- Jamf Nation Community
- Products
- Jamf Pro
- Re: Sophos
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Sophos
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-06-2011 08:32 AM
Does anyone use Sophos as their AV solution and if so how are you configuring it to install?
Thomas Guidry
Client/Server Administrator
Texas Christian University
21 REPLIES 21
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-06-2011 08:38 AM
They provided us PKGs, we are installing post image called via custom trigger in our post image script. I then have another policy that runs that tells technician "this machine is completed" so they know Sophos is done installing.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-06-2011 08:42 AM
We basically take the Installer the server generates (Sophos Anti-Virus.mpkg), dump it into the JSS unaltered, and set it to install on the boot volume at imaging time.
Craig E
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-06-2011 10:52 AM
This is how I did it too. Easy.
Regards,
Ben.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-06-2011 10:54 AM
"It just works."
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-06-2011 03:08 PM
In your environments are you updating Sophos through the internet or through a local Sophos server. If I install the sophos AV package directly (without casper) it works fine and I'm not too concerned with getting it to install via casper based on what everyone is saying. However, getting the Sophos client to point to our Sophos server for updates seems a bit more challenging.
Should this just work or do we need to do something else?
thanks,
Mike
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-06-2011 03:36 PM
If it's the pkg from the sophos server, it should work.
But the clients will need to be in the respective groups etc.. Also as a failover you can have the sophos servers set.
Regards,
Ben.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-06-2011 04:15 PM
The MPKG has the server config info it needs. We just a VM for Sophos that's available to the world for updates.
It would be nice if the server was smart enough to put systems in the right groups based on criteria like name patterns or network segments, bit no such luck. So for now manual moves to groups...
Craig E
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-06-2011 04:42 PM
I've got it working now. It is quite easy, I just missed an obvious step.
Thanks,
Mike
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-11-2011 08:48 AM
Sophos here is a standard app. Our Sophos serial and ID are pre-configured to the pkg. and it is fused into our image. Scan is set on by default. I know Sophos has a custom server you can get for more complex detailed A/V protocols, but their standalone app works great!
Jesus Ward Macintosh Desktop Support Administrator
Phone +1 212.631.3928 Fax 212-946-4010 Jesus.ward at rga.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-08-2011 07:27 AM
Finally got a meeting up to discuss Sophos in the Mac realm.
If it's not too much trouble I'd like some additional informative-ammo to present on why this would be a good idea. My plan is to use Sophos for all Mac AV stuff as well as use the whole-disk encryption part of it as well. If any of you have comments or feedback on the following information please send it my way!
Sophos Concerns:
* AV
* Whole Disk Encryption
* Encryption Key management
* AV Management
Thanks,
Noah Swanson
Imaging Specialist
Enterprise Desktop Services
Phone: 309-765-3153
SwansonNoah at johndeere.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-08-2011 07:35 AM
We went through the Endpoint and Encryption pieces with Sophos a couple of weeks ago. We're starting to deploy the Endpoint now via Casper. The Encryption piece works well, but they don't have central recovery key management yet (supposedly slated for release end of this year).
Sent from my Verizon Wireless Phone
-----Original message-----
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-08-2011 07:45 AM
Ouch...key management is pretty huge for us...How do they manage that currently? Or is it like FileVault2 where you "write it down" or "send it to apple"?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-08-2011 08:29 AM
Sophos recommends each user create machine specific/machine agnostic recovery media which is then imaged down to an external usb etc to allow for decryption in the event that there's a local issue.
So basically, you're left with having to use a generic admin account on every one of your machines, as each machine is only aware of it's own admin and standard users.
In the event that their power on authentication (think firmware level login screen) goes awol- you can boot, and use the recovery credentials to authenticate to the POA, or in the event that the POA itself is corrupted, you can repair using the backup of POA/Credentials on the external media for access to the file system – or perform an emergency decryption of all data, in the event that you can't actually boot into a working file system.
There's little in the way of using external 'trusted' credentials to auth to a device previously unknown to that user, and little in the way of automated centralized backup of keys to a network based storage. These features are reportedly ready, but pending a transition to a newer version of the Windows administrative console.
Regards,
Matt Bentley
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-08-2011 10:56 AM
You could script the export of the encryption key to an external drive.
I looked at this just as I left my last employer so didn't test. But it is doable.
Regards,
Ben.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-10-2011 08:03 AM
With PGP Encryption, pretty much every Mac OS X update has broken it (10.6.5, 10.6.6, etc...).
Does Sophos encryption have this issue?
Thanks,
noah
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-10-2011 09:46 AM
Sophos AV is a pain for large mac environments.
We have to have 4 message relay servers for Sophos, and in order to load balance, a separate installer for each relay has to be created and installed… this can't be changed after installation or scripted according to Sophos engineers I spoke with. Also, Sophos command line utilities are rather poor on OSX. The manual load balance is a real annoyance. Management also has to be done from a Windows only console.
--
David Kucmierz
Mesquite ISD Technical Services
972.882.5506
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-10-2011 09:56 AM
How about setting up folder exclusions? With McAfee its hell, and a shot in the dark whether they'll (A) apply and (B) work.
Thanks,
Noah
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-10-2011 10:01 AM
Setting them is pretty simple, I have no idea how well it actually works
since we don't have any set. From my experience in dealing with Sophos, I
wouldn't bet on anything working well.
--
David Kucmierz
Mesquite ISD Technical Services
972.882.5506
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-10-2011 10:02 AM
Define large...we have 500 and it's fine for that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-10-2011 10:35 AM
We just set up Sophos with 7500 clients Macs and split it among 2 relay servers. I agree separate installers is annoying.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-10-2011 01:14 PM
15000
--
David Kucmierz
Mesquite ISD Technical Services
972.882.5506
