Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 11 subscribers
  • Views 2832 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Push deployment - clean install

Lanky Doodle

Hi,

We use Sophos Central and a couple of endpoints are reporting some components as not running or policy compliance is not met, and the recommendation is to "Re-deploy the client". When I click that button it takes me to a page to download the installer exes, not (re)push it out!

Is there anyway of automating this in a clean way. At the moment we are disabling tamper protection, manually removing all Sophos components and then re-installing. This involves kicking the currently logged in user out.

Could this be done from a remote PowerShell session, without disturbing the logged in user?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Have you tried restarting the devices before re-installing them?

    Quite often the errors are related to a Windows update that requires a restart.  When updates are applied, there are often files that need to be replaced, and this can only happen during a restart. These files are listed under the registry key HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations

    When the Sophos installation is run it checks to see if the system needs a restart and suggests you restart the computer first.  If you don't restart first, some of the Sophos components may not successfully install because they need to link some of the files in PendingFileRenameOperations.  Until the system is restarted that link cannot be made.  From my experience, 95% of the installation issues are resolved after restarting the device.

    As for deploying from Central, in order to be able to setup a process to do this you would have to open additional holes on your FW that would be very high risk as it would also open these holes to the bad actors.  The Sophos Enterprise Console would allow for this because it is an on-premise solution.  Last I checked you could only do SEP deployments from their on-premise solution too, you can't do so from the SEP Cloud prodiuct.

    There are many ways that you can automate deployment including using a GPO or SCCM as outlined in the Sophos KB https://community.sophos.com/kb/en-us/120611 or by using other tools such as PDQ Deploy (a free version is available).

    Joe 

  • 0 in reply to GIJoe

    Yes that's true. I'm talking specifically of on-premise SEP(M).

Reply Children
No Data
Unfiltered HTML