Stefan H
My feedback
-
254 votesStarted · 71 comments · Sophos Central » Endpoint Protection · Flag idea as inappropriate… · Admin →
Stefan H commented
Jon, it is really frustrating that the first comment of sophos for the idea "offline installer" is - "it's not a offline installer".
It's the same if the moderator of a dancing show says "we listen to music, but we dont't dance here".
Your clarify absolutely dont sounds like what - we customers and partners - meant with the title of this idea.
An installation package with additional parameter for the existing installer for a cache location is really not what a offline installer does and on other side it's already possible to install from cache location (see the link two posts before).
An offline installer provides a graphical gui where computers can be selected or imported (via Windows Network Discovery, Active Directory Import, IP-Range, csv file) and so on. Then the "install button" is pressed and the machines are deployed. If a machine was not reachable while first attempt the installer try again for x times after elapsed time of x in between. - thats an offline installer. Tell this to your developers.
Btw, it's absolutly okay to receive actual policies via internet, but after! first time installation. At! first time installation they should be that from the time the installation was created (meaning of offline). If not sure, make an selection for this question in the gui.
A 4 minute search shows who already can do clean remote installs:
Bitdefender
Trend Micro
Kaspersky
Malwarebytes
Avast Business
Webroot
McAfee
F-Secure
...
Indeed it was hard to find someone who cant do it - except sophos.
I really can't understand why the compared high priced sophos can't do...
And of course, the list above are our daily competitors.You make the selling hard for us...
Stefan H commented
Meanwhile almost one a half years are passed and still no "real" offline installer. We are not interested in caches and workarrounds, just provide a real usable remote installation utility like all the others have.
How long should we wait.... additional 2 years?...
And of course - this is a mess... "offline install" while we have to copy all files manually - Really? - Come on make a program that does this and starts setup.exe afterwards. How hard this can be for development experts?...
:https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/100929/sophos-cloud-full-installerIf you are not able to do so, contact us, give us 8tsd euro and wi will do it for you within a month ^^
Stefan H supported this idea ·
Stefan H commented
..and... the install should try the setup more times not only one time. As for example if the devices are not powered on at planned setup time. So it should for eg. try again for x times or for x hours/days or every x hours
Stefan H commented
In addition to this deployment software, i would suggest to integrate optional parameters (like the old depyloyment packager had) may just to fill in, to determine the target groups the new device and/or user should be placed into
Stefan H commented
i strongly agree! So much needed.
Related article: https://ideas.sophos.com/forums/428821-sophos-central/suggestions/33537334-full-installer-package-request
Stefan H commented
Stefan H commented
To get this Request better found via search, i post this keywords in comments:
Deployment Packager, Deployment Tool, Remote Installation, Remote Deployment, Remote Installer, Endpoint Deployment, Server DeploymentStefan H commented
I can agree with that. A remote installer is needed. It should be capable of installing Endpoint/Server/Intercept Protection within targeting single ip, ip-ranges and of course Active Directory paths. For better usability it should be possible that the software when AD-Computers are targetet and the agent is not installed, that it tries multiple configurable times. For eg. if not installed try to install and if error try again every 2 hours.
-
13 votes
Stefan H commented
Can support this feature. Outgoing TLS to specific domains is a needed feature. Also already built in at competitor products. Alltrough, incoming domain sepecifica are already there, so just change a few lines in the exim.conf file to support this, nothing great developement needed.
-
31 votes
Stefan H supported this idea ·
Stefan H commented
Can support this. A vote for german language from our side.
-
4 votes
Stefan H supported this idea ·
Stefan H commented
Can support this. Please add special characters.
-
3 votes
Stefan H commented
That is same request as already here... you should vote there...:
https://ideas.sophos.com/forums/17359-sg-utm/suggestions/2973444-mail-security-send-direction-require-tls-domain -
5 votes
Stefan H supported this idea ·
-
131 votes
Stefan H commented
Unintelligible for me that it is'nt already implemented since years. Without this it is impossible blocking or allowing special ports to special destinations. Its impossible to handle hundrets of single entries that change every second day. No way, this wildcard (which is already a feature on other vendors since years) is truly needed.
Stefan H supported this idea ·
-
34 votes
This feature was implemented in XG Firewall
Stefan H supported this idea ·
-
1 vote
Stefan H shared this idea ·
-
5 votes
Stefan H shared this idea ·
-
2 votes
Stefan H supported this idea ·
-
2 votes
Stefan H shared this idea ·
Luis,
you have to use tools like Paramundi for "Real" Sophos Remote Deployment. It work's very nice with it.
Instead you can only use scripts or something like that.
You can use parameters and the "cache" function to deploy without 1300 single Downloads of 300MB for setup. Cache discussion:
https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/100929/sophos-cloud-full-installer
But you have to remember, when installing 1.300 clients, if already old Sophos is there, you may have to roll-out registry tweaks too because of tamper protection.
In addition, from 1.300 clients i'm sure at least 25% (thats over 300 clients!) needs manual hand on because some service is not there, rights problem and whatever...
So i would suggest to rollout in stages. 50 Clients, then next 50 and on to see if it works before you start rolling out to more amount of clients at same time. And never forget to make your exclusions and all kind of that.