Sophos Enterprise Console release notes

Version numbers

Sophos Enterprise Console 4.5.1
Sophos Update Manager for Windows 1.1.1

About Sophos Enterprise Console and Sophos Update Manager

Sophos Enterprise Console is the management console for our range of Enterprise products. It can be used to install Sophos endpoint security software remotely, and to configure, monitor, manage, and report on Sophos enterprise endpoint products running on Windows, Mac OS X, Linux, and UNIX computers. For more information about Enterprise Console, see Sophos Enterprise Console Help.

Sophos Update Manager enables automatic updating of Sophos security software from Sophos over the Internet. It allows for deployment across a wide area network with multiple updating locations. Update Manager is installed with and managed from Sophos Enterprise Console. For more information about Update Manager, see Sophos Enterprise Console Help.

For information on installing Enterprise Console for the first time, see the Sophos Enterprise Console quick startup guide or Enterprise Console advanced startup guide, depending on your network configuration.

For information on upgrading, see the Sophos Endpoint Security and Control quick upgrade guide or Sophos Endpoint Security and Control advanced upgrade guide, depending on your network configuration.

For advice on best practices for using and managing Sophos security software, see the Sophos Endpoint Security and Control policy setup guide.

Sophos documentation is published at www.sophos.com/support/docs.

New in this version

  • Web protection

    Web Protection is a new feature that protects the endpoint from web-hosted threats (i.e. infected web pages). This is similar to web-hosted protection via the Sophos web appliance but has been developed to protect users when they are not on the company network. There is no specific interaction between the web appliance and this endpoint security feature.

  • Sophos Live Protection

    Live Protection incorporates in-the-cloud technology into Sophos Anti-Virus. With Live Protection turned on, if Sophos Anti-Virus identifies a file as suspicious, certain characteristics of the file are sent to Sophos to assist with further analysis. The in-the-cloud checking performs an instant lookup of the file in the SophosLabs database. If the file is identified as clean or malicious, the decision is sent back to the computer and the status of the file is automatically updated.

    There is also an option to automatically submit samples of suspicious files to Sophos. This provides the Sophos user community with higher levels of protection by enhancing the SophosLabs database.

  • Tamper protection

    Tamper protection policy enables you to prevent unauthorized users (local Administrators with limited technical knowledge) and known threats from reconfiguring, uninstalling, or disabling Sophos security software.

  • Sophos Client Firewall version 2.5

    This version supports 64-bit platforms. In addition, LAN settings can be bypassed for NetBIOS traffic. This allows more granular control of NetBIOS, including unidirectional support, via Global rules.

  • The system requirements for Enterprise Console have changed. For details, see www.sophos.com/products/enterprise/endpoint/security-and-control/management/sysreqs.html
  • Defects fixed:
    • More than 63 distributions for a given subscription will cause Enterprise Console to crash.
    • After adding a Sophos Update Manager server an error occurs while editing the update policy if there are more than 63 distributions for a given subscription.
    • After installing or upgrading to Enterprise Console 4.5, a duplicate endpoint appears if you delete a managed endpoint that is a member of a Active Directory synchronized group. Deleting the new un-managed entry results in it appearing again when the next synchronization occurs.
    • ExportPrivateStore.exe cannot export the synchronization settings to xml on 64-bit platforms.

Known problems

The list below includes problems known at the time of release. For an up-to-date list, including problems found after release, see http://www.sophos.com/support/knowledgebase/article/111297.html.

Installation

  • (DEF 60191) Installing Enterprise Console to a path containing accented characters results in the console dashboard status indicators not displaying correctly. Workaround: install to a path containing only standard US-ASCII characters.
  • (WKI 59904) Enterprise Console will not install if only Microsoft .NET 4 is present. .NET 4 replaces .NET 3.5, but does not include some necessary components. Workaround: Install .NET 3.5 SP1 from the Enterprise Console installer prerequisites folder.
  • (DEF 59111) Windows Event Viewer may show many errors from MSSQL$SOPHOS. These are spurious, generated by the Microsoft SQL Server 2008 Express installer, and may safely be ignored.
  • (DEF 58819) Enterprise Console installs Microsoft .NET Framework 3.5 Service Pack 1 as a prerequisite, because of which you may experience issues with components related to Exchange Web services including:
    • Outlook Web Access,
    • Office Communications Server integration,
    • Outlook Address Book,
    • Out of Office notifications.

    To resolve these issues, install the update for .NET Framework provided in Microsoft Knowledge Base article 959209 (http://support.microsoft.com/kb/959209).

  • (DEF 57377) On a custom install when opting to create the database impersonation account, the installation wizard suggests that the created account can be added to a group of your choice by entering that group name. If you enter a group, the newly-created account will not be added to the group; however, this should not prevent Enterprise Console from functioning.

  • (DEF56835 and DEF56836)

    When using a custom install, if you select the “Use an existing user” option to connect to the database, the username is erroneously saved in the registry as SophosUpdateMgr. This prevents the management service from connecting to the database. The symptoms are that a Connection Failure message is displayed when starting the console.

    Workaround:

    On the computer hosting the management service:
    • In the registry, Navigate to HKLM\Software\Sophos\EE\ Management Tools\DatabaseUser
    • Correct the DatabaseUsername and DatabaseUserDomain values.
      Note: DatabaseUserPassword is correct and should not be changed as it is encrypted.
    On the computer hosting the database:
    • Add the user to the Sophos DB Admin group.
  • (DEF 56630) If an Internet connection is present, the included Microsoft .NET 3.5 SP1 installer will download the latest .NET installer, even if unnecessary. This can take a long time. Workaround: disable internet access during installation.

  • (DEF56407) Distributed Installation: Sophos Management service doesn't start after the required log off/log back on if database instance is present without the appropriate network protocols enabled.

    For distributed installations of Sophos Enterprise Console (with SQL Server on a different server) the Sophos Management Service may not start (after the required log off/log back on) if the 'SOPHOS' database instance was created by PureMessage for Microsoft Exchange, or if the chosen SQL Server instance has TCP/IP protocol disabled.

    Workaround:
    • When installing Sophos Enterprise Console and PureMessage together, you must first install Sophos Enterprise Console.
    • If PureMessage for Exchange is already present, or if you are using a SQL Server 2005/2008 database on a different server (a remote database) and the defect occurs, use the SQL Server Configuration Manager to enable the TCP/IP protocol for the database instance and also start the SQL Server Browser service.

  • (WKI 53802) pre-requisite .NET 3.5 not installing on Windows 2008 R2

    When running the installer on Windows 2008 R2, the pre-requisite installer cannot install for .NET 3.5. Running the installer directly fails for the same reason. On Windows 2008 R2 the .NET 3.5 is a feature that has to be activated, not an application that can be automatically installed.

  • (WKI 51823, 52363) Microsoft SQL Server 2008 is incompatible with Windows 2003 Server SP1 and Windows Essential Business Server 2008. Workaround: Before installing Enterprise Console, install Microsoft SQL Server 2005 (Express); When installing Enterprise Console, choose Custom install and deselect SQL Server 2008.
  • (DEF 50935) Installing SQL Server Express 2008 SP1 on Windows 7 or Windows 2008 R2 as part of Sophos Enterprise Console installation may fail, showing "InstallShield Wizard Interrupted" and error "Microsoft SQL Server 2008 Express Edition installation failed. Re-run Sophos Enterprise Console setup when this error has been rectified." This is a SQL Server Express 2008 bug. Workaround: re-attempt installation of Enterprise Console.

Upgrading

  • (DEF 61237) Spurious firewall dialog/alert. When endpoints are upgraded to Sophos Endpoint Security and Control version 9.5, Sophos Client Firewall may generate an alert dialog or an Enterprise Console alert (depending on firewall policy) requesting network access for process SAVPROXY.EXE launched by ALMON.EXE, both within the %ProgramFiles%/SOPHOS/... folder. Workaround: Allow all hidden processes launched by ALMON to access the network and reboot any affected endpoints. The alert will not re-occur.
  • (DEF 60930) After upgrading from Enterprise Console 4.0 to 4.5, if you had a SUM which was set to update to a fixed version of SUM, it will still show as being set to a fixed version, but will actually update to SUM 1.1.1 (for Enterprise Console 4.5).
  • (DEF 57865) Upgrading from EM Library to SUM (Sophos Update Manager) migration can fail if the CID uses blank credentials.

    Workaround: Set non-null credentials for CID access before upgrading.

Downgrading

  • (DEF 57375) Sophos Agent and Message Router services stop running after a managed Enterprise Console computer is downgraded. Workaround: manually restart the Sophos Agent and Sophos Message Router services.

General

  • (DEF 61278) Default distribution share reserved name SophosUpdate

    When creating an Update Manager distribution, you cannot reference new shares named SophosUpdate because "SophosUpdate" is now a reserved share name used for the default share.

    Workaround: When creating new shares, use other names such as "Update".

    In updating policies, when you are selecting a primary or secondary update location, the dropdown list shows the default share paths only in NetBIOS format, for example \\Server\SophosUpdate, although you may need to use the Fully-Qualified Domain Name form, for example \\server.de.acme\SophosUpdate.

    Workaround: Type the FQDN path into the server location update path field.

  • (DEF 52458) Where an installation contains multiple SUMs that update directly from Sophos, when setting up a new subscription or editing an existing subscription, the list of available software versions may not immediately contain the latest information. The delay is due to uncertainty about which is the authoritative/master SUM. The delay length is related to SUM update period and number of SUMs updating from Sophos.

    Workaround:

    either

    • On the management server, open %ProgramFiles%\Sophos\Enterprise Console\Objects.xml in a text editor and find the text

      <object name="ServerDataMonitor type="Sophos.Management.Services.Sddma.ServerDataMonitor, Sophos.Management.Services.Sddma" singleton="false">

      Change "false" to "true" and save. Restart the Sophos Management service.

      or

    • Manually define one SUM as being authoritative, as described in Knowledgebase article 57638, at www.sophos.com/support/knowledgebase/article/57638.html.
  • (WKI 60947) SUM displayed 'Time of last binary update' and 'Time of last protection data update' always contain the same value (the most recent update of either).
  • (DEF 60177) Web protection events generate log messages with obscure reference IDs. For example: "Blocked web request to "www.example.com" for user PC123\Joe. 'Mal/HTMLGen-A' has been found at this website, reference ID 19." There is currently no accessible key for these ID numbers.
  • (DEF 59336) Enterprise Console crashes when editing a newly-created UNC or HTTP path.

    If you open the Configure update manager dialog then the Source tab and add a UNC or HTTP share path, click OK, then immediately try to edit the path, Enterprise Console will crash.

    Workaround: After entering the share path and clicking OK, ignore the error message, close the Configure Update Manager dialogue by clicking OK then reopen the Configure Update Manager dialog to edit if necessary.

  • (DEF 58871, DEF 58872) When discovering computers or synchronizing to Active Directory, Enterprise Console may fail to differentiate between multiple computers with the same name, and may switch them between groups alternately. This situation may arise where identically-named computers are situated on different domains or sub-domains.
    Workaround: Either
    • Ensure that Sophos RMS (Remote Management Service) is installed and running on all identically-named computers before attempting to find them from Enterprise Console.

      Do not synchronize any Active Directory groups that contain machines which have identically-named computers; Manage the computers manually.

    • Eliminate duplicate computer names on your network.

Data control

  • (DEF 48035) Alternative file systems, such as AFS (Andrews File System), are not supported in this release.
  • (WKI 36074) New file creation is blocked on monitored storage devices if data control rules use either the “block" or “allow transfer on acceptance by user" actions.
  • (DEF 29635) Files transferred via the FTP protocol within Internet Explorer will not be scanned.

Device control

  • Camera devices are not blocked using device control. By default, these devices cannot have data written to them using Windows Explorer.
  • (WKI 30431) The “Kingston DataTraveler Vault" hardware-encrypted device is not covered by the “Secure Removable Storage" category within device control. Compared to other hardware-encrypted storage devices, this model uses a different mechanism to expose its encrypted storage partition. Currently this mechanism cannot be automatically detected and exempt.

Sophos Client Firewall

  • (DEF 22335) An allowed application is blocked temporarily by Sophos Client Firewall.

    When a Firewall policy is applied, all application rules are removed and then re-added. During this time, if an application that is allowed by the new policy tries to make an outbound connection, the application is blocked until the new policy is applied completely.

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2010 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

ConvertUTF

Copyright 2001–2004 Unicode, Inc.

This source code is provided as is by Unicode, Inc. No claims are made as to fitness for any particular purpose. No warranties of any kind are expressed or implied. The recipient agrees to determine applicability of information provided. If this file has been purchased on magnetic or optical media from Unicode, Inc., the sole remedy for any claim will be exchange of defective media within 90 days of receipt.

Unicode, Inc. hereby grants the right to freely use the information supplied in this file in the creation of products supporting the Unicode Standard, and to make copies of this file in any form for internal or external distribution as long as this notice remains attached.