This article applies to computers on which you are installing Endpoint Security and Control (including Sophos Anti-Virus and Sophos Client Firewall and Sophos NAC, etc.) for the first time.
- Before you start, please check that you meet the system requirements for the product you are installing.
- Full product documentation can be found here.
Known to apply to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control 9.7
Sophos Endpoint Security and Control 10.0
Sophos Endpoint Security 9.7
What To Do
On operating systems where you must manually install Endpoint Security and Control or Sophos Anti-Virus, you can either:
- Go to each computer in turn, log on as local administrator, and install it, or
- Run the installation program automatically from a script, or with a program like Microsoft SMS. This is particularly useful with large numbers of computers.
- Manual installation
- Scripted and automated installation
- Computers not always on the network
1. Manual installation
You can protect computers by running the installation program manually from the distribution folder (share) where Sophos Update Manager (SUM) downloads updates to.
- Check the location of the distribution folder
- In console from the menu select View | 'Bootstrap Locations...'
- For each of the listed software subscriptions make a note of the path/address shown in the 'Location' column.
- Installing MAC Endpoint
Browse to the distribution share and double-click setup.exe. You can also use customized installation using command line parameters to assist with the installation.
Goto Start | Run and enter \\servername\sophosupdate\CIDs\S000\SAVSCFXP\ to access the share and then double click setup.exe.
Further steps on Windows computers
When installing on Windows computers, you may be prompted to enter user credentials. The account must:
- Be able to log on to (browse to) the computers you want to protect
- Have read access to distribution folder.
Create a Samba share to the distribution share and copy the Sophos Anti-Virus.mpkg file to the Mac desktop and double-click it.
- In the Finder, choose Go > “Connect to Server.”
- Type the network address for the computer in the Server Address from the distribution folder location above.
- Follow the onscreen instructions to type the username and password required to access the share, then navigate to the Mac distribution and copy the Sophos Anti-Virus.mpkg file to the mac desktop and launch.
Further steps on Mac OS X computers (after installation)
- Go into 'System Preferences'
- Open the Sophos Anti-Virus preferences pages
- Click the AutoUpdate tab
- Enter the user credentials.
On the linux endpoint mount the windows drive and run the install.sh.
- Switch to the root user:
- Create a new directory to act as a mount point:
- Set ownership and permissions to make the directory executable. For example:
chown root:root /mnt/sophosupdate/
chmod 700 /mnt/sophosupdate/
- Mount the SophosUpdate share or CID. For example:
mount -t cifs //SERVER/SophosUpdate /mnt/sophosupdate/ -o username=administrator,password=password
- Run the install.sh from the mounted CID. For example:
Follow the instructions to accept the license agreement and complete the installation.
2. Scripted and automated installation
Several knowledgebase articles describe some specialized installation scenarios in more detail. For more information on deployment scenarios (including scripts, SMS or SCCM) see article 114191.
3. Computers not always on the network
Where computers are not always on the network, e.g., laptops that are sometimes used away from the office, you can configure them to update from an alternative source when they are away.
The alternative source can be an updates folder on a website maintained by your company, or it can be a Sophos website. You will either need to create a new updating policy or edit an existing one and enter the alternate update source in the secondary server tab. For instructions on how to do this refer to the associated Help manual for your console version (e.g., 6.3 Configuring the updating policy for Enterprise Console 5.0).