Anti-Virus Upgrades (Autumn 2022): Difference between revisions

From MRC Centre for Outbreak Analysis and Modelling
Jump to navigation Jump to search
mNo edit summary
mNo edit summary
 
(32 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Introduction =
= Introduction =
ICT have changed AV supplier to Defender 365, in common with many universities.
ICT have changed AV supplier to Microsoft Defender 365, in common with many universities. Sophos must be removed from all Imperial PCs and Macs by the end of October 2022.


= The Procedure (overview) =
= The Procedure (overview) =
# Uninstall Sophos from your PC (via Settings -> Apps or Control Panel -> Programs and Features).
# Uninstall Sophos from your PC.
# Reboot PC.
# Reboot PC (essential).
# Install Defender 365 (no reboot needed).
# Install Defender 365 (via a single step, with no reboot needed).


= The Procedure (specifics) =
Note that the very few users running SentinelOne instead of Sophos are not affected by this change yet.
First of all you need to download my Defender installer file to your PC. I've left this on the T: drive in the IT folder. Don't run it yet, just copy it to the PC we're installing to.


Now uninstall Sophos. There are two ways in which you can do this, so the choice is yours:
= The Procedure (Windows specifics) =
Firstly, uninstall Sophos. You know that you have Sophos installed if you can see "Sophos" entries in your Windows Start Menu, or if you have a blue "S" shield in your taskbar icons.
 
There are two ways in which you can do this, so the choice is yours:
 
* New way (using Windows Settings app)
# From your start menu click on the Settings cog.
# Open Apps -> Apps & Features.
# Scroll down the list until you see Sophos Endpoint Agent. Click on "hamburger" menu on the right and select Uninstall.
# '''Reboot when prompted'''. This step is essential before you move on to install Defender.


* Old way (using Control Panel)
* Old way (using Control Panel)
# From your start menu open Control Panel.
# From your start menu open Control Panel.
# Open Programs and Features.
# Open Programs and Features.
# Scroll down the list until you see Sophos. Click on it and press the Uninstall button at the top.
# Scroll down the list until you see Sophos Endpoint Agent. Click on it and press the Uninstall button at the top.
# Reboot when prompted. This step is essential before you move on to install Defender.
# '''Reboot when prompted'''. This step is essential before you move on to install Defender.


* New way (using Windows Settings app)
Once you're back into Windows after the reboot, you need to download my Defender installer file to your PC's local C: drive (not a network drive).
# From your start menu click on the Settings cog.
 
# Open Apps -> Apps & Features.
I've left this on the '''T:''' drive in the '''T:\IT\Antivirus\Defender365''' folder if you're accessing from a PC on site. Copy it to the PC we're installing to (to the Desktop or your Downloads folder is fine). Alternatively, if you're off-site you may download it from Sharepoint [https://imperiallondon-my.sharepoint.com/:f:/g/personal/cdelafor_ic_ac_uk/ElpSErXqRcNEmbWX5FLuSIQByCnpDPEVzZqRpXHiMGFDtg?e=iLOfm6 here].
# Scroll down the list until you see Sophos. Click on "hamburger" menu on the right and select Uninstall.
 
# Reboot when prompted. This step is essential before you move on to install Defender.
Once downloaded, right click on it and select '''Run as administrator'''.
 
[[File:Right_click.png]]
 
 
You may get Windows Defender (not Defender 365) blocking this installation, as you're trying to run a script you downloaded from the Internet, as admin. Normally a bad idea!
 
[[File:Defender365_smartscreen.png]]
 
In this case press "More Info" and allow the installation.
 
 
It will make some checks and then prompt you to press Y to install. Do so.  


Once you're back into Windows after the reboot, open an '''Administrator''' Command Prompt.
If all goes well you'll see the below message.


Run the script you downloaded there. It will make some checks and then prompt you to press Y to install. Do so.  
[[File:Defender365Success.png]]


If all goes well you'll see a message saying "Successfully onboarded machine to Microsoft Defender for Endpoint".
You may now check the status of your installation if required by visiting https://security.microsoft.com and logging in with your Imperial Office365 account. Note that there will likely be no entries until after you've had a security alert.


== Mac-Specific notes ==
= FAQ=
Awaiting ICT instruction. Check back later.


== Linux-Specific notes ==
# I'm running a Mac.
Awaiting ICT instruction. Check back later.
#* Please email Chris for details. ICT haven't released details yet.
# I'm running Linux.
#* Continue as you were as you're unlikely to be running Sophos.
# I'm running SentinelOne, not Sophos.
#* Continue as you are for now if you like. ICT will be removing SentinelOne in 2023 but you are free to do so now.
# I'm too busy to do this.
#* Email Chris.
# When should I do this?
#* ASAP, don't leave it until the end of the month in case you have problems and are then left with no protection.
# Should I do this on every computer I have?
#* You should do this on every computer which you have ''which is running Sophos provided by Imperial College London''.

Latest revision as of 08:51, 13 October 2022

Introduction

ICT have changed AV supplier to Microsoft Defender 365, in common with many universities. Sophos must be removed from all Imperial PCs and Macs by the end of October 2022.

The Procedure (overview)

  1. Uninstall Sophos from your PC.
  2. Reboot PC (essential).
  3. Install Defender 365 (via a single step, with no reboot needed).

Note that the very few users running SentinelOne instead of Sophos are not affected by this change yet.

The Procedure (Windows specifics)

Firstly, uninstall Sophos. You know that you have Sophos installed if you can see "Sophos" entries in your Windows Start Menu, or if you have a blue "S" shield in your taskbar icons.

There are two ways in which you can do this, so the choice is yours:

  • New way (using Windows Settings app)
  1. From your start menu click on the Settings cog.
  2. Open Apps -> Apps & Features.
  3. Scroll down the list until you see Sophos Endpoint Agent. Click on "hamburger" menu on the right and select Uninstall.
  4. Reboot when prompted. This step is essential before you move on to install Defender.
  • Old way (using Control Panel)
  1. From your start menu open Control Panel.
  2. Open Programs and Features.
  3. Scroll down the list until you see Sophos Endpoint Agent. Click on it and press the Uninstall button at the top.
  4. Reboot when prompted. This step is essential before you move on to install Defender.

Once you're back into Windows after the reboot, you need to download my Defender installer file to your PC's local C: drive (not a network drive).

I've left this on the T: drive in the T:\IT\Antivirus\Defender365 folder if you're accessing from a PC on site. Copy it to the PC we're installing to (to the Desktop or your Downloads folder is fine). Alternatively, if you're off-site you may download it from Sharepoint here.

Once downloaded, right click on it and select Run as administrator.

Right click.png


You may get Windows Defender (not Defender 365) blocking this installation, as you're trying to run a script you downloaded from the Internet, as admin. Normally a bad idea!

Defender365 smartscreen.png

In this case press "More Info" and allow the installation.


It will make some checks and then prompt you to press Y to install. Do so.

If all goes well you'll see the below message.

Defender365Success.png

You may now check the status of your installation if required by visiting https://security.microsoft.com and logging in with your Imperial Office365 account. Note that there will likely be no entries until after you've had a security alert.

FAQ

  1. I'm running a Mac.
    • Please email Chris for details. ICT haven't released details yet.
  2. I'm running Linux.
    • Continue as you were as you're unlikely to be running Sophos.
  3. I'm running SentinelOne, not Sophos.
    • Continue as you are for now if you like. ICT will be removing SentinelOne in 2023 but you are free to do so now.
  4. I'm too busy to do this.
    • Email Chris.
  5. When should I do this?
    • ASAP, don't leave it until the end of the month in case you have problems and are then left with no protection.
  6. Should I do this on every computer I have?
    • You should do this on every computer which you have which is running Sophos provided by Imperial College London.