Full Disk Encryption protects data on endpoint computers from being read or changed by unauthorized persons. Volumes on disks are encrypted transparently. Users do not need to decide what data is to be encrypted. Encryption and decryption are performed in the background.
For full information on how to configure and use the Full Disk Encryption functionality, see the Sophos Enterprise Console Help.
Support for direct upgrade from the Small Business management console (Sophos Control Center) to Sophos Enterprise Console 5.1. This addresses requirements where Small Business customers upgrade their existing license to new license options including SAV Business and Endpoint Protection Business.
For more information about license options, see http://www.sophos.com/en-us/products/complete/comparison.aspx.
For information about upgrading to Sophos Enterprise Console 5.1, visit the Small Business Upgrade Center at http://www.sophos.com/en-us/support/resource-centers/small-business/upgrade-center.aspx.
Patch Assessment now:
For information about how to configure and use the Patch Assessment functionality, see the Sophos Enterprise Console Help. For a list of frequently asked questions and answers, including the list of applications currently supported by Patch Assessment, see http://www.sophos.com/support/knowledgebase/article/114162.html.
Deployment of Sophos Endpoint Security and Control on endpoint computers running more recent Microsoft operating systems, including Windows 7, has been enhanced. Messaging in the Protect Computers Wizard has been amended to assist with information on environment preparation for the client.
For detailed requirements for deployment on Windows 7 and other versions of Windows, see the following Sophos support knowledgebase articles:
Sophos Reporting Interface External Interface is now installed along with Enterprise Console. This is the supported method of accessing data in the Enterprise Console database for richer reporting. This makes it possible to use third-party reporting tools (for example, Crystal Reports or SQL Server Reporting Services) with Sophos Reporting Interface out of the box.
Please note that Log Writer still needs to be installed separately. Existing installations of Log Writer will continue to function as usual.
During an upgrade from Sophos Enterprise Console 4.x or Sophos Control Center 4.x, you will be asked to enter a database account. For more information, see http://www.sophos.com/support/knowledgebase/article/113954.html.
The database backup and restore tool, DataBackupRestore.exe, which is provided as part of the Enterprise Console installation, allows you to back up and restore the three Enterprise Console databases - SOPHOS51, SOPHOSPATCH51, and SOPHOSENC51. For instructions about using the tool, see http://www.sophos.com/support/knowledgebase/article/114299.html.
It is now possible to copy information from the Groups Using This Policy dialog box to the Clipboard. To do this, open the dialog box by right-clicking the policy for which you want to view the information, and then clicking View Groups Using Policy. Select the entries you want to copy and press CTRL+C to copy them to the Clipboard.
For more information about the new features, see the Sophos Enterprise Console Help.
For operating system requirements and supported SQL Server versions, see http://www.sophos.com/support/knowledgebase/article/113278.html.
In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows 2000 and later, Mac and Linux - then around 700 MB would be required.
If you want to install Sophos Update Manager on a computer other than the one where Enterprise Console is installed, you will need at least:
Minimum database size
The computer where you place the database (which may be the same computer as the computer where Enterprise Console is installed or a different one) needs a minimum of 1 GB disk space for data.
Maximum database size
To enable Enterprise Console to communicate with managed workstations, open TCP ports 8192 and 8194 on the computer where the Enterprise Console management server is installed. To enable Sophos Update Manager to download security software from Sophos, open HTTP port 80 on the computer where Sophos Update Manager is installed.
Managed endpoints running the Sophos Patch Agent to communicate with the management server.
An Enterprise Console installation (local or remote to the management server) to communicate with the Web Control, Patch, and Encryption server-side components.
This section lists issues fixed since the release of Sophos Enterprise Console 5.0.
For distributed installations of Sophos Enterprise Console (with SQL Server on a different server) the Sophos Management Service may not start if the "SOPHOS" database instance was created by PureMessage for Microsoft Exchange, or if the chosen SQL Server instance has TCP/IP protocol disabled.
To work around this problem, do the following.
To work around this issue, do either of the following:
DECLARE @user_name NVARCHAR(128);
For more information about issues with upgrading to Enterprise Console 5.1, see http://www.sophos.com/support/knowledgebase/article/114627.html.
When creating an Update Manager distribution, you cannot reference new shares named SophosUpdate because "SophosUpdate" is now a reserved share name used for the default share.
Workaround: When creating new shares, use other names such as "Update".
In updating policies, when you are selecting a primary or secondary update location, the drop-down list shows the default share paths only in NetBIOS format, for example \\Server\SophosUpdate, although you may need to use the Fully-Qualified Domain Name form, for example \\server.de.acme\SophosUpdate.
Workaround: Type the FQDN path into the server location update path field.
To work around this problem, do one of the following.
Do not synchronize any Active Directory groups that contain machines which have identically-named computers; Manage the computers manually.
When a Firewall policy is applied, all application rules are removed and then re-added. During this time, if an application that is allowed by the new policy tries to make an outbound connection, the application is blocked until the new policy is applied completely.
If an endpoint registers with an SWA (SWA1), then with a different SWA (SWA2), and then returns to SWA1, it does not re-register. Its cloud URL remains as if it was registered with SWA2. Inside the user's organization it would communicate with SWA1 and outside the organization it would communicate through the cloud with SWA2.
For release notes for managed endpoint software, follow these links:
For information about new features in Sophos Enterprise Console 5.0, see the Sophos Enterprise Console 5.0 release notes (http://downloads.sophos.com/readmes/sec_50_rneng.html).
You can find technical support for Sophos products in any of these ways:
Copyright © 2012 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.