Sophos NAC Advanced version 3.2.7

New in this release

  • When you enter the Sophos download account details during installation, or after installation in Compliance Manager, the details are verified, and are used to authenticate the download of the latest detection data for security applications. During installation, the details are now requested during the Compliance Manager installation instead of during the Compliance databases installation.

    Important: If you are still using Sophos Anti-Virus for Windows, version 7 with NAC Advanced, do not upgrade NAC Advanced to this release. Instead contact Sophos technical support.

Known issues

  • The Compliance Agent installation may require you to restart the endpoint after installation for the following reasons:
    • During installation, you were prompted to shut down applications that were using shared resources, such as the XMLDOM, and you chose not to shut down these applications.
    • You are upgrading the Quarantine Agent and the upgrade uses a new version of the Agent Quarantine Manager, which is a kernel driver.
  • (WKI64580) When running the Dissolvable Agent as a restricted user on Windows 7, Sophos NAC Advanced cannot enable the Windows 7 Firewall. The user receives a message that indicates that Sophos NAC Advanced is enabling the Windows 7 Firewall, but this is not the case. The workaround is for the user to manually enable the Windows 7 Firewall.
  • (DEF 23404) When Sophos NAC Advanced remediates Symantec AntiVirus 11.x to enable real-time protection, Sophos NAC Advanced may not detect that real-time protection has been enabled until Symantec AntiVirus completes an initial scan.
  • (DEF 11485) For Symantec Client Security 10.x Firewall, if the Enabled capability check is run on the endpoint less than 60 seconds after the firewall is enabled, the Sophos NAC Advanced software returns inconsistent results when detecting the Enabled capability. The workaround is to ensure that more than 60 seconds has passed after the firewall was enabled before attempting to detect the Enabled capability.

Technical support

You can find technical support for Sophos products in any of these ways:

System requirements

Sophos NAC Advanced may be installed on one server for evaluations and small installations. For larger installations, Sophos requires that you install the Compliance Databases and the application on separate servers.

Note: If you are using distributed DHCP enforcement, the DHCP Cache Databases and DHCP Cache Server have the same system requirements as the Sophos NAC Advanced system requirements, except that they do not support SQL Server 2000.

Compliance Application Server

  • 2 GHz or faster Xeons
  • 2 CPUs
  • 2 GB or more of RAM
  • Windows Server (The following Windows Server versions are supported.)
    • Windows Server 2003 base and higher (32-bit)
    • Windows Server 2003 R2 SP1 and higher (32-bit)
    • Windows Server 2008 base and higher (32-bit)
    Note: Sophos NAC Advanced installs on foreign operating systems; however, the Compliance Manager is in English.
  • Internet Access
  • 3 GB of free hard disk space
  • TCP/IP Protocol

    Ethernet adapter for a wired broadband connection or 802.11 wireless adapter for wireless broadband connection

  • Web Certificate if you are using HTTPS
  • .NET 3.5 SP1 must be installed manually

Compliance Database Server

The computer where you place the Compliance Databases (which may be the same computer or a different one) also needs:

  • Windows Server (The following Windows Server versions are supported.)
    • Windows Server 2000 with SP3 and higher (32-bit)
    • Windows Server 2003 base and higher (32-bit and 64-bit)
    • Windows Server 2003 R2 SP1 and higher (32-bit and 64-bit)
    • Windows Server 2008 base and higher (32-bit and 64-bit)
    • Windows Server 2008 R2 base (64-bit)
  • SQL Server (The following SQL Server versions are supported.)
    Note: The instance of SQL server must be running as either Local System or a valid domain account. Local accounts on the database server will not function properly with Sophos NAC Advanced.
    • SQL Server 2000 with SP3a and higher (32-bit)
    • SQL Server 2005 SP1 and higher or SQL Server 2005 Express (32-bit and 64-bit)
    • SQL Server 2008 or SQL Server 2008 Express (32-bit and 64-bit)

    If you use SQL Server Express, the maximum size that a database can reach is 4 GB. If you use SQL Server, there is no limit apart from the one set by the administrator. SQL Server Express should only be used if you are testing or evaluating Sophos NAC Advanced. We recommend SQL Server for production use.

DHCP Enforcer Server

  • Windows Server 2003 base and higher (32-bit and 64-bit)
  • Windows Server 2003 R2 SP1 and higher (32-bit and 64-bit)
  • Windows Server 2008 base and higher (32-bit and 64-bit)
  • Windows Server 2008 R2 base (64-bit)

Web Server Hosting Dissolvable Agent

  • Internet Information Services (IIS).
  • 10 MB of free hard disk space.

Endpoint Running the Agent

  • Microsoft Windows operating systems:
    • Windows 2000 Professional SP4 and higher (32-bit)
    • Windows XP Professional SP1 and higher (32-bit)
    • Windows XP Professional SP2 and higher (64-bit)
    • Windows Vista Business, Enterprise, Ultimate, Home Premium, and Home Basic base and higher (32-bit and 64-bit)
    • Windows 7 Professional, Enterprise, Ultimate, and Home Premium base and higher (32-bit and 64-bit)
    • Windows Server 2003 base and higher (32-bit and 64-bit)
    • Windows Server 2003 R2 SP1 and higher (32-bit and 64-bit)
    • Windows Server 2008 base and higher (32-bit and 64-bit)
    • Windows Server 2008 R2 base (64-bit)
  • Microsoft Windows supported platforms (English, French, Spanish, German, Italian, Japanese, Simplified Chinese, and Traditional Chinese)
  • 700 Mhz or faster Pentium processor
  • 512 MB or more of RAM
  • 20 MB of free hard disk space
  • Microsoft Internet Explorer 5.0 or greater
  • Microsoft Windows Installer 2.0 or greater
  • Microsoft XMLDOM 3 or greater

Endpoint Running the Dissolvable Agent

The Dissolvable Agent supports the same operating systems as the Compliance Agent. These operating systems are defined above.

  • Microsoft Windows supported platforms (English, French, Spanish, German, Italian, Japanese, Simplified Chinese, and Traditional Chinese)
  • Microsoft Internet Explorer 6 and higher
  • Microsoft XMLDOM 3 or greater
  • Sun Java Runtime Environment (JRE) version 6 update 10 or higher

Legal notices

Copyright © 2011 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.