Sophos Enterprise Console / EM Library release notes ---------------------------------------------------- Enterprise Console version : 3.1.0 EM Library version : 1.3.2 www.sophos.com Contents -------- 1 About Sophos Enterprise Console 2 New in this version 3 Known problems 4 Additional information 5 System requirements 1 About Sophos Enterprise Console --------------------------------- Sophos Enterprise Console is a management console that can be used to install Sophos Anti-Virus and Sophos Client Firewall remotely, and to configure, monitor, manage, and report on Sophos products running on Windows, Mac OS and Linux computers. Enterprise Console works in conjunction with Sophos EM Library, which downloads software packages from Sophos and keeps them updated automatically. EM Library allows for deployment across a wide area network with multiple updating locations. For information on installing Enterprise Console for the first time, see the "Sophos Endpoint Security and Control network startup guide". For information on upgrading, see the "Sophos Endpoint Security and Control network upgrade guide". Both guides are available from the Sophos website or from the Sophos Network Install CD. 2 New in this version --------------------- * Rootkit scanning Sophos Enterprise Console (SEC) 3.1 includes the ability to enable Sophos Anti-Virus for Windows 2000 or later to detect rootkits during on-demand scans. This is controlled by the option "Scan for suspicious files (HIPS)" in the anti-virus and HIPS policy. * Integration with Sophos NAC Manager SEC 3.1 includes the ability to deploy agents and policies from Sophos NAC Manager directly from within SEC. A new section in the policy pane is available, where three NAC policies are referenced. These policies are defined in NAC Manager and cannot be renamed or deleted. Within SEC these policies can be managed in exactly the same way as other policies already available. Double clicking on any of the three NAC policies will automatically launch NAC Manager and open directly the page required to view or edit the relevant policy. The Protect Computer Wizard, AD Synchronisation Wizard and the Bootstrap deployment now include the ability to deploy NAC agents and policies. In the instance where NAC Manager and SEC are installed on the same server, SEC will attempt to automatically populate the address required to access NAC manager from within SEC. Once this has been correctly configured, it is possible to launch NAC Manager via a new NAC button in SEC, located on the toolbar alongside the reporting and EM Library buttons. Where NAC Manager is not installed on the same server as SEC, a Configure NAC url option is available from the Tools menu. When this option is selected, just the server name or IP address of the server NAC Manager is installed on should be typed in. Please refer to the Sophos Endpoint Security and Control Quick Start guide for further information on installing and getting started with Sophos Endpoint Security and Control and Sophos NAC Manager. * Third-party security product removal SEC 3.1 includes the ability to remove supported third-party security products as part of the Sophos security software deployment to endpoint computers. A check box is present in the Protect Computer Wizard and AD Synchronisation Wizard where there is a choice to run the third-party security product removal feature as part of the Sophos software deployment. This check box is selected by default. Clear this check box to deploy Sophos software without running the third-party security removal feature. 3 Known problems ---------------- Some descriptions include the relevant identifier in brackets. You can use this if you need to contact Sophos technical support. * (CR 27212) A link to Sophos Network Communications Report is not available on a computer where Enterprise Console or EM Library is installed. 3.1 Enterprise Console * An allowed application is blocked temporarily by Sophos Client Firewall (DEF 22335) When a Sophos Client Firewall policy is applied, all application rules are removed and then re-added. During this time, if an application that is allowed by the new policy tries to make an outbound connection, the application is blocked until the new policy is applied completely. * A reboot may be required following a SEC 3.0 to SEC 3.1 upgrade. (QUE20382) It is possible that some files will be in use when the upgrade is attempted and a restart will therefore be required to complete the file copy. * Computers imported from or synchronized with Active Directory may appear in the console as belonging to a workgroup. (CR 22041 and CR 27529) When Enterprise Console discovers an unmanaged computer that belongs to a workgroup by using the "Find on the network" option of the "Find new computers" feature, the console displays the name of the computer's workgroup in the "Domain/workgroup" field. If the computer is then moved to an Active Directory domain and restarted, and Enterprise Console immediately synchronizes that computer with or imports it from Active Directory, the console will still display the name of the computer's workgroup in the "Domain/workgroup" field, and not its domain name. You can resolve this problem by making the computer managed, as explained below. Protect the computer. The computer now has two entries in Enterprise Console: the original entry, which shows it as part of a workgroup, and a new entry, with the Domain/workgroup set to the name of the Active Directory domain. However, the new entry may appear in the Unassigned group, and have only the default policies applied. If this happens, you need to do as follows: If the computer is not a member of a synchronized Active Directory group, move the computer to the appropriate Enterprise Console group. Delete the original workgroup entry. If the computer is a member of a synchronized Active Directory group, delete the workgroup entry for that computer in Enterprise Console (the computer will be shown in the synchronized group). The next time synchronization takes place, the entry for the managed computer will appear in the correct group, with the correct policies applied. Alternatively, if you can delete the workgroup entry for the computer from Enterprise Console before the computer is found in Active Directory, the computer will appear in the correct group first time. * Enterprise Console may display Sophos Anti-Virus 4.6 on Windows 9x as uninstalled. (CR 26581) The console may display no information about computers where Sophos Anti-Virus 4.6 is installed, although Sophos Anti-Virus 4.6 may be up to date and functioning correctly. In this case, the fields such as "On-access", "Anti-virus and HIPS policy", "Up to date", "Anti-virus version", "Detection data", and "IDEs" remain empty. The console will still display alerts and errors raised by Sophos Anti-Virus 4.7 or later. * Installation fails if Microsoft networking client is not present. Installation of the Enterprise Console management server will fail if Microsoft networking client is not installed on the computer (although this client does not need to be active). * If you are using a firewall, you should enable port 8192 before you install Enterprise Console. If you are using a firewall on the computer where you want to install Enterprise Console, you should enable Corba port 8192, in addition to ports 8193 and 8194. Port 8192 is used to enable the computers on the network to find the Enterprise Console management server. Computers will report correctly to the management server if it is behind a firewall but they will take longer to do so. * Excluding folders from on-access scanning may disable scanning on Windows 95/98/Me computers. When you set an anti-virus policy for a group of computers, you can exclude folders from on-access scanning. This option is not supported on Windows 95/98/Me computers and may have the effect of disabling on-access scanning on those computers. If you move the Windows 95/98/Me computers to a group that does not have this option included in its policy, on-access scanning should restart. * Large database may cause upgrading to Enterprise Console version 3.1 to fail. (CR 28273) If you are upgrading from Enterprise Console version 2, and have a large database, Enterprise Console may fail to start because the Management Service has failed to start. This is because SQL Server chooses suboptimal query strategies whilst the data is being upgraded. Sophos recommends that the Sophos Management Service is restarted five more times. If the problem persists, contact Sophos technical support. * Enterprise Console cannot show if a controlled application was detected locally or remotely. (CR 28114) If a user attempts to install a controlled application that is blocked, the application will be prevented from being installed. An alert will be sent to Enterprise Console, but the alert will show neither the action that raised the alert nor where the installer was located. For more information about the blocked action, see the Sophos Anti-Virus log file on the endpoint (C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs\SAV.txt). * Workflow to set up or revise updating is not displayed on Windows 2003 over a Remote Desktop session. (CR 28291) After the installation or upgrade to Enterprise Console version 3, you are asked to log off and then log on again. Normally, upon logging on, a wizard or a dialog is displayed that leads you through the workflow to set up or revise updating for Enterprise Console 3. However, if this is taking place on Windows 2003 over a Remote Desktop session, after logging on again, the wizard or the dialog is not displayed. To set up updating using EM Library, follow the instructions in Appendix 1 of the "Sophos Endpoint Security and Control network startup guide". * If you upgrade a remote management console on Windows Server 2003, an invalid warning message is displayed. (CR 28369) If you upgrade an Enterprise Console 2 remote management console to an Enterprise Console 3 remote management console on a computer running Windows Server 2003, the installer displays "Warning 27555". This warns that the installer cannot ensure that existing users remain in the Sophos Console Administrators group. Ignore this message and continue with the upgrade. The console should work without any further changes. * The database fails to install correctly on a 64-bit version of Windows. (CR 28419) The Enterprise Console database can reside on a 64-bit Windows platform. If the database is to run on a 64-bit Windows platform, an existing installation of SQL Server must be present on the computer. The name of this instance must not be SOPHOS. To work around this problem, use an alternative name (e.g. SOPHOS64), and select this instance when installing the Enterprise Console database. If you do choose to create a SQL Server database instance called SOPHOS, and then attempt to install the Enterprise Console database, the installer attempts to install MSDE, the installation will fail with the error "MSDE server cannot be installed on a 64-bit platform. An existing instance of SQL Server on the local computer must be used". * A reboot may be required after removing third-party security software. (DEF18692) In rare circumstances a reboot of an endpoint computer may be required to successfully complete the uninstallation of third-party security software and the installation of Sophos security software. 3.2 EM Library * (CR 26650) If you upgrade the EM Library console from version 1.3 to 1.3.2 using the standalone EM Library installer, it may not be possible to reconnect the console to a library. The right-hand pane of the EM Library console may be blank, or may display the message "Action cancelled". Note that upgrades to the EM Library console using the Enterprise Console installer are unaffected. To work around this problem, uninstall the EM Library console and then reinstall it. You can now connect the console to the library. * If you install the management server (EM Library plus Enterprise Console) on a Windows 2000 server, it will sometimes need to be restarted afterwards. * During installation, the "Network account configuration wizard" offers to create a local "EMLibUser" account automatically. If you are installing EM Library on a domain server, you cannot use this option. You must create an EM Library user account on Active Directory, and then select that user account in the account configuration wizard. * Remote library cannot be installed on a computer running Windows XP SP2. (CR 18623) When installing a remote library on a computer running Windows XP SP2, the installation fails with an error. For technical support, visit http://www.sophos.com/support. If you contact technical support, provide as much information as possible, including the following: * Sophos software version number(s) * Operating system(s) and patch level(s) * The exact text of any error messages 4 Additional information ------------------------ Some descriptions include the relevant identifier in brackets. You can use this if you need to contact Sophos technical support. * Scheduled scanning for controlled applications (CR 24322) For information about setting up a scheduled scan for controlled applications, see the following knowledgebase article: http://www.sophos.com/support/knowledgebase/article/22473.html * For information about upgrading from earlier versions of EM Library, see http://www.sophos.com/support/knowledgebase/article/2609.html 5 System requirements --------------------- 5.1 Enterprise Console * Pentium 2.0 GHz or equivalent * 512 MB RAM * Windows 2000 Professional (SP3 or later), Windows 2000 Server (SP3 or later), or Windows Server 2003 (with or without SP1) * Internet Explorer 5 or later * At least 80 MB disk space for installation. You need further space for your database, as detailed below. If you want to be able to use Enterprise Console remotely, you can install a remote management console on the above platforms or on Windows XP Professional (SP1 or later). 5.2 Database The computer where you place the database component (which may be the same computer or a different one) also needs: * At least 300 MB disk space for data. If you use MSDE, the maximum size that a database can reach is 2 GB. If you use Microsoft SQL Server, there is no limit apart from that set by the administrator. 5.3 EM Library 5.3.1 EM Library and Enterprise Console * Windows 2000, Windows XP Professional, or Windows 2003 * Microsoft Management Console (MMC) version 1.2 or later * Internet Explorer 5 or later 300 MB of disk space for the management software (EM Library plus Enterprise Console) plus up to 2 GB for the management database 256 MB of RAM minimum, 512 MB recommended File and print sharing must be enabled on the computer where the EM Library services are running (usually the computer where you install EM Library). The "Task Scheduler" service must be installed and running on any remote computers onto which you want to install a library from the main console (see below). If Microsoft Management Console (MMC) is not already installed, it can be downloaded from the Microsoft website. MMC is a Microsoft product, and any enquiries about it should be directed to Microsoft. Sophos plc can provide no support for its installation and usage, neither can it accept any responsibility for any problems that MMC may introduce in other installed software. 5.3.2 EM Library remote library system requirements * Windows NT 4 (Service Pack 6a), Windows 2000, or Windows 2003 * Internet Explorer 5 or later 150 MB of disk space for the management software 256 MB of RAM minimum, 512 MB recommended The "Task Scheduler" service must be installed and running. File and print sharing must be enabled on the computer where the EM Library services are running (usually the computer where you installed EM Library).