Sophos Enterprise Console is the management console for our range of Enterprise products. It can be used to install Sophos endpoint security software remotely, and to configure, monitor, manage, and report on Sophos enterprise endpoint products running on Windows, Mac OS X, Linux, and UNIX computers. For more information about Enterprise Console, see Sophos Enterprise Console Help.
Sophos Update Manager enables automatic updating of Sophos security software from Sophos over the Internet. It allows for deployment across a wide area network with multiple updating locations. Update Manager is installed with and managed from Sophos Enterprise Console. For more information about Update Manager, see Sophos Enterprise Console Help.
For information on installing Enterprise Console for the first time, see the Sophos Enterprise Console quick startup guide or Enterprise Console advanced startup guide, depending on your network configuration.
For information on upgrading, see the Sophos Endpoint Security and Control quick upgrade guide or Sophos Endpoint Security and Control advanced upgrade guide, depending on your network configuration.
For advice on best practices for using and managing Sophos security software, see the Sophos Endpoint Security and Control policy setup guide.
Sophos documentation is published at www.sophos.com/support/docs.
Web Protection is a new feature that protects the endpoint from web-hosted threats (i.e. infected web pages). This is similar to web-hosted protection via the Sophos web appliance but has been developed to protect users when they are not on the company network. There is no specific interaction between the web appliance and this endpoint security feature.
Sophos Live Protection
Live Protection incorporates in-the-cloud technology into Sophos Anti-Virus. With Live Protection turned on, if Sophos Anti-Virus identifies a file as suspicious, certain characteristics of the file are sent to Sophos to assist with further analysis. The in-the-cloud checking performs an instant lookup of the file in the SophosLabs database. If the file is identified as clean or malicious, the decision is sent back to the computer and the status of the file is automatically updated.
There is also an option to automatically submit samples of suspicious files to Sophos. This provides the Sophos user community with higher levels of protection by enhancing the SophosLabs database.
Tamper protection policy enables you to prevent unauthorized users (local Administrators with limited technical knowledge) and known threats from reconfiguring, uninstalling, or disabling Sophos security software.
Sophos Client Firewall version 2.5
This version supports 64-bit platforms. In addition, LAN settings can be bypassed for NetBIOS traffic. This allows more granular control of NetBIOS, including unidirectional support, via Global rules.
The list below includes problems known at the time of release. For an up-to-date list, including problems found after release, see http://www.sophos.com/support/knowledgebase/article/111297.html.
To resolve these issues, install the update for .NET Framework provided in Microsoft Knowledge Base article 959209 (http://support.microsoft.com/kb/959209).
(DEF56835 and DEF56836)
When using a custom install, if you select the “Use an existing user” option to connect to the database, the username is erroneously saved in the registry as SophosUpdateMgr. This prevents the management service from connecting to the database. The symptoms are that a Connection Failure message is displayed when starting the console.
(DEF56407) Distributed Installation: Sophos Management service doesn't start after the required log off/log back on if database instance is present without the appropriate network protocols enabled.
For distributed installations of Sophos Enterprise Console (with SQL Server on a different server) the Sophos Management Service may not start (after the required log off/log back on) if the 'SOPHOS' database instance was created by PureMessage for Microsoft Exchange, or if the chosen SQL Server instance has TCP/IP protocol disabled.
(WKI 53802) pre-requisite .NET 3.5 not installing on Windows 2008 R2
When running the installer on Windows 2008 R2, the pre-requisite installer cannot install for .NET 3.5. Running the installer directly fails for the same reason. On Windows 2008 R2 the .NET 3.5 is a feature that has to be activated, not an application that can be automatically installed.
Workaround: Set non-null credentials for CID access before upgrading.
(DEF 61278) Default distribution share reserved name SophosUpdate
When creating an Update Manager distribution, you cannot reference new shares named SophosUpdate because "SophosUpdate" is now a reserved share name used for the default share.
Workaround: When creating new shares, use other names such as "Update".
In updating policies, when you are selecting a primary or secondary update location, the dropdown list shows the default share paths only in NetBIOS format, for example \\Server\SophosUpdate, although you may need to use the Fully-Qualified Domain Name form, for example \\server.de.acme\SophosUpdate.
Workaround: Type the FQDN path into the server location update path field.
(DEF 52458) Where an installation contains multiple SUMs that update directly from Sophos, when setting up a new subscription or editing an existing subscription, the list of available software versions may not immediately contain the latest information. The delay is due to uncertainty about which is the authoritative/master SUM. The delay length is related to SUM update period and number of SUMs updating from Sophos.
On the management server, open %ProgramFiles%\Sophos\Enterprise Console\Objects.xml in a text editor and find the text
<object name="ServerDataMonitor type="Sophos.Management.Services.Sddma.ServerDataMonitor, Sophos.Management.Services.Sddma" singleton="false">
Change "false" to "true" and save. Restart the Sophos Management service.
If you open the Configure update manager dialog then the Source tab and add a UNC or HTTP share path, click OK, then immediately try to edit the path, Enterprise Console will crash.
Workaround: After entering the share path and clicking OK, ignore the error message, close the Configure Update Manager dialogue by clicking OK then reopen the Configure Update Manager dialog to edit if necessary.
Do not synchronize any Active Directory groups that contain machines which have identically-named computers; Manage the computers manually.
When a Firewall policy is applied, all application rules are removed and then re-added. During this time, if an application that is allowed by the new policy tries to make an outbound connection, the application is blocked until the new policy is applied completely.
You can find technical support for Sophos products in any of these ways:
Copyright © 2010 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
Copyright 2001–2004 Unicode, Inc.
This source code is provided as is by Unicode, Inc. No claims are made as to fitness for any particular purpose. No warranties of any kind are expressed or implied. The recipient agrees to determine applicability of information provided. If this file has been purchased on magnetic or optical media from Unicode, Inc., the sole remedy for any claim will be exchange of defective media within 90 days of receipt.
Unicode, Inc. hereby grants the right to freely use the information supplied in this file in the creation of products supporting the Unicode Standard, and to make copies of this file in any form for internal or external distribution as long as this notice remains attached.