed Endpoint'.
    • Description.
    • Manufacturer.
  5. Check 'This package contains source files'. Click 'Browse' to open the 'Set Source Folder' dialog box where you can specify the location of the installer file 'SophosInstall.exe' which was setup in Step 3.
  6. Click next for 'Standard program' type and enter the following information:
    • Name: SophosInstall.exe
    • Command Line : SophosInstall.exe

      Note: An example command line might be:
      SophosInstall.exe -q -tps remove
      For more details on the available command line options see article 120613.

    • Program can run: Only when a user is logged on.
    • Run mode: Run with administrative rights.
    • Drive mode: Runs with UNC name.
    • Run and Start-up fields are optional.
  7. On the 'Requirements' section, create a requirement rule that the package runs only on the the supported Windows platforms.
  8. "Run another program first", Estimated disk space and Maximum allowed run time (minutes) are optional.
  9. Complete the wizard to finish creating the package.
  10. The package is now ready to be deployed to your computers.

Related information

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent