Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)1223 359900
E: sales@precedence.co.uk
Linton-SophosAgent

Wiki Home

Tools

Jump to CustomersLinton > Linton > SophosAgent

Sophos Agent

Installation

Add computers into scope of the GPO "Install Sophos Endpoint" in order to trigger installation on the next Group Policy application cycle. An installation script is launched via a Scheduled Task: if no Sophos products are current installed and the installation date of the system was before 2022-01-13 then the Sophos installer is started.

2022-01-13 was the date when the Sophos installation was added to the MDT Task Sequences and so anything built after this date will already have run the installer. Note that system installation dates may move forwards when Windows "features packs" are installed but since the LTSC branch of Windows 10 is in use at the moment this problem shouldn't occur.

Installation script

  • Currently located in \\resources\apps$ alongside the file SophosSetup.exe and the directory SophosLocalInstallSource
  • Copies the 'warehouse' content taken from an existing installation (%ProgramData%\Sophos\AutoUpdate\data\Warehouse) into a temporary directory to reduce the dependence on an active Internet connection - note that the option to use this content specifies the parent directory in which SophosLocalInstallSource can be found
  • Copies SophosSetup.exe into a temporary directory and begins the installation process
  • ...unless a Sophos product is currently installed
  • ...unless the system installation date is after 2022-01-13 00:00
@echo off
setlocal

set INSTALLER=SophosSetup.exe
set INSTALLER_CACHE=SophosLocalInstallSource

set ARGS=%ARGS% --customertoken="42745436-52d6-4521-a6d8-13e4835c2cbe"
set ARGS=%ARGS% --epinstallerserver="dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com"
set ARGS=%ARGS% --products="all"
set ARGS=%ARGS% --localinstallsource="%TEMP%"
set ARGS=%ARGS% --quiet

set TIMESTAMP=%DATE%_%TIME%
set TIMESTAMP=%TIMESTAMP:~,-3%
set TIMESTAMP=%TIMESTAMP:/=-%
set TIMESTAMP=%TIMESTAMP::=-%

REM Check for existing installations of Sophos products
>nul reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall /s /f Sophos && goto :skip-already-installed

REM Check to see this system was built before Sophos was included by default
set SYSTEM_INSTALL_DATE=0
set BUILD_INCLUDES_SOPHOS_DATE=1642032000
for /f "tokens=3" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate') do (
        set /a SYSTEM_INSTALL_DATE=%%a
)
if %SYSTEM_INSTALL_DATE% gtr %BUILD_INCLUDES_SOPHOS_DATE% goto :skip-new-builds

echo Getting cached installer files...
mkdir "%TEMP%\%INSTALLER_CACHE%"
robocopy "%~dp0%INSTALLER_CACHE%" "%TEMP%\%INSTALLER_CACHE%" /E /XJ /W:3 /R:3 /NP /UNILOG:"%TEMP%\sophos-robocopy-%TIMESTAMP%.txt"
if %ERRORLEVEL% gtr 7 goto :robocopy-fail

echo Installing...
copy /y "%~dp0%INSTALLER%" "%TEMP%\%INSTALLER%" && "%TEMP%\%INSTALLER%" %ARGS%
goto :end

:skip-already-installed
echo Sophos products are already install
goto :end

:skip-new-builds
echo System build date indicates that Sophos products should have been pre-installed
goto :end

:robocopy-fail
echo Robocopy failed to transfer installer cache
goto :end

:end
endlocal
[$[Get Code]]

Manual removal

  1. Login to management portal at https://central.sophos.com/manage/login
  2. Disable "Tamper Protection" for a given computer
  3. Uninstall "Sophos Endpoint Agent" from the Control Panel

Note that:

  • uninstallation will fail if an update is in progress
  • a reboot is required once uninstallation is complete
  • the computer record will still persist and "Tamper Protection" will be remembered as being disabled
  • re-installing the Sophos Agent will re-connect with the previous computer record
© Copyright Precedence Technologies 1999-2025
Page last modified on February 04, 2022, at 02:39 PM by mwillcock