On-Premise Endpoint

Sophos Endpoint Software Sophos Detection of Rogue Machines

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 1 subscriber
Views 2743 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Detection of Rogue Machines

thyrymn over 14 years ago

Does Sophos have a way to notify and report on machines that it discovers that are not part of Sophos?

For example, McAfee has the rogue system dectection feature, but I can't find a way to do it with Sophos.

This thread was automatically locked due to age.

Parents

0 jak over 14 years ago

Hi,

Is the aim to identify machines that are part of the network you have missed deploying AV to? In which case, if you have AD, a start-up script could be used to check the presence of Sophos and deploy if not detected by calling setup.exe from the CID with the necessary switches. Are the machines more rouge that this?

Is it to keep machines without up to date AV on them out of the network or at least until they are remediated? E.g. Visiting laptops just hooking up to the wireless? This would be something NAC could do as Christian mentions.

As a simple "agent-less" approach, it wouldn't be hard, given an IP range and administrative rights on the clients to create a script that could be scheduled to scan for a SAV marker on all machines and record the results in a file. A list of IPs as a report might not be that useful given that IPs could be recycled so, the master browse list could be an option if suitably populated or use DNS to resolve the IPs back to names. It depends how rouge the machines are and how the network is setup I guess.

Regards,

Jak
:15067
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 14 years ago

Hi,

Is the aim to identify machines that are part of the network you have missed deploying AV to? In which case, if you have AD, a start-up script could be used to check the presence of Sophos and deploy if not detected by calling setup.exe from the CID with the necessary switches. Are the machines more rouge that this?

Is it to keep machines without up to date AV on them out of the network or at least until they are remediated? E.g. Visiting laptops just hooking up to the wireless? This would be something NAC could do as Christian mentions.

As a simple "agent-less" approach, it wouldn't be hard, given an IP range and administrative rights on the clients to create a script that could be scheduled to scan for a SAV marker on all machines and record the results in a file. A list of IPs as a report might not be that useful given that IPs could be recycled so, the master browse list could be an option if suitably populated or use DNS to resolve the IPs back to names. It depends how rouge the machines are and how the network is setup I guess.

Regards,

Jak
:15067
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data