Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1315 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

home use for licensed sophos customers

johnd

I have deployed a test standalone installer package using the enterprise console (article 67504) with updating pointing to a web cid, sophos home installation is updating properly, the primary server details, username and password are "grayed out" which is basically exported this policy from our enterprise console. My question is what if an employee that was issued by this home install will be terminated or will not be working anymore in our company, how can I revoke the home install. Support told me that I have to manually remove the home install from the client machine, which is a pain. Any other advise on how we can reclaim this home install or somehow make their home install not to work anymore. Our network uses active directory, web cid created from IIS.

:5864


This thread was automatically locked due to age.
  • 0

    Hello johnd,

    this was always a problem. I've talked about it with our Sophos representative years ago. The off-the-record statement was that this is not seen as a major issue (but of course Sophos will tell you have to remove it): "illegal protection" of a home computer is better than none at all and it probably won't "live" longer than the computer itself.

    I understand that you are asking "just in case" (i.e. you expect that your former employees will in most cases comply and remove it, but ...). The only practical way I can see is setting up the http updates to require an authorized proxy with per-user credentials (you can make the proxy settings configurable while still locking the update details) which you can revoke when necessary. Sure this would complicate your infrastructure.

    More of a concern: I'd rather not - as suggested in some articles - set Sophos as secondary or only update location. This way you won't have any control at all (you couldn't even monitor usage then). I believe they have done their math at Sophos and came to the conclusion that a cunning scheme to prevent such "unauthorized use" wouldn't pay off.

    Christian

    :5865
  • 0

    Im guessing because sophos dont provide a home version they wont be too bothered! 

    Its less money going to their competitors!! :) :) 

    :5877
  • 0

    Hi John,

    I've thought about this a lot here as I'm in exactly the same situation. My thoughts are leaning towards creating a simple web-app that looks at the client ID you can see from the initial connectionrequest that SAU uses to connect to the webcid (it has the machine name in it - look in the web site logs, you can see this easy enough). By using an app in an application pool, it should be possible to lookup the client ID's in a table and redirect to nothing if they are 'blacklisted'. Next problem I have is that I set Sophos databank as a secondary update site so if it fails from my CID, it'll still update from the databank. So, I'm also toying with having an out-of-date CID and redirecting to this when blacklisted. That way, it'll update from us but remain at a fixed point and eventually after 90 days, they'll get an out-of-date security alert warning from windows. It's still in thought process at the moment but anyone out there with basic IIS app skills should be able to knock something up easy enough.

    Matt

    :5885