Endpoint

Sophos Enterprise Console 5.3.0 release notes

April 2015

What's new

New features

  • Malicious traffic detection

    Sophos Enterprise Console now supports malicious traffic detection, a feature that detects communications between endpoint computers and command and control servers involved in botnet or other malware attacks.

    Note: Malicious traffic detection is currently supported only on Windows 7 and later non-server operating systems and is first available in Endpoint Security and Control 10.6.0.

    For more information about malicious traffic detection, see knowledgebase article 121607.

  • Support for Microsoft .NET Framework 4.5.2.

Fixed issues

  • (ONPREM-31) The Update Manager Software Subscription dialog does not show details of any subscription package other than the Windows one.
  • (ONPREM-33) Sophos Enterprise Console 5.2.1 R2 Management Service crashes when discovering computers by IP address.
  • (ONPREM-34) The Device Control dialogs need to show the device model ID, to show which exact device models are or can be excluded from Device Control.
  • (ONPREM-116) DataBackupRestore.exe issue when restoring the SophosEnc database during migration.
  • (ONPREM-173) When optional trace logging used for troubleshooting the Auditing functionality is enabled, Enterprise Console crashes when creating or duplicating a policy.
  • (ONPREM-189) Remote console crashes due to the "Unrecognized alert threat status" error.
  • (ONPREM-199) Enterprise Console opens links in Internet Explorer instead of using the system's default browser.

Other changes

Product retirements

  • Please note that Sophos Control Center is retired. It is not possible to upgrade directly to Sophos Enterprise Console 5.3.0 from Sophos Control Center. For more information, see Upgrading to Enterprise Console 5.3.0.
  • Please note that Sophos Enterprise Console 4.5, 4.7 and 5.0 are retired, and Sophos Enterprise Console 5.1 will retire at the end of December 2015.

For more information on product retirements, see http://www.sophos.com/en-us/support/knowledgebase/119147.aspx.

System requirements

Supported operating systems and SQL Server versions

For operating system requirements and supported SQL Server versions, see http://www.sophos.com/en-us/support/knowledgebase/113278.aspx.

If you don't have a supported SQL Server version (SQL Server 2005 Express or later) already installed, the Enterprise Console installer attempts to install SQL Server 2008 R2 Express Edition with Service Pack 1 (SP1).

Other software requirements

The installer also attempts to install the following software (unless already installed):

You will need to have the following software installed:

  • At least Internet Explorer 7 or later

For more information about installing required system software, refer to the Enterprise Console startup documentation published at http://www.sophos.com/en-us/support/documentation/enterprise-console.aspx.

Port requirements

Enterprise Console requires certain ports to be open. For more information, go to http://www.sophos.com/en-us/support/knowledgebase/38385.aspx.

Hardware requirements

  • Processor: Pentium 4 (or equivalent) 2.0 GHz or faster.
  • Memory: 2 GB RAM for Enterprise Console.
  • Disk space: 1.5 GB for complete Enterprise Console installation without SQL Server 2008 R2 Express; 1.8 GB for complete Enterprise Console installation with SQL Server 2008 R2 Express.

    In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows, Mac, and Linux - then around 700 MB would be required.

If you want to install Sophos Update Manager on a computer other than the one where Enterprise Console is installed, you will need at least:

  • Processor: Pentium 4 (or equivalent) 1.0 GHz
  • Memory: 1 GB RAM
  • Disk space: 50 MB for installation. In addition to this, you will need around 200 MB - 350 MB per endpoint product you are downloading from Sophos. For example, if you download three security software products - for Windows, Mac, and Linux - then around 700 MB would be required.

Minimum database size

The computer where you place the database (which may be the same computer as the computer where Enterprise Console is installed or a different one) needs a minimum of 1 GB disk space for data.

Maximum database size

  • If you use Microsoft SQL Server 2008 Express Edition, the maximum size that a database can reach is 4 GB.
  • If you use Microsoft SQL Server 2008 R2 Express Edition (installed by default), the maximum size that a database can reach is 10 GB.
  • If you use Microsoft SQL Server 2005, 2008, 2008 R2, 2012, 2012 R2, or 2014 there is practically no limit apart from that set by the administrator.
Note: The minimum recommended screen resolution for Sophos Enterprise Console is 1280 x 800 pixels.

Upgrading to Enterprise Console 5.3.0

You can upgrade to Enterprise Console 5.3.0 directly from:

  • Enterprise Console 5.2.2
  • Enterprise Console 5.2.1 R2
  • Enterprise Console 5.2.1
  • Enterprise Console 5.2.0
  • Enterprise Console 5.1
  • Enterprise Console 5.0

If you are using Enterprise Console 4.x or Enterprise Manager 4.7, you will need to upgrade in two steps: first upgrade to Enterprise Console 5.1 and then upgrade to Enterprise Console 5.3.0.

If you are using Sophos Control Center 4.0.1 or 4.1, you will need to upgrade in two steps by following one of the supported upgrade paths:

  • Upgrade to Enterprise Console 5.1 and then upgrade to Enterprise Console 5.3.0.
  • Upgrade to Enterprise Console 5.2.2 and then upgrade to Enterprise Console 5.3.0.
Note: Alternatively, you could use Sophos Cloud to manage your computers. To find answers to frequently asked questions about Sophos Cloud, see knowledgebase article 119598.

See also knowledgebase article 119105 for more information about different upgrade paths.

The installers for earlier versions of Enterprise Console are available from the Sophos Enterprise Console Downloads page (http://www.sophos.com/en-us/support/downloads/console/sophos-enterprise-console.aspx).

Note: If you are upgrading from Enterprise Console 5.2.1, 5.2.1 R2, or 5.2.2, no changes to the database component are required. For more information, go to knowledgebase article 121956.

If you are upgrading from an earlier version and want to upgrade the Sophos databases manually by running the database install scripts, see knowledgebase article 116768.

Known issues and limitations

Installation

  • (DEF56407) Distributed installation: Sophos Management Service doesn't start if a database instance is present without the appropriate network protocols enabled.

    For distributed installations of Enterprise Console (with SQL Server on a different server) the Sophos Management Service may not start if the "SOPHOS" database instance was created by PureMessage for Microsoft Exchange, or if the chosen SQL Server instance has TCP/IP protocol disabled.

    To work around this problem, do the following.

    • When installing Sophos Enterprise Console and PureMessage together, you must first install Sophos Enterprise Console.
    • If PureMessage for Exchange is already present, or if you are using a SQL Server 2005/2008 database on a different server (a remote database) and the issue occurs, use the SQL Server Configuration Manager to enable the TCP/IP protocol for the database instance and also start the SQL Server Browser service.

Upgrading

  • (DEF87597) When you upgrade from Enterprise Console 5.1 to Enterprise Console 5.3.0, there is a risk that encryption registry keys and files may be incorrectly deleted if a second user interactively logs on to the server using the Remote Desktop Protocol (RDP), while the management server is being upgraded. Sophos strongly recommends that only one user be logged on to the server for the duration of the upgrade.

    For information on how to prevent other users from logging on to the server during the upgrade, see http://support.microsoft.com/kb/186504.

  • (WKI79868) When you upgrade from Sophos Enterprise Console 5.0 to Sophos Enterprise Console 5.3.0, the Patch Assessment Event Viewer will be blank. Missing patches data will appear in the Patch Assessment Event Viewer after the computers are assessed for missing patches during their next scheduled assessment. (The patch assessment interval is specified in the Patch Policy and can be set to "Every 8 hours", "Every day" (default), or "Every week".)

    This issue does not appear when upgrading to Enterprise Console 5.3.0 from Enterprise Console 5.1 or later.

For more information about issues with upgrading Enterprise Console, see http://www.sophos.com/en-us/support/knowledgebase/114627.aspx.

Deployment

  • (DEF84838) It is not possible to protect Windows 8 and Windows 8.1 computers that are in a workgroup from Enterprise Console 5.3.0 running on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2.

    For more information and instructions on how to enable deployment, see http://www.sophos.com/en-us/support/knowledgebase/118354.aspx.

General

  • (DEF90191) On Japanese or Chinese Windows Server 2012 installations, Enterprise Console fails when the Chart tab is selected in the Reporting window. Workaround: Use scheduled reports instead.
  • (DEF82914) Optional user-defined desktop messages are not displayed on computers running Windows 8. For more information, see http://www.sophos.com/en-us/support/knowledgebase/118233.aspx.
  • (DEF58871, DEF58872) When discovering computers or synchronizing to Active Directory, Enterprise Console may fail to differentiate between multiple computers with the same name, and may switch them between groups alternately. This situation may arise where identically-named computers are situated on different domains or sub-domains.

    To work around this problem, do one of the following.

    • Ensure that Sophos RMS (Remote Management System) is installed and running on all identically-named computers before attempting to find them from Enterprise Console.

      Do not synchronize any Active Directory groups that contain machines which have identically-named computers. Manage the computers manually.

    • Eliminate duplicate computer names on your network.

Data control

For information about limitations of data control, see http://www.sophos.com/en-us/support/knowledgebase/63016.aspx.

Full disk encryption

  • (WKI93313) Encryption recovery cannot be performed for a protected endpoint after the endpoint was removed from the console.

    Workaround: Do not delete encrypted endpoints from the console.

Additional information

For release notes and other documentation for managed endpoint software, follow these links:

Before using Sophos Reporting Interface, read the Sophos Reporting Interface documentation.

Sophos documentation is published at www.sophos.com/en-us/support/documentation.aspx.

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2015 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.