"Packaged" Endpoint Installer
Desperately need you to bring back the full offline installer. Deploying the install amongst multiple endpoints is not feasible with our bandwidth.
The installer now supports an option to use a local installation source.
The KB has more details: https://community.sophos.com/kb/en-us/127045#Central%20Endpoint%20installer
The switch is:
As an indicator of the effect, during testing, we saw reductions from ~320MB of network traffic for an installation going down to ~2.2MB, though of course this will vary depending on components installed and different versions of the software.
I appreciate some people in the merged topics wanted a truly offline installer (no Internet connection available at all), or a “push install” utility, but we are not planning those currently.
Hopefully the reduced download size achieves the goal many people have of wanting to not affect a slow/heavily loaded Internet connection.
Please open/vote for requests on unaddressed topics, I will mark this one as “completed” based on the local install source feature being released.
This is not what we asked for. Nor am I able to find the supplied answer via Sophos Central as an Admin. Not closed. Try again.
Christopher Schasse commented
Is this available for macOS? Or just Windows?
I am not Chris oder Craig, but a full offline installer give us the posibility to protect the client with a minimum of security (Hitman with Anti Exploit, Cryptoguard etc.). It´s not absoluteley necessary to see all events in central. We need a possibility to protect clients with a standalone solution. And the standalone solution needs a full offline installer.
Mario Winter commented
@Chris Lloydt: How would you protect an airgapped network with a cloud solution like Sophos Central without having access to the cloud? An offline installer wouldn´t solve your problem, would it?
@Craig +1, this feature request is not solved.
Craig Lloyd commented
How are we supposed to protect air-gapped computers if we have to put them on the internet to deploy them?
We need a fully offline packaged installer
It seems like this is only available to partners, is this going to be available directly to customers?
Luis Fallas commented
To solve this situation I use this solution:
Aditionally configure a program for automate the deployment of files with Microsoft SCCM and once copied to each computer, run another program with this instruction: SophosSetup.exe --products = antivirus, intercept --quiet. It worked very well for me.
Thanks for the help.
Marc Manzanares commented
Add me to this list. Not all of our offices are located in a place with high bandwidth. One of our offices only has a 2Mb download.
you have to use tools like Paramundi for "Real" Sophos Remote Deployment. It work's very nice with it.
Instead you can only use scripts or something like that.
You can use parameters and the "cache" function to deploy without 1300 single Downloads of 300MB for setup. Cache discussion:
But you have to remember, when installing 1.300 clients, if already old Sophos is there, you may have to roll-out registry tweaks too because of tamper protection.
In addition, from 1.300 clients i'm sure at least 25% (thats over 300 clients!) needs manual hand on because some service is not there, rights problem and whatever...
So i would suggest to rollout in stages. 50 Clients, then next 50 and on to see if it works before you start rolling out to more amount of clients at same time. And never forget to make your exclusions and all kind of that.
Luis Fallas commented
Does anyone have any way to get the installer agent offline?
I need to deploy 1300 computers, which is the best way?
Telling us that the offline installer still needs a small bit of internet is probably the dumbest comment I have seen so far from a Sophos Admin.
The fact that you see many of us asking for an offline installer, then blowing us off by telling us that we really do not know what we are asking about and that you are much smarter than we are. That is pretty arrogant.
We need an offline installer and we understand why we need it. Just because you do not, does not give you the right to basically refer to the rest of us as incompetent.
Maybe you should walk in our shoes sometimes.
Jon, it is really frustrating that the first comment of sophos for the idea "offline installer" is - "it's not a offline installer".
It's the same if the moderator of a dancing show says "we listen to music, but we dont't dance here".
Your clarify absolutely dont sounds like what - we customers and partners - meant with the title of this idea.
An installation package with additional parameter for the existing installer for a cache location is really not what a offline installer does and on other side it's already possible to install from cache location (see the link two posts before).
An offline installer provides a graphical gui where computers can be selected or imported (via Windows Network Discovery, Active Directory Import, IP-Range, csv file) and so on. Then the "install button" is pressed and the machines are deployed. If a machine was not reachable while first attempt the installer try again for x times after elapsed time of x in between. - thats an offline installer. Tell this to your developers.
Btw, it's absolutly okay to receive actual policies via internet, but after! first time installation. At! first time installation they should be that from the time the installation was created (meaning of offline). If not sure, make an selection for this question in the gui.
A 4 minute search shows who already can do clean remote installs:
Indeed it was hard to find someone who cant do it - except sophos.
I really can't understand why the compared high priced sophos can't do...
And of course, the list above are our daily competitors.
You make the selling hard for us...
I just revised the title to clarify it won't be an "offline" installer- a small amount Internet access/data will still be required. It will mean that the vast majority of data for an install comes from a local source (e.g. USB stick, network share). The Internet connection will be required for the endpoint to register with Central and get policies etc.
We have a team working on this now and the initial estimate is that it will be available in October, though we will of course release earlier if it is ready sooner.
The implementation will be:
1. The installer will have an additional new command line option to point it at a specific "cache" location (local or network path).
2. The installer will retrieve a list from the Internet of the current files it needs. It will first try the local cache for the files it needs.
3. If any files are not present in the local cache it will still transfer them from the Internet. This is to avoid installs breaking if even a minor update has been released since the cache was populated (for most customers, this means within a few hours). In the extreme, it does mean an install would succeed even if the entire cache was obsolete. It also accommodates installing different versions/software components across different Windows versions, where there may not be a 100% overlap in the file set required by previous installs.
4. If the installer has to download files as they weren't in the cache, it will try to put them in the cache so that it is up to date for subsequent installs. If it can't (e.g. read only cache location) then it will just continue installing.
5. The installer will not remove files in the cache; it does not have a way to determine what is not useful to other installs (different OSes, components installed, controlled updates etc).
6. Creating the cache will involve running the installer with the same cache switch on a machine with suitably quick/available Internet (or update cache) access. It will not find any of the files and so download them all and put them in the cache folder- effectively point 4 for all files.
We will also try to find a way to get files to create the cache from an already installed endpoint (i.e. without installing), but have not yet verified if this is possible. We will clarify when the capability is released.
I second this. In our case these are remote branch locations with poor connectivity. The full fledged "First time" installer will go a long way.
Meanwhile almost one a half years are passed and still no "real" offline installer. We are not interested in caches and workarrounds, just provide a real usable remote installation utility like all the others have.
How long should we wait.... additional 2 years?...
And of course - this is a mess... "offline install" while we have to copy all files manually - Really? - Come on make a program that does this and starts setup.exe afterwards. How hard this can be for development experts?...
If you are not able to do so, contact us, give us 8tsd euro and wi will do it for you within a month ^^
Fred Nerk commented
please pull your finger out and fix this!
I cant believe this is still not available.
We, your PAYING CUSTOMERS need a proper offline installer for Sophos Cloud.
the currently available "Full Installer" is not a full installer, so why call it that?
Need offline installer for Sophos central as slow internet connectivity is a problem for these type of installations.
One more for the full installer (both Windows and Mac), desperately need it for deployment in a school.
Is there any timeline for this?
We also look forward to a Offline Endpoint Installer.
-What' s the latest news.. ?
Please est. a date or let us now if n/a so we dont just wait in vain..