How to install Endpoint Security and Control manually on networked computers

  • Article ID: 12386
  • Rating:
  • 40 customers rated this article 2.6 out of 6
  • Updated: 27 May 2014

This article applies to computers on which you are installing Endpoint Security and Control (including Sophos Anti-Virus and Sophos Client Firewall, etc.) for the first time.

  • Before you start, please check that you meet the system requirements for the product you are installing.
  • Full product documentation can be found here.

Applies to the following Sophos product(s) and version(s)

Sophos Endpoint Security and Control 9.7
Sophos Endpoint Security and Control 10.0

What To Do

On operating systems where you must manually install Endpoint Security and Control or Sophos Anti-Virus, you can either:

  • Go to each computer in turn, log on as local administrator, and install it, or
  • Run the installation program automatically from a script, or with a program like Microsoft SMS. This is particularly useful with large numbers of computers.

Contents

  1. Manual installation
  2. Scripted and automated installation
  3. Computers not always on the network

1. Manual installation

You can protect computers by running the installation program manually from the distribution folder (share) where Sophos Update Manager (SUM) downloads updates to.

  1. Check the location of the distribution folder
    1. In console from the menu select View | 'Bootstrap Locations...'
    2. For each of the listed software subscriptions make a note of the path/address shown in the 'Location' column.

      Example:
      \\servername\sophosupdate\CIDs\S000\SAVSCFXP\
      \\servername\sophosupdate\CIDs\S000\ESCOSX\
      \\servername\sophosupdate\CIDs\S000\savlinux\

  2. Installing

    Windows Endpoint
    Browse to the distribution share and double-click setup.exe. You can also use customized installation using command line parameters to assist with the installation.

    Example:
    Goto Start | Run and enter \\servername\sophosupdate\CIDs\S000\SAVSCFXP\ to access the share and then double click setup.exe.

    Further steps on Windows computers
    When installing on Windows computers, you may be prompted to enter user credentials. The account must:

    1. Be able to log on to (browse to) the computers you want to protect
    2. Have read access to distribution folder.


  3. MAC Endpoint
    Create a Samba share to the distribution share and copy the Sophos Anti-Virus.mpkg file to the Mac desktop and double-click it.

    Example:

    1. In the Finder, choose Go > “Connect to Server.”
    2. Type the network address for the computer in the Server Address from the distribution folder location above.
      smb://servername/sophosupdate

    3. Follow the onscreen instructions to type the username and password required to access the share, then navigate to the Mac distribution and copy the Sophos Anti-Virus.mpkg file to the mac desktop and launch.

      Further steps on Mac OS X computers (after installation)

    4. Go into 'System Preferences'
    5. Open the Sophos Anti-Virus preferences pages
    6. Click the AutoUpdate tab
    7. Enter the user credentials.

Linux Endpoint
On the linux endpoint mount the windows drive and run the install.sh.

Example:
  1. Switch to the root user:
    su –

  2. Create a new directory to act as a mount point:
    mkdir /mnt/sophosupdate/

  3. Set ownership and permissions to make the directory executable. For example:
    chown root:root /mnt/sophosupdate/
    chmod 700 /mnt/sophosupdate/

  4. Mount the SophosUpdate share or CID. For example:
    mount -t cifs //SERVER/SophosUpdate /mnt/sophosupdate/ -o username=administrator,password=password

  5. Run the install.sh from the mounted CID. For example:
    /mnt/sophosupdate/CIDs/S000/savlinux/install.sh

    Follow the instructions to accept the license agreement and complete the installation.

2. Scripted and automated installation

Several knowledgebase articles describe some specialized installation scenarios in more detail.  For more information on deployment scenarios (including scripts, SMS or SCCM) see article 114191.

3. Computers not always on the network

Where computers are not always on the network, e.g., laptops that are sometimes used away from the office, you can configure them to update from an alternative source when they are away.

The alternative source can be an updates folder on a website maintained by your company, or it can be a Sophos website.  You will either need to create a new updating policy or edit an existing one and enter the alternate update source in the secondary server tab.  For instructions on how to do this refer to the associated Help manual for your console version (e.g., 6.3 Configuring the updating policy for Enterprise Console 5.0).

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments