Protect computers automatically

Before you protect computers from the console:

  • You must apply an updating policy to the group before you can protect computers in that group.
  • Make sure you have prepared computers for automatic installation of the security software.
  • If you use role-based administration, you must have the Computer search, protection and groups right to protect computers.

Automatic installation is not possible on Mac, Linux and UNIX computers. Use manual installation instead. For the instructions, see the Sophos Enterprise Console advanced startup guide.

If you chose to synchronize with Active Directory and protect the computers automatically, you do not need to follow the steps below.

To protect computers automatically:

  1. Depending on whether or not the computers you want to protect are already in a group, do one of the following:
    • If the computers you want to protect are in the Unassigned group, drag the computers onto a group.
    • If the computers you want to protect are already in a group, select the computers, right-click and click Protect Computers.
    The Protect Computers Wizard is launched. Follow the instructions in the wizard.
  2. On the Select features page, select the features you want.
    Note For a list of system requirements for the features, see the system requirements page on the Sophos website.

    Some features, including anti-virus protection, are always selected and must be installed. You can also select to install the features listed below. Some of the features are available only if your license includes them.



    Before installing the firewall on computers, make sure you have configured the firewall to allow the traffic, applications, and processes you want to use. By default, the firewall is enabled and blocks all non-essential traffic.



    Exploit Prevention, Sophos Clean

    This protects against ransomware and exploits. It is selected by default if your license includes this feature.

    If you upgrade your license to include Exploit Prevention (with Sophos Clean), it is not automatically installed on computers you already manage. You need to reprotect the computers to install it.

    Third-Party Security Software Detection

    Leave Third-Party Security Software Detection selected if you want to have another vendor's software removed automatically. The Third-Party Security Software Detection uninstalls only products with the same functionality as those you install. If you need to remove another vendor's updating tool, see Remove third-party security software.

  3. On the Protection summary page, any problems with installation are shown in the Protection issues column. Troubleshoot the installation, or carry out manual installation on these computers (see the Sophos Enterprise Consoleadvanced startup guide). Click Next.
  4. On the Credentials page, enter details of an account which can be used to install software.

    The account must have the following:

    • Local administrator rights on computers you want to protect.
    • Be able to log on to the computer where you installed the management server.
    • Read access to the Primary server location specified in the Updating policy.
    Note If you are using a domain account, you must enter the username in the form domain\user. If the computers are on different domains covered by the same Active Directory schema, use the Sophos Enterprise Console account in Active Directory instead.
    Note We recommend you use a specific account created for this purpose that has no other privileges.