Anti-Virus Upgrades (Autumn 2022): Difference between revisions

From MRC Centre for Outbreak Analysis and Modelling
Jump to navigation Jump to search
mNo edit summary
mNo edit summary
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Introduction =
= Introduction =
ICT have changed AV supplier to Defender 365, in common with many universities.
ICT have changed AV supplier to Microsoft Defender 365, in common with many universities. Sophos must be removed from all Imperial PCs and Macs by the end of October 2022.


= The Procedure (overview) =
= The Procedure (overview) =
# Uninstall Sophos from your PC (via Settings -> Apps or Control Panel -> Programs and Features).
# Uninstall Sophos from your PC.
# Reboot PC.
# Reboot PC (essential).
# Install Defender 365 (no reboot needed).
# Install Defender 365 (via a single step, with no reboot needed).


= The Procedure (specifics) =
Note that the very few users running SentinelOne instead of Sophos are not affected by this change yet.
Firstly, uninstall Sophos. There are two ways in which you can do this, so the choice is yours:


* Old way (using Control Panel)
= The Procedure (Windows specifics) =
# From your start menu open Control Panel.
Firstly, uninstall Sophos. You know that you have Sophos installed if you can see "Sophos" entries in your Windows Start Menu, or if you have a blue "S" shield in your taskbar icons.
# Open Programs and Features.
 
# Scroll down the list until you see Sophos. Click on it and press the Uninstall button at the top.
There are two ways in which you can do this, so the choice is yours:
# '''Reboot when prompted'''. This step is essential before you move on to install Defender.


* New way (using Windows Settings app)
* New way (using Windows Settings app)
# From your start menu click on the Settings cog.
# From your start menu click on the Settings cog.
# Open Apps -> Apps & Features.
# Open Apps -> Apps & Features.
# Scroll down the list until you see Sophos. Click on "hamburger" menu on the right and select Uninstall.
# Scroll down the list until you see Sophos Endpoint Agent. Click on "hamburger" menu on the right and select Uninstall.
# '''Reboot when prompted'''. This step is essential before you move on to install Defender.
# '''Reboot when prompted'''. This step is essential before you move on to install Defender.


Once you're back into Windows after the reboot, you need to download my Defender installer file to your PC.
* Old way (using Control Panel)
# From your start menu open Control Panel.
# Open Programs and Features.
# Scroll down the list until you see Sophos Endpoint Agent. Click on it and press the Uninstall button at the top.
# '''Reboot when prompted'''. This step is essential before you move on to install Defender.
 
Once you're back into Windows after the reboot, you need to download my Defender installer file to your PC's local C: drive (not a network drive).


I've left this on the '''T:''' drive in the '''IT\Antivirus\Defender365''' folder if you're accessing from on site. Don't run it yet, just copy it to the PC we're installing to. Alternatively, if you're off site you may download it from Sharepoint [https://imperiallondon-my.sharepoint.com/:f:/g/personal/cdelafor_ic_ac_uk/ElpSErXqRcNEmbWX5FLuSIQByCnpDPEVzZqRpXHiMGFDtg?e=iLOfm6 here].
I've left this on the '''T:''' drive in the '''T:\IT\Antivirus\Defender365''' folder if you're accessing from a PC on site. Copy it to the PC we're installing to (to the Desktop or your Downloads folder is fine). Alternatively, if you're off-site you may download it from Sharepoint [https://imperiallondon-my.sharepoint.com/:f:/g/personal/cdelafor_ic_ac_uk/ElpSErXqRcNEmbWX5FLuSIQByCnpDPEVzZqRpXHiMGFDtg?e=iLOfm6 here].


Once downloaded, right click on it and select '''Run as administrator'''.
Once downloaded, right click on it and select '''Run as administrator'''.


[[File:script_right_click_admin.png]]
[[File:Right_click.png]]
 
 
You may get Windows Defender (not Defender 365) blocking this installation, as you're trying to run a script you downloaded from the Internet, as admin. Normally a bad idea!
 
[[File:Defender365_smartscreen.png]]
 
In this case press "More Info" and allow the installation.
 


It will make some checks and then prompt you to press Y to install. Do so.  
It will make some checks and then prompt you to press Y to install. Do so.  
Line 38: Line 50:
You may now check the status of your installation if required by visiting https://security.microsoft.com and logging in with your Imperial Office365 account. Note that there will likely be no entries until after you've had a security alert.
You may now check the status of your installation if required by visiting https://security.microsoft.com and logging in with your Imperial Office365 account. Note that there will likely be no entries until after you've had a security alert.


== Mac-Specific notes ==
= FAQ=
Awaiting ICT instruction. Check back later.


== Linux-Specific notes ==
# I'm running a Mac.
Awaiting ICT instruction. Check back later.
#* Please email Chris for details. ICT haven't released details yet.
# I'm running Linux.
#* Continue as you were as you're unlikely to be running Sophos.
# I'm running SentinelOne, not Sophos.
#* Continue as you are for now if you like. ICT will be removing SentinelOne in 2023 but you are free to do so now.
# I'm too busy to do this.
#* Email Chris.
# When should I do this?
#* ASAP, don't leave it until the end of the month in case you have problems and are then left with no protection.
# Should I do this on every computer I have?
#* You should do this on every computer which you have ''which is running Sophos provided by Imperial College London''.

Latest revision as of 08:51, 13 October 2022

Introduction

ICT have changed AV supplier to Microsoft Defender 365, in common with many universities. Sophos must be removed from all Imperial PCs and Macs by the end of October 2022.

The Procedure (overview)

  1. Uninstall Sophos from your PC.
  2. Reboot PC (essential).
  3. Install Defender 365 (via a single step, with no reboot needed).

Note that the very few users running SentinelOne instead of Sophos are not affected by this change yet.

The Procedure (Windows specifics)

Firstly, uninstall Sophos. You know that you have Sophos installed if you can see "Sophos" entries in your Windows Start Menu, or if you have a blue "S" shield in your taskbar icons.

There are two ways in which you can do this, so the choice is yours:

  • New way (using Windows Settings app)
  1. From your start menu click on the Settings cog.
  2. Open Apps -> Apps & Features.
  3. Scroll down the list until you see Sophos Endpoint Agent. Click on "hamburger" menu on the right and select Uninstall.
  4. Reboot when prompted. This step is essential before you move on to install Defender.
  • Old way (using Control Panel)
  1. From your start menu open Control Panel.
  2. Open Programs and Features.
  3. Scroll down the list until you see Sophos Endpoint Agent. Click on it and press the Uninstall button at the top.
  4. Reboot when prompted. This step is essential before you move on to install Defender.

Once you're back into Windows after the reboot, you need to download my Defender installer file to your PC's local C: drive (not a network drive).

I've left this on the T: drive in the T:\IT\Antivirus\Defender365 folder if you're accessing from a PC on site. Copy it to the PC we're installing to (to the Desktop or your Downloads folder is fine). Alternatively, if you're off-site you may download it from Sharepoint here.

Once downloaded, right click on it and select Run as administrator.

Right click.png


You may get Windows Defender (not Defender 365) blocking this installation, as you're trying to run a script you downloaded from the Internet, as admin. Normally a bad idea!

Defender365 smartscreen.png

In this case press "More Info" and allow the installation.


It will make some checks and then prompt you to press Y to install. Do so.

If all goes well you'll see the below message.

Defender365Success.png

You may now check the status of your installation if required by visiting https://security.microsoft.com and logging in with your Imperial Office365 account. Note that there will likely be no entries until after you've had a security alert.

FAQ

  1. I'm running a Mac.
    • Please email Chris for details. ICT haven't released details yet.
  2. I'm running Linux.
    • Continue as you were as you're unlikely to be running Sophos.
  3. I'm running SentinelOne, not Sophos.
    • Continue as you are for now if you like. ICT will be removing SentinelOne in 2023 but you are free to do so now.
  4. I'm too busy to do this.
    • Email Chris.
  5. When should I do this?
    • ASAP, don't leave it until the end of the month in case you have problems and are then left with no protection.
  6. Should I do this on every computer I have?
    • You should do this on every computer which you have which is running Sophos provided by Imperial College London.