Protect computers automatically

Before you protect computers from the console:

Automatic installation is not possible on Mac, Linux and UNIX computers. Use manual installation instead. For the instructions, see the Sophos Enterprise Console advanced startup guide.

If you chose to synchronize with Active Directory and protect the computers automatically, you do not need to follow the steps below. For details, see Synchronizing with Active Directory and other related topics.

To protect computers automatically:

  1. Depending on whether or not the computers you want to protect are already in a group, do one of the following:
    • If the computers you want to protect are in the Unassigned group, drag the computers onto a group.
    • If the computers you want to protect are already in a group, select the computers, right-click and click Protect Computers.
    The Protect Computers Wizard is launched. Follow the instructions in the wizard.
  2. On the Select features page, select the features you want.
    Note: For a list of system requirements for the features, see the system requirements page on the Sophos website (

    Some features, including anti-virus protection, are always selected and must be installed. You can also select to install the features listed below. Some of the features are available only if your license includes them.

    • Firewall

      Before installing the firewall on computers, make sure you have configured the firewall to allow the traffic, applications, and processes you want to use. By default, the firewall is enabled and blocks all non-essential traffic. See Firewall policy.

    • Patch
    • Exploit Prevention, Sophos Clean

      This protects against ransomware and exploits. It is selected by default if your license includes this feature.

      Note: If you upgrade your license to include Exploit Prevention (with Sophos Clean), it is not automatically installed on computers you already manage. You need to reprotect the computers to install it.
    • Third-Party Security Software Detection

      Leave Third-Party Security Software Detection selected if you want to have another vendor's software removed automatically. The Third-Party Security Software Detection uninstalls only products with the same functionality as those you install. If you need to remove another vendor's updating tool, see Remove third-party security software.

  3. On the Protection summary page, any problems with installation are shown in the Protection issues column. Troubleshoot the installation (see Sophos Endpoint Security and Control installation failed), or carry out manual installation on these computers (see the Sophos Enterprise Console advanced startup guide). Click Next.
  4. On the Credentials page, enter details of an account which can be used to install software.
    This account is typically a domain administrator account. It must:
    • Have local administrator rights on computers you want to protect.
    • Be able to log on to the computer where you installed the management server.
    • Have read access to the Primary server location specified in the Updating policy. See Configure update servers.
    Note: If you are using a domain account, you must enter the username in the form domain\user.

    If the computers are on different domains covered by the same Active Directory schema, use the Enterprise Administrator account in Active Directory instead.