Sophos Enterprise Console is a management console that can be used to install Sophos endpoint security software remotely, and to configure, monitor, manage, and report on Sophos products running on Windows, Mac OS X, Linux, and UNIX computers. For more information about Sophos Enterprise Console, see Sophos Enterprise Console Help.
Sophos Update Manager enables you to set up automatic updating of Sophos security software from a Sophos website. It allows for deployment across a wide area network with multiple updating locations. Sophos Update Manager is installed with and managed from Enterprise Console. For more information about Sophos Update Manager, see Sophos Enterprise Console Help.
For information on installing Enterprise Console for the first time, see the Sophos Endpoint Security and Control quick startup guide or Sophos Endpoint Security and Control advanced startup guide, depending on your network configuration.
For information on upgrading, see the Sophos Endpoint Security and Control quick upgrade guide or Sophos Endpoint Security and Control advanced upgrade guide, depending on your network configuration.
For advice on best practices for using and managing Sophos security software, see the Sophos Endpoint Security and Control policy setup guide.
The guides are available from the Sophos website (http://www.sophos.com/support/docs/Endpoint_Security_Control-all.html).
Sophos Update Manager is the new and more efficient Sophos updating technology. It enables you to set up automatic updating of Sophos security software from Sophos website. It is installed with and managed from Enterprise Console. Sophos Update Manager is a robust and scalable updating solution. An update manager can support up to 25,000 computers.
Role-based administration allows you to specify which computers a user can access and which tasks they can carry out, depending on their role in your organization.
Sub-estate administration restricts the computers and groups that users can perform operations on.
Data control enables you to reduce accidental data loss from workstations by monitoring and restricting the transfer of files containing sensitive data. You can monitor and control the transfer of files to specified storage devices (e.g. removable storage device or optical drive) or by specified applications (e.g. email client or web browser).
New device control policy makes it easier to manage the connection of unauthorized storage devices and network interfaces.
New standard reports have been added, such as non-compliance, time-based, and summary reports. Report configuration can now be saved and scheduled so that the report output is sent to an email address at certain times. New Create Report Wizard assists with customization and scheduling of reports.
You can configure the firewall for two different types of location. It will use different settings according to the location where computers are used, for example, in the office (on the network) and out of the office.
To make rule creation simpler, the firewall can be deployed with a policy to allow all unknown traffic and create events.
The list below includes problems known at the time of release. For an up-to-date list, including problems found after release, see Sophos support knowledgebase article 63215.
It is possible that some files required by the setup will be in use when the installation or upgrade is carried out and a restart will therefore be required to complete the file copy.
In rare circumstances a reboot of an endpoint computer may be required to successfully complete the uninstallation of third-party security software and installation of Sophos security software.
There are a number of scenarios where application control events that are not the result of the user running the application will be reported back to Enterprise Console. These are:
The user will be reported as “NT Authority” as opposed to the user logged onto the endpoint if an application is detected during a scheduled scan, by a scheduled task being activated, or when the Start menu is enumerated.
If a user attempts to install a controlled application that is blocked, the application will be prevented from being installed. An alert will be sent to Enterprise Console, but the alert will show neither the action that raised the alert nor where the installer was located. For more information about the application control event, see the Sophos Anti-Virus log file on the endpoint (C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs\SAV.txt).
When a Firewall policy is applied, all application rules are removed and then re-added. During this time, if an application that is allowed by the new policy tries to make an outbound connection, the application is blocked until the new policy is applied completely.
A running application or service is denied network access until after it's restarted even if the firewall configuration has been updated to allow it. This happens when the application was initially blocked because it had been detected as a hidden process, new or modified application, or a process with its memory modified by another application.
Sophos Endpoint Security and Control must always be installed (although it does not have to be running) on the server running the Enterprise Console management server. Otherwise, Enterprise Console will not be able to manage endpoint computers correctly. If you want to install Sophos Endpoint Security and Control on the server alongside other anti-virus software and disable on-access scanning, see Sophos support knowledgebase article 13814.
When Enterprise Console discovers an unmanaged computer that belongs to a workgroup by using the Find on the network option of the Find new computers feature, the console displays the name of the computer's workgroup in the Domain/workgroup field. If the computer is then moved to an Active Directory domain and restarted, and Enterprise Console immediately synchronizes that computer with or imports it from Active Directory, the console will still display the name of the computer's workgroup in the Domain/workgroup field, and not its domain name. You can resolve this problem by making the computer managed, as explained below.
Protect the computer. The computer now has two entries in Enterprise Console: the original entry, which shows it as part of a workgroup, and a new entry, with the Domain/workgroup set to the name of the Active Directory domain. However, the new entry may appear in the Unassigned group, and have only the default policies applied. If this happens, you need to do as follows:
If the computer is not a member of a synchronized Active Directory group, move the computer to the appropriate Enterprise Console group.
Delete the original workgroup entry.
If the computer is a member of a synchronized Active Directory group, delete the workgroup entry for that computer in Enterprise Console (the computer will be shown in the synchronized group). The next time synchronization takes place, the entry for the managed computer will appear in the correct group, with the correct policies applied. Alternatively, if you can delete the workgroup entry for the computer from Enterprise Console before the computer is found in Active Directory, the computer will appear in the correct group first time.
When you set an anti-virus policy for a group of computers, you can exclude folders from on-access scanning. This option is not supported on Windows 95/98 computers and may have the effect of disabling on-access scanning on those computers. If you move the Windows 95/98 computers to a group that does not have this option included in its policy, on-access scanning should restart.
Supported operating systems are listed on the system requirements page of the Sophos website (http://www.sophos.com/products/all-sysreqs.html).
In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows 2000 and later, Mac and Linux - then around 700 MB would be required in the Documents and Settings folder.
If you want to install Sophos Update Manager on a computer other than the one where Enterprise Console is installed, you will need at least:
Minimum database size
The computer where you place the database (which may be the same computer as the computer where Enterprise Console is installed or a different one) needs a minimum of 1 GB disk space for data.
Maximum database size
To enable Enterprise Console to communicate with managed workstations, open ports 8192 and 8194 on the computer where the Enterprise Console management server is installed. To enable Sophos Update Manager to download security software from Sophos, open port 80 on the computer where Sophos Update Manager is installed.
For technical support, visit http://www.sophos.com/support.
If you contact technical support, provide as much information as possible, including the following:
Copyright © 2009 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.