Sophos Enterprise Console release notes

Version numbers

Sophos Enterprise Console 4.7.0
Sophos Update Manager for Windows 1.2.1

New in this release

Enhanced system memory scanning

System memory scanning enhancement improves identification and removal of rootkits concealed in system memory. It can also expose any additional malware that was being hidden by the rootkit.

Optimized on-demand scanning

Optimized on-demand scanning reduces the impact that a scan will have on an endpoint computer. When enabled for scheduled scans on Vista and above, the system will intelligently adjust the amount of CPU and disk IO that the scan is allowed to consume based on the active user's interactivity. Should the user not be present, the system will allow the scan to consume more resources in order to complete the scan faster.

Update location roaming

Update location roaming saves often expensive and scarce wide area bandwidth by attempting to configure an endpoint to update from its closest location. It allows roaming endpoints to fetch updates from a share location close to where they are physically located rather than going back to the home location. Endpoints look for other endpoints in the same location that use the same subscription and, if one is found, it then uses that same update location.

Extended tamper protection

Tamper protection has been extended by adding Device Control, Data Leakage Prevention, and Application Control to the tamper protection policy, thus stopping unauthorized users (including local Administrators) from disabling these features.

Sophos Client Firewall version 2.7

This version of Sophos Client Firewall includes rules that can automatically detect the Local Network, which can help to minimize the number of rules required (for example, when controlling NetBIOS traffic).

It also has increased VPN support for IPSec and SSL, and vendors including Cisco, Juniper, Checkpoint, and Microsoft.

Virtualization enhancements

This release includes extended support for Citrix, VMware, and Microsoft virtualization software.

Sophos Enterprise Console version 4.7

This version of Enterprise Console includes a new data control role that can help to address compliance with privacy legislation in various regions.

There are three new columns in Enterprise Console:

Last scan completed Displays a sortable list detailing when a scan was last completed on the endpoint.
Last scan name Displays the name of the last completed scan on the endpoint which has not been available in previous releases.
Last message time Displays a sortable list detailing when a message was received in the console from the endpoint.

System requirements

Supported operating systems and SQL Server versions

For operating system requirements and supported SQL Server versions, see http://www.sophos.com/support/knowledgebase/article/113278.html.

Hardware requirements

  • Processor: 2.0 GHz Pentium or equivalent.
  • Memory: 1 GB RAM for Enterprise Console; 1.5 GB RAM for Enterprise Console and NAC Manager on the same server.
  • Disk space: 1.5 GB for complete Enterprise Console installation without SQL Server 2005 Express; 1.8 GB for complete Enterprise Console installation with SQL Server 2005 Express.

    In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows 2000 and later, Mac and Linux - then around 700 MB would be required in the Documents and Settings folder.

If you want to install Sophos Update Manager on a computer other than the one where Enterprise Console is installed, you will need at least:

  • Processor: Pentium 4 (or equivalent) 1.0 GHz
  • Memory: 512 MB RAM
  • Disk space: 50 MB for installation. In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows 2000 and later, Mac and Linux - then around 700 MB would be required in the Documents and Settings folder.

Minimum database size

The computer where you place the database (which may be the same computer as the computer where Enterprise Console is installed or a different one) needs a minimum of 1 GB disk space for data.

Maximum database size

  • If you use Microsoft SQL Server 2005 Express Edition, the maximum size that a database can reach is 4 GB.
  • If you use Microsoft SQL Server 2005, 2008, or 2008 R2 there is no limit apart from that set by the administrator.

Software requirements

  • At least Internet Explorer 7 or later

To enable Enterprise Console to communicate with managed workstations, open ports 8192 and 8194 on the computer where the Enterprise Console management server is installed. To enable Sophos Update Manager to download security software from Sophos, open port 80 on the computer where Sophos Update Manager is installed.

Installation and upgrading

If you are upgrading from an earlier version of Enterprise Console, use the Upgrade Advisor tool. It will detect your current system settings and provide a personalized set of upgrade instructions.

Go to the Upgrade Center at http://www.sophos.com/support/upgrades/ and follow the instructions for downloading and running the Upgrade Advisor tool.

Known issues

Installation

  • (WKI 65133) Windows installer returns error 1618 after SUM self-update error (error 4294967295). This happens when the SUM self-update runs and VCRedist or another installation is running at the same time and taking a long time to complete. Workaround: Wait for the installation to finish and try again.
  • (DEF 58819) Enterprise Console installs Microsoft .NET Framework 3.5 Service Pack 1 as a prerequisite, because of which you may experience issues with components related to Exchange Web services including the following:
    • Outlook Web Access
    • Office Communications Server integration
    • Outlook Address Book
    • Out of Office notifications
    To resolve these issues, install the update for .NET Framework provided in Microsoft Knowledge Base article 959209 (http://support.microsoft.com/kb/959209).
  • (DEF 57377) On a custom install when opting to create the database impersonation account, the installation wizard suggests that the created account can be added to a group of your choice by entering that group name. If you enter a group, the newly-created account will not be added to the group; however, this should not prevent Enterprise Console from functioning.
  • (DEF 56630) If an Internet connection is present, the included Microsoft .NET 3.5 SP1 installer will download the latest .NET installer, even if unnecessary. This can take a long time. Workaround: disable internet access during installation.
  • (DEF56407) Distributed Installation: Sophos Management service doesn't start after the required log off/log back on if database instance is present without the appropriate network protocols enabled.

    For distributed installations of Sophos Enterprise Console (with SQL Server on a different server) the Sophos Management Service may not start (after the required log off/log back on) if the 'SOPHOS' database instance was created by PureMessage for Microsoft Exchange, or if the chosen SQL Server instance has TCP/IP protocol disabled.

    To work around this problem, do the following.

    • When installing Sophos Enterprise Console and PureMessage together, you must first install Sophos Enterprise Console.
    • If PureMessage for Exchange is already present, or if you are using a SQL Server 2005/2008 database on a different server (a remote database) and the defect occurs, use the SQL Server Configuration Manager to enable the TCP/IP protocol for the database instance and also start the SQL Server Browser service.
  • (DEF 50935) Installing SQL Server Express 2008 SP1 on Windows 7 or Windows 2008 R2 as part of Sophos Enterprise Console installation may fail, showing "InstallShield Wizard Interrupted" and error "Microsoft SQL Server 2008 Express Edition installation failed. Re-run Sophos Enterprise Console setup when this error has been rectified." This is a SQL Server Express 2008 bug.

    To work around this problem, re-attempt installation of Enterprise Console. For more information, see http://www.sophos.com/support/knowledgebase/article/110615.html.

Upgrading

  • (DEF 69133) After upgrading Sophos Endpoint Security and Control on endpoint computers from version 9.5 to version 9.7, the console may show the computers as differing from policy even if they are compliant. This happens if Allow location roaming is selected in the Updating policy, and/or Scan system memory is selected in the Anti-virus and HIPS policy when these policies are being applied to the endpoints during the upgrade.

    To work around this issue, do either of the following:

    • Before applying new policies to endpoint computers, ensure that Allow location roaming in the Updating policy and Scan system memory in the Anti-virus and HIPS policy are not selected. After the computers have been upgraded to Sophos Endpoint Security and Control 9.7, select the options, if you wish to, and make the computers comply with the updated policies.
    • Without changing any policy settings, upgrade endpoint computers to Sophos Endpoint Security and Control 9.7. After the upgrade, some of them may show the “Differs from policy” status in the console computer list. Select those computers, right-click, select Comply with, and click Group Updating Policy. Similarly, make the computers comply with the Group Anti-virus and HIPS Policy.
  • (WKI 65337) When using multiple subscriptions containing the same product, upgrading SUM may result in does not match in configuration settings. Selecting Comply with Configuration will resolve the issue.
  • (DEF 60930) After upgrading to Enterprise Console 4.7, if you had a SUM which was set to update to a fixed version of SUM, it will still show as being set to a fixed version, but will actually update to SUM 1.2.1 (for Enterprise Console 4.7).
  • (DEF 57865) Upgrading from EM Library to SUM (Sophos Update Manager) migration can fail if the CID uses blank credentials.

    Workaround: Set non-null credentials for CID access before upgrading.

Downgrading

  • (DEF 57375) Sophos Agent and Message Router services stop running after a managed Enterprise Console computer is downgraded.

    Workaround: manually restart the Sophos Agent and Sophos Message Router services.

General

  • (DEF 69950) If you uninstall Sophos TDL3 Rootkit Cleanup Tool version 1.1 on a computer with Sophos Endpoint Security and Control 9.7 installed, Sophos Anti-Virus will fail to perform a system memory scan reporting the following error: “Scanning ‘Memory’ returned SAV Interface error 0xa0040202: Scan failed.”

    This issue does not arise if you use Sophos TDL3 Rootkit Cleanup Tool version 1.2, the latest version available for downloading from the Sophos website.

    To work around this issue, remove any installations of Sophos TDL3 Rootkit Cleanup Tool 1.1 prior to upgrading your existing version of Sophos Endpoint Security and Control or installing Sophos Endpoint Security and Control 9.7 for the first time. Do not install Sophos TDL3 Rootkit Cleanup Tool 1.1 on computers running Sophos Endpoint Security and Control 9. Use Sophos TDL3 Rootkit Cleanup Tool 1.2 instead.

    If you have encountered this issue, see http://www.sophos.com/support/knowledgebase/article/113403.html.

  • (DEF 61278) Default distribution share reserved name SophosUpdate

    When creating an Update Manager distribution, you cannot reference new shares named SophosUpdate because "SophosUpdate" is now a reserved share name used for the default share.

    Workaround: When creating new shares, use other names such as "Update".

    In updating policies, when you are selecting a primary or secondary update location, the drop-down list shows the default share paths only in NetBIOS format, for example \\Server\SophosUpdate, although you may need to use the Fully-Qualified Domain Name form, for example \\server.de.acme\SophosUpdate.

    Workaround: Type the FQDN path into the server location update path field.

  • (DEF 58871, DEF 58872) When discovering computers or synchronizing to Active Directory, Enterprise Console may fail to differentiate between multiple computers with the same name, and may switch them between groups alternately. This situation may arise where identically-named computers are situated on different domains or sub-domains.

    To work around this problem, do one of the following.

    • Ensure that Sophos RMS (Remote Management System) is installed and running on all identically-named computers before attempting to find them from Enterprise Console.

      Do not synchronize any Active Directory groups that contain machines which have identically-named computers; Manage the computers manually.

    • Eliminate duplicate computer names on your network.

Data control

  • (DEF 48035) Alternative file systems, such as AFS (Andrews File System), are not supported in this release.
  • (WKI 36074) New file creation is blocked on monitored storage devices if data control rules use either the “block" or “allow transfer on acceptance by user" actions.
  • (DEF 29635) Files transferred via the FTP protocol within Internet Explorer will not be scanned.

Device control

  • Camera devices are not blocked using device control. By default, these devices cannot have data written to them using Windows Explorer.

Sophos Client Firewall

  • (DEF 22335) An allowed application is blocked temporarily by Sophos Client Firewall.

    When a Firewall policy is applied, all application rules are removed and then re-added. During this time, if an application that is allowed by the new policy tries to make an outbound connection, the application is blocked until the new policy is applied completely.

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2011 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.