Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 4466 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reinstall Sophos after failed installation automaticaly

4ndr3

Hello

I want to ask, if someone knows if it is possible to configure SEC, that it trys to install the endpoint security again and again(for example every 30 minutes), if the first automatic installation failed until Sophos is installed on the PC

Problem is, we install our PCs with SCCM and after the Installation finisched and the PC is added to our AD, there is many other Software, that will be installed by SCCM. Sophos syncs every 60 minutes with the AD and trys to install Endpoint Security on new PCs. In this time mostly other Software installations are in progress and the Sophos installation failes.

I know, that it is possible to install the Sophos Client via SCCM, but we want to outsource our SCCM Server and after that, the SCCM Server wouldn't have access to the Sophos Server.

:35843


This thread was automatically locked due to age.
Parents
  • 0

    Hello HABCO,

    just to make sure, my posts are my personal opinion only, and it's not my (or our) protection - I'm not Sophos.:smileyhappy:

    AD sync with automatic protection is - as I understand it - one way to protect computers. Admittedly there's no detailed description of the process and the lack of retries.

    Unfortunately it's not easy (if at all possible) to reliably detect "early failures". The connection could fail because the computer is off or it's not yet configured correctly (firewall). Even if the connection and task creation apparently succeeded a reboot might interrupt the install or, as said in the first post, the install might not run because of a collision. At this point there is no way for the client to report back its status. You could argue that at least a "can't connect" should trigger a retry. But then - how long should the console wait until it flags the install as failed? 

    Thus you should see it as a convenience (in case you don't use other mechanisms or the features provided by AD) rather than a tool to ensure compliance. Last but not least it's a general question of deployment and roll-out.

    Christian

    :36695
Reply
  • 0

    Hello HABCO,

    just to make sure, my posts are my personal opinion only, and it's not my (or our) protection - I'm not Sophos.:smileyhappy:

    AD sync with automatic protection is - as I understand it - one way to protect computers. Admittedly there's no detailed description of the process and the lack of retries.

    Unfortunately it's not easy (if at all possible) to reliably detect "early failures". The connection could fail because the computer is off or it's not yet configured correctly (firewall). Even if the connection and task creation apparently succeeded a reboot might interrupt the install or, as said in the first post, the install might not run because of a collision. At this point there is no way for the client to report back its status. You could argue that at least a "can't connect" should trigger a retry. But then - how long should the console wait until it flags the install as failed? 

    Thus you should see it as a convenience (in case you don't use other mechanisms or the features provided by AD) rather than a tool to ensure compliance. Last but not least it's a general question of deployment and roll-out.

    Christian

    :36695
Children
No Data