FEATURE REQUEST : Install/Uninstall from Sophos Central Console

Hi jharrell, 

As you have an option to install manually by adding a system on the Sophos Central , similarly you may delete the client machine from Sophos central but the installation must be done on the PC .(If removed from Sophos Central) it would not be considered in the license. So first if you have a system with you , we would advise them to uninstall the Endpoint before removing the Computer from Central otherwise if Tamper protection enabled then it would be difficult to remove it afterward (as tamper protection is enabled on the system) unless disabled globally.

Thanks and Regards

Aditya Patel |Network and Security Engineer.

That's not an answer so I rejected it.  It was simply confirmation of what I already know.

I've seen unlicensed installs continue to protect the computer long after expiry.

This feature is needed.

It's a difficult situation to answer, and I personally don't think the technology _should_ be responsible for enforcing licensing... which is counter to what most software development firms want - not to make money!

Personally, in these situations and especially with BYOD users who leave the company and therefore are no longer entitled to Sophos Central managed endpoint protection I make it part of exit interviews or during collection of keys, badges, etc to inform them of Home.Sophos.com.  Tell them to uninstall their current Sophos Central managed endpoint and then install home.

Yes it does leave the user leaving responsible for removing your licensed copy of Sophos, but it provides a couple of scenarios.

1. They're always protected.  Sure you delete them from your Cloud console, and this relinquishes a license, but at least the user is never unprotected!  Yes, they're still updating from Sophos, but so what, it's only data and at least they're protected whilst they sort their next job out.

2. Get Restrictive.  I've also seen, and only once, a Security Manager write into their Acceptable Use Policy that if after employment ceases and they do not remove their Sophos Central client from their BYOD machine, that their Internet Browsers will cease to function after two weeks!  This is made possible by the admin dumping the ex-employee into an Application Control policy which blocks browsers.  Last I heard, was very effective at ensuring software compliance when ex-employees rang up to say Sophos was blocking their internet!  Most figured out that Tamper Protection had been disabled on their machines and therefore they could simply uninstall and move on!

It's a difficult situation to answer, and I personally don't think the technology _should_ be responsible for enforcing licensing... which is counter to what most software development firms want - not to make money!

Personally, in these situations and especially with BYOD users who leave the company and therefore are no longer entitled to Sophos Central managed endpoint protection I make it part of exit interviews or during collection of keys, badges, etc to inform them of Home.Sophos.com.  Tell them to uninstall their current Sophos Central managed endpoint and then install home.

Yes it does leave the user leaving responsible for removing your licensed copy of Sophos, but it provides a couple of scenarios.

1. They're always protected.  Sure you delete them from your Cloud console, and this relinquishes a license, but at least the user is never unprotected!  Yes, they're still updating from Sophos, but so what, it's only data and at least they're protected whilst they sort their next job out.

2. Get Restrictive.  I've also seen, and only once, a Security Manager write into their Acceptable Use Policy that if after employment ceases and they do not remove their Sophos Central client from their BYOD machine, that their Internet Browsers will cease to function after two weeks!  This is made possible by the admin dumping the ex-employee into an Application Control policy which blocks browsers.  Last I heard, was very effective at ensuring software compliance when ex-employees rang up to say Sophos was blocking their internet!  Most figured out that Tamper Protection had been disabled on their machines and therefore they could simply uninstall and move on!