Anti-Virus Upgrades (Autumn 2022)

From MRC Centre for Outbreak Analysis and Modelling
Jump to navigation Jump to search

Introduction

ICT have changed AV supplier to Microsoft Defender 365, in common with many universities. Sophos must be removed from all Imperial PCs and Macs by the end of October 2022.

The Procedure (overview)

  1. Uninstall Sophos from your PC.
  2. Reboot PC (essential).
  3. Install Defender 365 (via a single step, with no reboot needed).

Note that the very few users running SentinelOne instead of Sophos are not affected by this change yet.

The Procedure (Windows specifics)

Firstly, uninstall Sophos. You know that you have Sophos installed if you can see "Sophos" entries in your Windows Start Menu, or if you have a blue "S" shield in your taskbar icons.

There are two ways in which you can do this, so the choice is yours:

  • New way (using Windows Settings app)
  1. From your start menu click on the Settings cog.
  2. Open Apps -> Apps & Features.
  3. Scroll down the list until you see Sophos Endpoint Agent. Click on "hamburger" menu on the right and select Uninstall.
  4. Reboot when prompted. This step is essential before you move on to install Defender.
  • Old way (using Control Panel)
  1. From your start menu open Control Panel.
  2. Open Programs and Features.
  3. Scroll down the list until you see Sophos Endpoint Agent. Click on it and press the Uninstall button at the top.
  4. Reboot when prompted. This step is essential before you move on to install Defender.

Once you're back into Windows after the reboot, you need to download my Defender installer file to your PC's local C: drive (not a network drive).

I've left this on the T: drive in the T:\IT\Antivirus\Defender365 folder if you're accessing from a PC on site. Copy it to the PC we're installing to (to the Desktop or your Downloads folder is fine). Alternatively, if you're off-site you may download it from Sharepoint here.

Once downloaded, right click on it and select Run as administrator.

Right click.png


You may get Windows Defender (not Defender 365) blocking this installation, as you're trying to run a script you downloaded from the Internet, as admin. Normally a bad idea!

Defender365 smartscreen.png

In this case press "More Info" and allow the installation.


It will make some checks and then prompt you to press Y to install. Do so.

If all goes well you'll see the below message.

Defender365Success.png

You may now check the status of your installation if required by visiting https://security.microsoft.com and logging in with your Imperial Office365 account. Note that there will likely be no entries until after you've had a security alert.

FAQ

  1. I'm running a Mac.
    • Please email Chris for details. ICT haven't released details yet.
  2. I'm running Linux.
    • Continue as you were as you're unlikely to be running Sophos.
  3. I'm running SentinelOne, not Sophos.
    • Continue as you are for now if you like. ICT will be removing SentinelOne in 2023 but you are free to do so now.
  4. I'm too busy to do this.
    • Email Chris.
  5. When should I do this?
    • ASAP, don't leave it until the end of the month in case you have problems and are then left with no protection.
  6. Should I do this on every computer I have?
    • You should do this on every computer which you have which is running Sophos provided by Imperial College London.
Retrieved from "http://mrcdata.dide.ic.ac.uk/wiki/index.php?title=Anti-Virus_Upgrades_(Autumn_2022)&oldid=14219"