This article provides information around using the Sophos Enterprise Console to install Sophos Anti-Virus when an endpoint is in quarantine. If Sophos NAC is already installed and an endpoint is in quarantine and you use Sophos Enterprise Console to install Sophos Anti-Virus, the Sophos Anti-Virus installation will fail.
Sophos product and version
Sophos NAC for Endpoint Security and Control
Actions/What to do
There are three different workarounds for this issue:
- Using the NAC Manager, update the Sophos NAC policy so that it does not perform enforcement. Use the NAC Manager to update the policy that is applying enforcement and change the policy mode from Enforce to Report Only. This action turns off enforcement so that you can complete the Sophos Anti-Virus installation. You must wait until all endpoints retrieve the updated NAC policy before you attempt to install Sophos Anti-Virus. Using Sophos Enterprise Console, "Protect" the affected endpoints with Sophos Anti-Virus. Once the installation is successful, update the Sophos NAC policy to change the policy mode from Report Only to Enforce.
- Using the NAC Manager, update the NAC policy and change the Quarantine Override to "True". Have the user on each endpoint that is in quarantine check compliance. To complete this task, each user must right-click the NAC Agent icon and select Check Compliance from the menu. This action retrieves the updated policy with the Quarantine Override enabled. Have each user select Disable Agent Quarantine from the right-click menu. This action removes the endpoint from quarantine so that Sophos Anti-Virus can be installed. Using Sophos Enterprise Console, "Protect" the affected endpoints with Sophos Anti-Virus. Once the installation is successful, update the Sophos NAC policy to disable the Quarantine Override by changing the setting to "False".
- Have the affected users uninstall the Sophos NAC Agent. Using Sophos Enterprise Console, "Protect" the affected computers with both Sophos NAC and Sophos Anti-Virus. The "Protect" will install the Sophos NAC Agent and Sophos Anti-Virus to the affected endpoints.