Create Sophos Install Package
This article is intended for use by network administrators who already use Microsoft Systems Management Server (SMS) or System Center Configuration Manager 2007 (SCCM) to manage, deploy, and update network components, and who now want to use SMS to deploy and manage Endpoint Security and Control or other Sophos products on their network. More information about SMS and SCCM 2007 is available from the. The following procedures assume that the user is already familiar with the functionality, components and terminology of SMS. What to do Deploying Sophos products. Creating a new package and program Open the SMS Distribute Software Wizard and Create a new package and program for a collection of computer systems. Give the package an appropriate name, for example, 'Sophos Endpoint Security and Control'.
First, some necessary explanation. We use Sophos Anti-virus on Windows and OS X computers, managed by a central Sophos Enterprise Console (SEC). Clients get their settings from the SEC after installation, including the critical AutoUpdate settings. Now Sophos would have you believe, on the basis of.
Defining a source directory In 'Source Files' select 'Obtain files from a source directory'. In 'Source directory:' select 'Network path (UNC name)'. Enter the location of the update location or Central Installation Directory (CID) files. For example: Enterprise Console 4: servername SophosUpdate CIDs Sxxx package name Enterprise Console 3.x: servername InterChk ESXP If you want groups of computers to update from different locations, these groups and locations can be specified after deployment. This is described more fully below.
Click 'Next'. Selecting distribution points Select appropriate distribution points for the package. Click 'Next' to display the Program Identification dialog box, check that the 'Name' field displays the program name that you defined in step 1 above. Using the Command line You will use the Command line to define two areas:.
Where computers obtain updates. One of the following will apply:. You have groups of computers, and you need to define an update location for each group. You can define these locations either before or after deployment. You want all computers to update from a single location.
You can specify this location before deployment, by entering the primary server address in the command line. The information required to identify the new program.
This must include:. the setup.exe file from the source file specified above. the user name and password required to access the server from which you will get updates. Entering the Command line Enter a command into the Command line field. According to whether you want to specify the primary server address before or after deployment of setup.exe to the computers, your text should resemble one of the following examples:. if you intend to specify the primary server address AFTER deployment: setup.exe -user -pwd.
Where is an account with read-access to the update location/CID. When you enter a command in this format, after the installation program is deployed to the computers, the primary server address in the AutoUpdate Configuration on the client computers defaults to the UNC path of the shared SMS package folder on the SMS server, for example SMSservername SMSPKGC$ 12300001. The client computers will appear as managed and connected in the 'Unassigned' folder in Enterprise Console. However, as the primary server location is not pointing to a managed update location/CID, the computers will not get Sophos updates. if you intend to specify the primary server address BEFORE deployment: setup.exe -user -pwd.mng yes -updp (Enterprise Console 3) name Where is an account with read-access to the update location/CID.
When you enter a command in this format, the client computers will appear as managed and connected in the 'Unassigned' folder in Enterprise Console and will get Sophos updates. Click 'Next'. Running the program In 'Program properties', choose to run the program, and select 'Whether or not a user is logged on' from the dropdown options. Note: After running the program on Windows 95/98/Me platforms, the computer may require rebooting.
Advertising the program Advertise the program. Select appropriate advertisement targets.
Assigning the program Assign the program. Choose the option that makes installation mandatory on the computers. Completing the software distribution Click 'Next', then 'Finish' to complete and exit the software distribution wizard. If necessary, you can now adjust the properties of the advertisement appropriately, such as making assignments mandatory over slow links. Ensure that the distribution points are updated regularly To ensure that new computers install the most recent version of the Sophos software you deployed, make sure that the distribution points update from the update location/CID at least once a month. It is possible to configure the package to automatically refresh the distribution points. Managing client computers after deployment For computers to receive anti-virus updates, you must ensure that the address you want them to update from is correctly set to the update location/CID on the server.
One of the following will apply:. If you did not specify the required primary server address in the command line of the SMS package, following deployment, the computers appear as connected and managed in the 'Unassigned' folder of Enterprise Console. However, they will not receive Sophos updates, because the primary server on the computers is not pointing to a managed update/CID location. In Enterprise Console, you can move them to a configured group and make them comply with the group updating policy.
This forces the AutoUpdate primary server address on the computers to point to the correct CID. If you specified the correct primary server address in the command line of the SMS package, following deployment, the client computers will appear as connected and managed in the 'Unassigned folder' of the Enterprise Console, and will get Sophos updates. You can move these computers to other groups on the console if required. Note: The Protect computers wizard that appears when computers are moved from the 'Unassigned' group can be cancelled. If you need more information or guidance, then please contact. This article is intended for use by network administrators who already use Microsoft Systems Management Server (SMS) or System Center Configuration Manager 2007 (SCCM) to manage, deploy, and update network components, and who now want to use SMS to deploy and manage Endpoint Security and Control or other Sophos products on their network.
More information about SMS and SCCM 2007 is available from the. The following procedures assume that the user is already familiar with the functionality, components and terminology of SMS. What to do Deploying Sophos products. Creating a new package and program Open the SMS Distribute Software Wizard and Create a new package and program for a collection of computer systems. Give the package an appropriate name, for example, 'Sophos Endpoint Security and Control'. Defining a source directory In 'Source Files' select 'Obtain files from a source directory'.
In 'Source directory:' select 'Network path (UNC name)'. Enter the location of the update location or Central Installation Directory (CID) files. For example: Enterprise Console 4: servername SophosUpdate CIDs Sxxx package name Enterprise Console 3.x: servername InterChk ESXP If you want groups of computers to update from different locations, these groups and locations can be specified after deployment. This is described more fully below.
Sophos Install Failed
Click 'Next'. Selecting distribution points Select appropriate distribution points for the package. Click 'Next' to display the Program Identification dialog box, check that the 'Name' field displays the program name that you defined in step 1 above. Using the Command line You will use the Command line to define two areas:. Where computers obtain updates. One of the following will apply:.
You have groups of computers, and you need to define an update location for each group. You can define these locations either before or after deployment. You want all computers to update from a single location. You can specify this location before deployment, by entering the primary server address in the command line.
The information required to identify the new program. This must include:. the setup.exe file from the source file specified above. the user name and password required to access the server from which you will get updates. Entering the Command line Enter a command into the Command line field.
According to whether you want to specify the primary server address before or after deployment of setup.exe to the computers, your text should resemble one of the following examples:. if you intend to specify the primary server address AFTER deployment: setup.exe -user -pwd. Where is an account with read-access to the update location/CID. When you enter a command in this format, after the installation program is deployed to the computers, the primary server address in the AutoUpdate Configuration on the client computers defaults to the UNC path of the shared SMS package folder on the SMS server, for example SMSservername SMSPKGC$ 12300001. The client computers will appear as managed and connected in the 'Unassigned' folder in Enterprise Console.
However, as the primary server location is not pointing to a managed update location/CID, the computers will not get Sophos updates. if you intend to specify the primary server address BEFORE deployment: setup.exe -user -pwd.mng yes -updp (Enterprise Console 3) name Where is an account with read-access to the update location/CID. When you enter a command in this format, the client computers will appear as managed and connected in the 'Unassigned' folder in Enterprise Console and will get Sophos updates. Click 'Next'. Running the program In 'Program properties', choose to run the program, and select 'Whether or not a user is logged on' from the dropdown options.
Note: After running the program on Windows 95/98/Me platforms, the computer may require rebooting. Advertising the program Advertise the program.
Select appropriate advertisement targets. Assigning the program Assign the program. Choose the option that makes installation mandatory on the computers. Completing the software distribution Click 'Next', then 'Finish' to complete and exit the software distribution wizard. If necessary, you can now adjust the properties of the advertisement appropriately, such as making assignments mandatory over slow links.
Ensure that the distribution points are updated regularly To ensure that new computers install the most recent version of the Sophos software you deployed, make sure that the distribution points update from the update location/CID at least once a month. It is possible to configure the package to automatically refresh the distribution points. Managing client computers after deployment For computers to receive anti-virus updates, you must ensure that the address you want them to update from is correctly set to the update location/CID on the server. One of the following will apply:.
If you did not specify the required primary server address in the command line of the SMS package, following deployment, the computers appear as connected and managed in the 'Unassigned' folder of Enterprise Console. However, they will not receive Sophos updates, because the primary server on the computers is not pointing to a managed update/CID location.
In Enterprise Console, you can move them to a configured group and make them comply with the group updating policy. This forces the AutoUpdate primary server address on the computers to point to the correct CID. If you specified the correct primary server address in the command line of the SMS package, following deployment, the client computers will appear as connected and managed in the 'Unassigned folder' of the Enterprise Console, and will get Sophos updates. You can move these computers to other groups on the console if required. Note: The Protect computers wizard that appears when computers are moved from the 'Unassigned' group can be cancelled.
If you need more information or guidance, then please contact.
Posted by, Last modified by Adam Zilliax on 12 March 2015 09:06 PM Overview This document will detail the recommended practice for configuring a 3rd party antivirus solution to update properly when Deep Freeze is protecting a workstation. Introduction Deep Freeze provides administrators with a way to protect workstations from changes by rolling back any change made to the computer at reboot. Deep Freeze does not make any distinction between changes that are malicious, or changes that are desired on a workstation and this can pose some challenges in managing 3rd party products that require updates to occur on a periodic basis. The most common interaction that we find on customers workstations is between antivirus software and Deep Freeze. Antivirus software by design requires periodic updates to maintain it’s effectiveness on a client workstation, and problems may arise unless steps are taken to ensure that the antivirus software can perform updates in a timely manner. Scheduled are used to configure the antivirus software to update in a timeframe where Deep Freeze will not be protecting the workstations. This has the advantage of being one of the less difficult methods to configure but does require that the workstations have a period of time where they will not be used and can be configured to update automatically.
Configuring Sophos Endpoint Security clients to update with Deep Freeze Sophos Endpoint Security supports the use of a command line function that can be used to trigger antivirus updates when the workstations enter into maintenance mode. To configure Deep Freeze to trigger Sophos definitions to update when maintenance mode starts follow the process below. Instructions on triggering a Sophos update on a client workstation can be found here; Deep Freeze 7.5 or Higher 1.
Open the Deep Freeze Configuration Administrator. Configure your Deep Freeze install package as per your normal requirements, including passwords and other settings that may be required. Click on the Workstation Tasks tab. Select Batch File in the Task Type drop down and click Add. Name the event “Sophos Antivirus” in the Name field. Select the frequency for the updates to occur in the Day drop down and set the start and end time for the event.
The options “Allow User to Cancel Event”, “Shutdown after Maintenance”, and “Disable Keyboard and Mouse” can be enabled if desired. Click on the Batch File tab.
Enter the commands to update Sophos in the Batch File Contents field on the tab: 10. Click on the “Create” button on the toolbar and save the Workstation Install Program in a location that you will remember. Install the updated workstation install file on your workstations.
Deep Freeze Version 7.4 or Lower 1. Open the Deep Freeze Configuration Administrator. Configure your Deep Freeze install package as per your normal requirements, including passwords and other settings that may be required. Click on the Embedded Events tab. Select Maintenance in the Event Type drop down dialog and click Add.
Name the event “Sophos Antivirus” in the Event Name field. Select the frequency for the updates to occur in the Day drop down and set the start and end time for the event. Select the Batch File option in the Run drop down. The options “Allow User to Cancel Event”, “Shutdown after Maintenance”, and “Disable Keyboard and Mouse” can be enabled if desired.
Create Sophos Install Package For Mac
Click on the Maintenance tab. Enter the commands to update Sophos in the Batch File field on the Maintenance tab. Click on the “Create” button on the toolbar and save the Workstation Install Program in a location that you will remember.
Install the updated workstation install file on your workstations.