System memory scanning enhancement improves identification and removal of rootkits concealed in system memory. It can also expose any additional malware that was being hidden by the rootkit.
Optimized on-demand scanning reduces the impact that a scan will have on an endpoint computer. When enabled for scheduled scans on Vista and above, the system will intelligently adjust the amount of CPU and disk IO that the scan is allowed to consume based on the active user's interactivity. Should the user not be present, the system will allow the scan to consume more resources in order to complete the scan faster.
Update location roaming saves often expensive and scarce wide area bandwidth by attempting to configure an endpoint to update from its closest location. It allows roaming endpoints to fetch updates from a share location close to where they are physically located rather than going back to the home location. Endpoints look for other endpoints in the same location that use the same subscription and, if one is found, it then uses that same update location.
Tamper protection has been extended by adding Device Control, Data Leakage Prevention, and Application Control to the tamper protection policy, thus stopping unauthorized users (including local Administrators) from disabling these features.
This version of Sophos Client Firewall includes rules that can automatically detect the Local Network, which can help to minimize the number of rules required (for example, when controlling NetBIOS traffic).
It also has increased VPN support for IPSec and SSL, and vendors including Cisco, Juniper, Checkpoint, and Microsoft.
This release includes extended support for Citrix, VMware, and Microsoft virtualization software.
This version of Enterprise Console includes a new data control role that can help to address compliance with privacy legislation in various regions.
There are three new columns in Enterprise Console:
|Last scan completed||Displays a sortable list detailing when a scan was last completed on the endpoint.|
|Last scan name||Displays the name of the last completed scan on the endpoint which has not been available in previous releases.|
|Last message time||Displays a sortable list detailing when a message was received in the console from the endpoint.|
For operating system requirements and supported SQL Server versions, see http://www.sophos.com/support/knowledgebase/article/113278.html.
In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows 2000 and later, Mac and Linux - then around 700 MB would be required in the Documents and Settings folder.
If you want to install Sophos Update Manager on a computer other than the one where Enterprise Console is installed, you will need at least:
Minimum database size
The computer where you place the database (which may be the same computer as the computer where Enterprise Console is installed or a different one) needs a minimum of 1 GB disk space for data.
Maximum database size
To enable Enterprise Console to communicate with managed workstations, open ports 8192 and 8194 on the computer where the Enterprise Console management server is installed. To enable Sophos Update Manager to download security software from Sophos, open port 80 on the computer where Sophos Update Manager is installed.
If you are upgrading from an earlier version of Enterprise Console, use the Upgrade Advisor tool. It will detect your current system settings and provide a personalized set of upgrade instructions.
Go to the Upgrade Center at http://www.sophos.com/support/upgrades/ and follow the instructions for downloading and running the Upgrade Advisor tool.
For distributed installations of Sophos Enterprise Console (with SQL Server on a different server) the Sophos Management Service may not start (after the required log off/log back on) if the 'SOPHOS' database instance was created by PureMessage for Microsoft Exchange, or if the chosen SQL Server instance has TCP/IP protocol disabled.
To work around this problem, do the following.
To work around this problem, re-attempt installation of Enterprise Console. For more information, see http://www.sophos.com/support/knowledgebase/article/110615.html.
To work around this issue, do either of the following:
Workaround: Set non-null credentials for CID access before upgrading.
This issue does not arise if you use Sophos TDL3 Rootkit Cleanup Tool version 1.2, the latest version available for downloading from the Sophos website.
To work around this issue, remove any installations of Sophos TDL3 Rootkit Cleanup Tool 1.1 prior to upgrading your existing version of Sophos Endpoint Security and Control or installing Sophos Endpoint Security and Control 9.7 for the first time. Do not install Sophos TDL3 Rootkit Cleanup Tool 1.1 on computers running Sophos Endpoint Security and Control 9. Use Sophos TDL3 Rootkit Cleanup Tool 1.2 instead.
If you have encountered this issue, see http://www.sophos.com/support/knowledgebase/article/113403.html.
When creating an Update Manager distribution, you cannot reference new shares named SophosUpdate because "SophosUpdate" is now a reserved share name used for the default share.
Workaround: When creating new shares, use other names such as "Update".
In updating policies, when you are selecting a primary or secondary update location, the drop-down list shows the default share paths only in NetBIOS format, for example \\Server\SophosUpdate, although you may need to use the Fully-Qualified Domain Name form, for example \\server.de.acme\SophosUpdate.
Workaround: Type the FQDN path into the server location update path field.
To work around this problem, do one of the following.
Do not synchronize any Active Directory groups that contain machines which have identically-named computers; Manage the computers manually.
When a Firewall policy is applied, all application rules are removed and then re-added. During this time, if an application that is allowed by the new policy tries to make an outbound connection, the application is blocked until the new policy is applied completely.
You can find technical support for Sophos products in any of these ways:
Copyright © 2011 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.