Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 9 subscribers
  • Views 3869 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Doubts

Tiago Toledo

Doubts

1) After making a change in policy, how soon will it be updated for customers?

 

2) By default does the scheduled scan come disable by default, if not enable is not done automatically?

 

3) The "policy is forced" option is used for what? "Politics is ignored" does that mean what? Is used for what?

 

4) Does the order of politics make any difference?

 

5) Add exchange login, what is this option for?

 

6) When deleting device from Sophos Central, the client to be updated? What happens?

 

7) Is it possible to only monitor the websites accessed? Do not want to block anything, the idea is to only monitor all accessed sites without blocking anything? How to make?

 

8) What is "Update Management" used for? If not use what happens?

 

9) How do I download the complete installer file? When I click on protect device, I download a very small file, how do I download the complete file?



This thread was automatically locked due to age.
Parents
  • +2

    Based on our experience I will answer based on my experience deploying the Sophos Central End Point advanced product.

     

    1)

    Once you click save the policy is pushed to active clients. Clients will also get it as they check in with sophos central.

    2) 

    On our deployment The base policy had scheduled scan set to every night at 9PM. The base policy is enforced and applied to all computers/users.

    We created our own threat policies by user type and set the scheduled scan at different intervals.

    3) 

    Policies are not active until they are enforced. The base policies for each area are enforced by default. You can turn off enforcement of policies.

    4) Policies are enforced in a top to bottom fashion, the first policy that applies to a user/computer is applied and the rest are ignored. So the more specific policies should be at the top with the base policy at the bottom.  We apply policies at the user level. Users are placed into groups and different groups have different policies. If you have users in multiple groups than the first policy that is found for the user is applied and the rest are ignored.

    5) 

    This is used for those organizations that use a directory sync. Its also used by the user to login to the console if you are using directory sync. Otherwise users are local users to sophos.

    6) There is no point in deleting a device from Sophos if you haven't first removed the software from the client device. Otherwise the client will re-register with the cloud console. You also run the risk of losing the tamper proof password for the client. Forcing you to re-image the device or follow a complicated procedure in safe mode to disable the password. So in essence you must first remove the software at the device level and then remove the computer from sophos. Removing the device from sophos DOES NOT remove the software from the client.

    7) I'm not sure about this. You could technically set everything to warn. When a user clicks proceed the action is logged, but a user would have to click proceed on each website. This would be a major pain for your users. I do not believe that this how the product should work. If you want to audit what people are visiting then sophos central end point is not the correct product. You need their web gateway product or a physical appliance onsite to do this inline.

    8) Update management controls how the local client gets updated. if you use the base policy then clients are updated automatically. In some environments this is not acceptable as all updates to end points must be scheduled and controlled. You can create a custom policy to do this.

    9) There is no complete installer file. They use to have a procedure where you could create a full install from a fully patched device. You can no longer do that. This makes deploying the client in large environments a major time sink and could cause issues on local networks. They have a cache server functionality but to use that you need to buy a server license. This move was definitely questionable and did demonstrate a lack of understanding for larger environments in my opinion.

     

     

     

Reply
  • +2

    Based on our experience I will answer based on my experience deploying the Sophos Central End Point advanced product.

     

    1)

    Once you click save the policy is pushed to active clients. Clients will also get it as they check in with sophos central.

    2) 

    On our deployment The base policy had scheduled scan set to every night at 9PM. The base policy is enforced and applied to all computers/users.

    We created our own threat policies by user type and set the scheduled scan at different intervals.

    3) 

    Policies are not active until they are enforced. The base policies for each area are enforced by default. You can turn off enforcement of policies.

    4) Policies are enforced in a top to bottom fashion, the first policy that applies to a user/computer is applied and the rest are ignored. So the more specific policies should be at the top with the base policy at the bottom.  We apply policies at the user level. Users are placed into groups and different groups have different policies. If you have users in multiple groups than the first policy that is found for the user is applied and the rest are ignored.

    5) 

    This is used for those organizations that use a directory sync. Its also used by the user to login to the console if you are using directory sync. Otherwise users are local users to sophos.

    6) There is no point in deleting a device from Sophos if you haven't first removed the software from the client device. Otherwise the client will re-register with the cloud console. You also run the risk of losing the tamper proof password for the client. Forcing you to re-image the device or follow a complicated procedure in safe mode to disable the password. So in essence you must first remove the software at the device level and then remove the computer from sophos. Removing the device from sophos DOES NOT remove the software from the client.

    7) I'm not sure about this. You could technically set everything to warn. When a user clicks proceed the action is logged, but a user would have to click proceed on each website. This would be a major pain for your users. I do not believe that this how the product should work. If you want to audit what people are visiting then sophos central end point is not the correct product. You need their web gateway product or a physical appliance onsite to do this inline.

    8) Update management controls how the local client gets updated. if you use the base policy then clients are updated automatically. In some environments this is not acceptable as all updates to end points must be scheduled and controlled. You can create a custom policy to do this.

    9) There is no complete installer file. They use to have a procedure where you could create a full install from a fully patched device. You can no longer do that. This makes deploying the client in large environments a major time sink and could cause issues on local networks. They have a cache server functionality but to use that you need to buy a server license. This move was definitely questionable and did demonstrate a lack of understanding for larger environments in my opinion.

     

     

     

Children
Unfiltered HTML