Installation and upgrade

• (WKI 49307) When you install the Sophos database and choose to create a new user to connect to the database, you will receive the following error message: “Every field must have a value in order to create a user.” For more information, see Sophos support knowledgebase article 64679.
• (DEF 37341) You cannot install Enterprise Console (including Remote Console) on a Windows XP, Windows Vista, or Windows 2000 Professional computer where Sophos Client Firewall has been installed. If you want to install Enterprise Console on one of these computers, remove Sophos Client Firewall first and reinstall it after you have installed Enterprise Console.
• (WKI 26898) An Enterprise Console management server cannot connect to a remote database installed on a SQL Server Express instance. This is because by default, SQL Server Express does not allow remote connections. For more information, see Sophos support knowledgebase article 24635.
• (QUE 20382) A reboot may be required following an Enterprise Console installation or upgrade.

  It is possible that some files required by the setup will be in use when the installation or upgrade is carried out and a restart will therefore be required to complete the file copy.

• Installation of the Enterprise Console management server will fail at runtime if Microsoft networking client is not installed on the computer (although this client does not need to be active).
• (DEF 18692) A reboot may be required after removing third-party security software.

  In rare circumstances a reboot of an endpoint computer may be required to successfully complete the uninstallation of third-party security software and installation of Sophos security software.

Application control

• (DEF 27077) Application control events are generated without applications being run by a user.

  There are a number of scenarios where application control events that are not the result of the user running the application will be reported back to Enterprise Console. These are:

  
  
  • When an endpoint computer is restarted, an event will be generated if a controlled application has an entry within the Windows Start menu, for example, Microsoft Games.
  • When a user opens the Add or Remove Programs window, an event will be generated if a controlled application is on the list of programs.
  • An event will be generated when a user wants to view file properties of a controlled application (by right-clicking on the file and selecting Properties) or when a user hovers the mouse cursor over the file to view the file’s tooltip.
• In the Application Control Event Viewer, the User column may contain “NT Authority”.

  The user will be reported as “NT Authority” as opposed to the user logged onto the endpoint if an application is detected during a scheduled scan, by a scheduled task being activated, or when the Start menu is enumerated on Windows bootup.

• Multiple application control events can be generated by a single application identity, for example, “MS Windows Games”. This occurs when an identity covers multiple executables or detection is triggered against more than one application component. The latter case normally occurs for scheduled scans with application detection enabled.
• (CR 28114) Enterprise Console cannot show if a controlled application was detected locally or remotely.

  If a user attempts to install a controlled application that is blocked, the application will be prevented from being installed. An alert will be sent to Enterprise Console, but the alert will show neither the action that raised the alert nor where the installer was located. For more information about the application control event, see the Sophos Anti-Virus log file on the endpoint (C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs\SAV.txt).

Data control

• (DEF 29635) Files transferred via the FTP protocol within Internet Explorer will not be scanned.
• (WKI 34375) An empty file stub may be attached to an email when a file has been blocked by data control. Outlook Express and Outlook Web Access will attach an empty file stub to an email following a data control “block” action. This includes the scenario where a user selects the “block file transfer” option in response to the “allow transfer on acceptance by user” action set in the data control rule.
• (WKI 30676) Microsoft’s “ReadyBoost” technology will be blocked if data control rules use either the “block” or “allow transfer on acceptance by user” actions. In this scenario data control blocks all writes to removable storage except for those made via Windows Explorer.
• (WKI 31534) Applications (including those stored on the device) will be prevented from writing data to removable storage if data control rules use either the “block” or “allow transfer on acceptance by user” actions.
• (WKI 36074) New file creation is blocked on monitored storage devices if data control rules use either the “block” or “allow transfer on acceptance by user” actions.
• Anti-virus and HIPS exclusions will apply to data control in the following situations:
  
  • Application monitoring, that is, any files uploaded or attached via monitored applications will be exempt from scanning if the source location or file name is specified in the Anti-virus and HIPS policy exclusion list.
  • Storage monitoring for non-Windows Explorer transfers, that is, transfers that are automatically blocked if the “allow transfer on acceptance by user” or “block” action is used in a data control rule for storage devices.
• (DEF 40240) Application virtualization and streaming technologies (for example, Microsoft App-V) are not supported in this release.
• (DEF 48035) Alternative file systems, such as AFS (Andrews File System), are not supported in this release.
• (WKI 36996) If a monitored internet browser (for example, Internet Explorer) is used to explore the file system, it may trigger data control scanning as the file system is browsed.
• (WKI 37905) Installation of applications (for example, Internet Explorer or Firefox) from the desktop or “My documents” may be interrupted by data control if the applications are monitored by data control rules.
• (WKI 37907) Installation of Firefox plug-ins (XPI) can be blocked if a data control rule monitors Firefox for the “object code” file type.

Device control

• (SUG 29039) The block network bridging mode will not work in IPV6-only environments.
• (WKI 37908) Devices that use the MTP protocol (Media Transfer Protocol) are not blocked using device control. By default, these devices cannot have data written to them using Windows Explorer.
• Camera devices are not blocked using device control. By default, these devices cannot have data written to them using Windows Explorer.
• (WKI 30431) The “Kingston DataTraveler Vault” hardware-encrypted device is not covered by the “Secure Removable Storage” category within device control. Compared to other hardware-encrypted storage devices, this model uses a different mechanism to expose its encrypted storage partition. Currently this mechanism cannot be automatically detected and exempt.
• (WKI 36186) In the “block bridged” mode it is not possible to generate the “block” events required to exempt Wireless or Modem device types.

Firewall

• (DEF 22335) An allowed application is blocked temporarily by Sophos Client Firewall.

  When a Firewall policy is applied, all application rules are removed and then re-added. During this time, if an application that is allowed by the new policy tries to make an outbound connection, the application is blocked until the new policy is applied completely.

• (CR 18615) In some cases firewall rules are not applied to a running application or service until it is restarted.

  A running application or service is denied network access until after it's restarted even if the firewall configuration has been updated to allow it. This happens when the application was initially blocked because it had been detected as a hidden process, new or modified application, or a process with its memory modified by another application.

Other problems

• (DEF 36019) If Sophos Endpoint Security and Control is not installed on the server running the Enterprise Console management server, endpoint computers show “Unknown” as their up-to-date status. Sophos Endpoint Security and Control must always be installed (although it does not have to be running) on the server running the Enterprise Console management server. Otherwise, Enterprise Console will not be able to manage endpoint computers correctly.
• Computer names must use the standard ASCII 7 format to be valid in Enterprise Console. Computers with names containing accented or non-Roman characters are not recognized.
• (CR 22041 and CR 27529) Computers imported from or synchronized with Active Directory may appear in the console as belonging to a workgroup.

  When Enterprise Console discovers an unmanaged computer that belongs to a workgroup by using the Find on the network option of the Find new computers feature, the console displays the name of the computer's workgroup in the Domain/workgroup field. If the computer is then moved to an Active Directory domain and restarted, and Enterprise Console immediately synchronizes that computer with or imports it from Active Directory, the console will still display the name of the computer's workgroup in the Domain/workgroup field, and not its domain name. You can resolve this problem by making the computer managed, as explained below.

  Protect the computer. The computer now has two entries in Enterprise Console: the original entry, which shows it as part of a workgroup, and a new entry, with the Domain/workgroup set to the name of the Active Directory domain. However, the new entry may appear in the Unassigned group, and have only the default policies applied. If this happens, you need to do as follows:

  If the computer is not a member of a synchronized Active Directory group, move the computer to the appropriate Enterprise Console group.

  Delete the original workgroup entry.

  If the computer is a member of a synchronized Active Directory group, delete the workgroup entry for that computer in Enterprise Console (the computer will be shown in the synchronized group). The next time synchronization takes place, the entry for the managed computer will appear in the correct group, with the correct policies applied. Alternatively, if you can delete the workgroup entry for the computer from Enterprise Console before the computer is found in Active Directory, the computer will appear in the correct group first time.

• Excluding folders from on-access scanning may disable scanning on Windows 95/98 computers.

  When you set an anti-virus policy for a group of computers, you can exclude folders from on-access scanning. This option is not supported on Windows 95/98 computers and may have the effect of disabling on-access scanning on those computers. If you move the Windows 95/98 computers to a group that does not have this option included in its policy, on-access scanning should restart.

• (CR 27212) A link to Sophos Network Communications Report is not available on a computer where Enterprise Console is installed.

Supported operating systems

Supported operating systems are listed on the system requirements page of the Sophos website (http://www.sophos.com/products/all-sysreqs.html).

Hardware requirements

• Processor: 2.0 GHz Pentium or equivalent.
• Memory: There is no minimum memory requirement.
• Disk space: 1.5 GB for complete Enterprise Console installation without SQL Server 2005 Express; 1.8 GB for complete Enterprise Console installation with SQL Server 2005 Express.

  In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows 2000 and later, Mac and Linux - then around 700 MB would be required in the Documents and Settings folder.

If you want to install Sophos Update Manager on a computer other than the one where Enterprise Console is installed, you will need at least:

• Processor: Pentium 4 (or equivalent) 1.0 GHz
• Memory: 512 MB RAM
• Disk space: 50 MB for installation. In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows 2000 and later, Mac and Linux - then around 700 MB would be required in the Documents and Settings folder.

Minimum database size

The computer where you place the database (which may be the same computer as the computer where Enterprise Console is installed or a different one) needs a minimum of 1 GB disk space for data.

Maximum database size

• If you use Microsoft SQL Server 2005 Express Edition, the maximum size that a database can reach is 4 GB.
• If you use Microsoft SQL Server 2005 or 2008, there is no limit apart from that set by the administrator.
• If you use MSDE, the maximum size that a database can reach is 2 GB.

Software requirements

• At least Internet Explorer 5 or later
• MS04-11 security update for Microsoft Windows. For more information and the list of operating systems affected, see Microsoft Knowledge Base Article 835732.

To enable Enterprise Console to communicate with managed workstations, open ports 8192 and 8194 on the computer where the Enterprise Console management server is installed. To enable Sophos Update Manager to download security software from Sophos, open port 80 on the computer where Sophos Update Manager is installed.