Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 36 replies
  • Subscribers 1 subscriber
  • Views 105116 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac OS - pre-configuring Autoupdate

QC

We have quite a number of Macs (not surprising at a university) but no official Mac support. Nevertheless we offer Sophos for Macs (in a downloadable .zip archive).  

When Sophos is installed on a Mac on our network it connects to the management server from where it gets the update policy (the CIDs contain the correct mrinit.conf for RMS to work). Of course this does not work if the Mac is used at home. For windows PCs putting sauconf.xml placed in the appropriate directory does the trick. There are some articles in the knowledgebase but usually a Mac is required with which you can configure the CID (if I understand correctly). I believe no magic is actually involved and the configuration is stored somewhere in a .plist file (XML format). I suspect that the catalogues are involved and configcid.exe does not support a CID for OSX.

Or is there a "simple" way to pre-configure autoupdate (even if it's unsupported)? sau.plist looks suspicous  :smileywink:

Christian

:518


This thread was automatically locked due to age.
Parents
  • 0
    kimpton wrote:
    Remote users is a big problem, but it's not the only problem.
     
    Even with a set mrinit and a sec on the dmz, remote clients can take up to 30 or 40 minted to get the updating details policies applied. That's 30 or 40 minutes without protection!

    This isn't strictly true. The endpoint enables its protection as soon as its installed, but of course its only as up-to-date as your cached installer is. Using stale installers is definitely an issue.

    We are pushing a lot of changes for the way that the CID works in version 9.2.2 and aiming to get that into the Preview line for on-premise customers next week. Some of the changes that will interest you:

    1. SEC/SUM will now know about the extra configuration files in the CID used by 9.2+ and not delete them
    2. the on-premise managed installer supports pre-configuration of AutoUpdate (just like the standalone installer)
    3. both installers allow pre-configuration of the on-access scanner settings
    4. updates to both installers for compatibility with Yosemite's Gatekeeper

    Not sure its going to achieve your dream yet, but we are getting closer.

    Also worth pointing out that my team is not in Abingdon, we are located in Vancouver, BC, Canada. You are welcome to visit anytime you are in the city! That same offer applies to anyone else on this list, and we've definitely had one or two people take us up on the offer over the last couple of years.

    :53813
Reply
  • 0
    kimpton wrote:
    Remote users is a big problem, but it's not the only problem.
     
    Even with a set mrinit and a sec on the dmz, remote clients can take up to 30 or 40 minted to get the updating details policies applied. That's 30 or 40 minutes without protection!

    This isn't strictly true. The endpoint enables its protection as soon as its installed, but of course its only as up-to-date as your cached installer is. Using stale installers is definitely an issue.

    We are pushing a lot of changes for the way that the CID works in version 9.2.2 and aiming to get that into the Preview line for on-premise customers next week. Some of the changes that will interest you:

    1. SEC/SUM will now know about the extra configuration files in the CID used by 9.2+ and not delete them
    2. the on-premise managed installer supports pre-configuration of AutoUpdate (just like the standalone installer)
    3. both installers allow pre-configuration of the on-access scanner settings
    4. updates to both installers for compatibility with Yosemite's Gatekeeper

    Not sure its going to achieve your dream yet, but we are getting closer.

    Also worth pointing out that my team is not in Abingdon, we are located in Vancouver, BC, Canada. You are welcome to visit anytime you are in the city! That same offer applies to anyone else on this list, and we've definitely had one or two people take us up on the offer over the last couple of years.

    :53813
Children
No Data