An error occurred while saving the commentDennis Lee commented
We've run into this issue as well, but it has hit us more when deploying new machines from a template. We use VMware customization specifications extensively for VDI as well as new servers and we are basically unable to leave Sophos on our templates.
When we go to deploy a new server/VDI, we can prepare the template using Sophos best practices but once they start deploying, the MCS client service starts up immediately, generates a new Machine code, hooks into Sophos Central and enables Tamper Protection. At that point, the customization kicks in and begins a sysprep, which breaks the VM completely due to Tamper Protection's incompatibility with sysprep.
Unfortunately, due to the random aspect of when new VDI servers are generated, we cannot leave Tamper Protection off when they are deploying.
At this point sophos central is basically unusable for VDI as we have around 300 systems spinning up and down at any given moment.Dennis Lee supported this idea ·