Sophos Enterprise Console is a management console that can be used to install Sophos Anti-Virus and Sophos Client Firewall remotely, and to configure, monitor, manage, and report on Sophos products running on Windows, Mac OS X, and Linux computers.
Enterprise Console works in conjunction with Sophos EM Library, which downloads software packages from Sophos and keeps them updated automatically.
EM Library allows for deployment across a wide area network with multiple updating locations.
For information on installing Enterprise Console for the first time, see the Sophos Endpoint Security and Control network startup guide.
For information on upgrading, see the Sophos Endpoint Security and Control network upgrade guide.
Both guides are available from the Sophos website at http://www.sophos.com/support/docs/ or from the Sophos Endpoint Security and Control Network Install CD.
Enterprise Console is now supported on Windows Server 2008 (non-core editions).
Enterprise Console 3.1.1 is supported only on Windows Server 2008. You cannot upgrade to version 3.1.1 from a previous version of Enterprise Console. You will be able to upgrade from version 3.1.1 to version 4 when version 4 is released.
No components from the previous versions of Enterprise Console must be present on the computer where you want to install Enterprise Console 3.1.1.
The database is not included with this version of Enterprise Console. Prior to installation of Enterprise Console 3.1.1, install SQL Server (if it isn't already installed) and create an instance named SOPHOS. Sophos recommends SQL Server 2005 Express (SP1).
Before installing Enterprise Console 3.1.1, you must turn off User Account Control (UAC) and restart the server. You can turn UAC on again after you have installed Enterprise Console and subscribed to Sophos updates.
The description of some problems includes an identifier in brackets: for example "(DEF 22335)". You can use this identifier if you need to contact Sophos technical support about the problem in question.
(WKI26898) An Enterprise Console management server cannot connect to a remote database installed on a SQL Server Express instance. This is because by default, SQL Server Express does not allow remote connections. For more information, see Sophos support knowledgebase article 24635.
An allowed application is blocked temporarily by Sophos Client Firewall.
(DEF 22335) When a Sophos Client Firewall policy is applied, all application rules are removed and then re-added. During this time, if an application that is allowed by the new policy tries to make an outbound connection, the application is blocked until the new policy is applied completely.
A reboot may be required following an Enterprise Console upgrade from 3.0 to 3.1.
(QUE20382) It is possible that some files will be in use when the upgrade is attempted and a restart will therefore be required to complete the file copy.
Computers imported from or synchronized with Active Directory may appear in the console as belonging to a workgroup.
(CR 22041 and CR 27529) When Enterprise Console discovers an unmanaged computer that belongs to a workgroup by using the Find on the network option of the Find new computers feature, the console displays the name of the computer's workgroup in the Domain/workgroup field. If the computer is then moved to an Active Directory domain and restarted, and Enterprise Console immediately synchronizes that computer with or imports it from Active Directory, the console will still display the name of the computer's workgroup in the Domain/workgroup field, and not its domain name. You can resolve this problem by making the computer managed, as explained below.
Protect the computer. The computer now has two entries in Enterprise Console: the original entry, which shows it as part of a workgroup, and a new entry, with the Domain/workgroup set to the name of the Active Directory domain. However, the new entry may appear in the Unassigned group, and have only the default policies applied. If this happens, you need to do as follows:
If the computer is not a member of a synchronized Active Directory group, move the computer to the appropriate Enterprise Console group.
Delete the original workgroup entry.
If the computer is a member of a synchronized Active Directory group, delete the workgroup entry for that computer in Enterprise Console (the computer will be shown in the synchronized group). The next time synchronization takes place, the entry for the managed computer will appear in the correct group, with the correct policies applied. Alternatively, if you can delete the workgroup entry for the computer from Enterprise Console before the computer is found in Active Directory, the computer will appear in the correct group first time.
Enterprise Console may display Sophos Anti-Virus 4.6 on Windows 9x as uninstalled.
(CR 26581) The console may display no information about computers where Sophos Anti-Virus 4.6 is installed, although Sophos Anti-Virus 4.6 may be up to date and functioning correctly. In this case, the fields such as On-access, Anti-virus and HIPS policy, Up to date, Anti-virus version, Detection data, and IDEs remain empty. The console will still display alerts and errors raised by Sophos Anti-Virus 4.7 or later.
Installation fails if Microsoft networking client is not present.
Installation of the Enterprise Console management server will fail if Microsoft networking client is not installed on the computer (although this client does not need to be active).
If you are using a firewall, you should enable port 8192 before you install Enterprise Console.
If you are using a firewall on the computer where you want to install Enterprise Console, you should enable Corba port 8192, in addition to ports 8193 and 8194. Port 8192 is used to enable the computers on the network to find the Enterprise Console management server. Computers will report correctly to the management server if it is behind a firewall but they will take longer to do so.
Excluding folders from on-access scanning may disable scanning on Windows 95/98/Me computers.
When you set an anti-virus policy for a group of computers, you can exclude folders from on-access scanning. This option is not supported on Windows 95/98/Me computers and may have the effect of disabling on-access scanning on those computers. If you move the Windows 95/98/Me computers to a group that does not have this option included in its policy, on-access scanning should restart.
Enterprise Console cannot show if a controlled application was detected locally or remotely.
(CR 28114) If a user attempts to install a controlled application that is blocked, the application will be prevented from being installed. An alert will be sent to Enterprise Console, but the alert will show neither the action that raised the alert nor where the installer was located. For more information about the blocked action, see the Sophos Anti-Virus log file on the endpoint (C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs\SAV.txt).
Workflow to set up or revise updating is not displayed on Windows 2003 over a Remote Desktop session.
(CR 28291) After the installation of or upgrade to Enterprise Console version 3.1, you are asked to log off and then log on again. Normally, upon logging on, a wizard or a dialog is displayed that leads you through the workflow to set up or revise updating for Enterprise Console 3.1. However, if this is taking place on Windows 2003 over a Remote Desktop session, after logging on again, the wizard or the dialog is not displayed. To set up updating using EM Library, follow the instructions in Appendix 1 of the Sophos Endpoint Security and Control network startup guide.
If you upgrade a remote management console on Windows Server 2003, an invalid warning message is displayed.
(CR 28369) If you upgrade an Enterprise Console 2 remote management console to an Enterprise Console 3.1 remote management console on a computer running Windows Server 2003, the installer displays Warning 27555. This warns that the installer cannot ensure that existing users remain in the Sophos Console Administrators group. Ignore this message and continue with the upgrade. The console should work without any further changes.
A reboot may be required after removing third-party security software.
(DEF18692) In rare circumstances a reboot of an endpoint computer may be required to successfully complete the uninstallation of third-party security software and the installation of Sophos security software.
(CR 27212) A link to Sophos Network Communications Report is not available on a computer where Enterprise Console or EM Library is installed.
On Windows Server 2008 the NTFS rights on the directory under the InterChk share are protected and only allow authenticated user access - the Guest or other accounts may need to be granted Read rights, if required.
After installing a library, the Network Account Configuration Wizard runs automatically. For this to complete successfully on Windows Server 2008, User Account Control (UAC) must be disabled.
If you install the management server (EM Library plus Enterprise Console) on a Windows 2000 server, it will sometimes need to be restarted afterwards.
During installation, the Network account configuration wizard offers to create a local "EMLibUser" account automatically. If you are installing EM Library on a domain server, you cannot use this option. You must create an EM Library user account on Active Directory, and then select that user account in the account configuration wizard.
Remote library cannot be installed on a computer running Windows XP SP2.
(CR 18623) When installing a remote library on a computer running Windows XP SP2, the installation fails with an error.
Some descriptions include the relevant identifier in brackets. You can use this if you need to contact Sophos technical support.
If the EM Library component is installed on a computer running Windows Server 2008, CIDs cannot be hosted on a NetWare computer if NDS authentication is being used. EM Library may be able to update CIDs on NetWare servers if the native Windows authentication is enabled on the servers.
Scheduled scanning for controlled applications
(CR 24322) For information about setting up a scheduled scan for controlled applications, see Sophos support knowledgebase article 22473.
Up-to-date system requirements are listed at http://www.sophos.com/products/all-sysreqs.html.
If you want to be able to use Enterprise Console remotely, you can install a remote management console on the above platforms or on Windows XP Professional (SP3).
The computer where you place the database component (which may be the same computer or a different one) also needs:
If you want to place the database on a separate computer, you can install it either on Windows Server 2008, as indicated in Enterprise Console system requirements, or on Windows Server 2003 (SP2).
The "Task Scheduler" service must be installed and running on any remote computers onto which you want to install a library from the main console (see below).
If Microsoft Management Console (MMC) is not already installed, it can be downloaded from the Microsoft website.
MMC is a Microsoft product, and any enquiries about it should be directed to Microsoft. Sophos can provide no support for its installation and usage, neither can it accept any responsibility for any problems that MMC may introduce in other installed software.
The "Task Scheduler" service must be installed and running.
User Account Control (UAC) must be turned off on Windows Server 2008 during installation of EM Library. You can turn UAC on again after you have installed EM Library and subscribed to Sophos updates.
File and printer sharing must be enabled on the computer where the EM Library services are running (usually the computer where you installed EM Library).
Sophos Enterprise Console (SEC) 3.1.0 includes the ability to enable Sophos Anti-Virus for Windows 2000 or later to detect rootkits during on-demand scans. This is controlled by the option Scan for suspicious files (HIPS) in the anti-virus and HIPS policy.
SEC 3.1.0 includes the ability to deploy agents and policies from Sophos NAC Manager directly from within SEC.
A new section in the policy pane is available, where three NAC policies are referenced. These policies are defined in NAC Manager and cannot be renamed or deleted. Within SEC these policies can be managed in exactly the same way as other policies already available.
Double clicking on any of the three NAC policies will automatically launch NAC Manager and open directly the page required to view or edit the relevant policy.
The Protect Computer Wizard, AD Synchronisation Wizard and the Bootstrap deployment now include the ability to deploy NAC agents and policies.
In the instance where NAC Manager and SEC are installed on the same server, SEC will attempt to automatically populate the address required to access NAC Manager from within SEC. Once this has been correctly configured, it is possible to launch NAC Manager via a new NAC button in SEC, located on the toolbar alongside the reporting and EM Library buttons.
Where NAC Manager is not installed on the same server as SEC, a Configure NAC url option is available from the Tools menu. When this option is selected, just the server name or IP address of the server NAC Manager is installed on should be typed in.
Please refer to the Sophos Endpoint Security and Control quick start guide for further information on installing and getting started with Sophos Endpoint Security and Control and Sophos NAC Manager.
SEC 3.1.0 includes the ability to remove supported third-party security products as part of the Sophos security software deployment to endpoint computers.
A check box is present in the Protect Computer Wizard and AD Synchronisation Wizard where there is a choice to run the third-party security product removal feature as part of the Sophos software deployment. This check box is selected by default. Clear this check box to deploy Sophos software without running the third-party security removal feature.
For technical support, visit http://www.sophos.com/support.
Copyright © 2008 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.