Skip to content

Update Management Policy

By default, we update Sophos products on your computers automatically.

The Update Management policy lets you control the day and time when updates become available on your network. This ensures that your computers don't start updating until a time that suits you.

The policy also lets you suspend updating for an extended period. You can do this by selecting our custom "software packages".

Whichever option you choose, you always get automatic updates to protect against new threats. Your policy only controls updating of product features.

Note

You can only set this policy as a "Device" policy. You can't set it for users.

To set up a policy, do as follows:

  1. Go to My Products > Endpoint > Policies
  2. Create an Update Management policy. See Create or Edit a Policy.
  3. Open the policy's Settings tab and configure the policy as described below. Make sure the policy is turned on.

Scheduled Updates

Enable Scheduled Updates and select the day and time when you want product updates to become available.

The time is local to each computer. For example, if you select 9 PM, each computer will get the update at 9 PM local time for the computer. This means that computers in different time zones will not get the update at the same time.

Remember that if computers aren’t on, they won't get the update until the next time they start.

We sometimes update computers immediately even if you've set up scheduled updates. We may do this as follows:

  • If you change your license or your license changes.

    For example, if you apply an Intercept X with XDR license to an account that had only Intercept X Advanced, we install XDR features on computers.

  • If you change the software assigned to a computer.

    For example, if you assign a Device Encryption license to a computer running Intercept X Advanced, we install the new software immediately.

Software packages

Restriction

If you're compliant with the Federal Risk and Authorization Management Program (FedRAMP), you'll only see our Fixed term support and Long term support packages.

Software packages let you remain on the same version of our products for a set time.

If you apply a software package, you don't get automatic updates. When the package expires, you must select another.

Note

You still get security updates to protect against the latest threats. Your policy only controls updating of product features.

Package types

We offer the following package types:

  • Recommended: This package is automatically updated to give you our latest protection. It never expires.
  • Fixed term support: This package gives you the protection available on the release date, plus updates against new threats. It expires 120 days after the release date (or at least 30 days after the next release to allow for testing).
  • Long term support: This package gives you the protection available on the release date, plus updates against new threats. It expires 18 months after the release date.

    Note

    Only use this package type on computers you can't update regularly.

  • Special: Special packages fix specific issues. You can only get them from Sophos support.

  • EAP: Sophos Early Access Program. Devices in an EAP ignore any other software package you've assigned to them until the EAP ends.

Select a package

You select software packages in the Windows drop-down menu. For package information, click Details of packages.

You don't need to turn on scheduled updates to use this option.

Package selector.

To view and manage your packages, go to My Products > General Settings > Administration > Software packages.