About these release notes

These are the release notes for Sophos Enterprise Console, the on-premise software that manages and updates Sophos security products on networked computers.

What's new

New features

  • SQL Server Express 2017 is included in the package
    • This will be included if you perform a clean install.
  • Sophos Enterprise Console now supports multi-factor authentication
  • WCAG 2.1 level AA compliance for accessibility

Updated components

Sophos Enterprise Console 5.5.2.

Resolved issues

Issues fixed since release 5.5.1 include:

  • Linux/Unix and MAC Exclusions exclusion editing opened a blank text box.
  • Same path, resolved to multiple normalized paths, led to errors in the Sophos Enterprise Console installation.
  • Couldn't save custom extensions for scheduled scans.
  • ExportConfig.exe regression in Sophos Enterprise Console 5.5.1.
  • Updated Operating System and SQL Server support.

System requirements

Supported operating systems and SQL Server versions

For operating system requirements and supported SQL Server versions, see knowledge base article 113278.

If you don't already have SQL Server installed, the Sophos Enterprise Console installer attempts to install SQL Server 2017 Express Edition.

Note If you're using a version of SQL Server that Microsoft no longer supports, we recommend that you upgrade. For more information, see knowledge base article 122740.

Other software requirements

The installer also attempts to install the following software:

  • Microsoft .NET Framework 4.7.2 (unless version 4.x is already installed)
  • Microsoft Message Queuing (MSMQ) (unless already installed)

You will need to have the following software installed:

  • At least Internet Explorer 7 or later

For more information about installing required system software, refer to the Sophos Enterprise Console startup documentation published at http://www.sophos.com/en-us/support/documentation/enterprise-console.aspx.

Port requirements

Sophos Enterprise Console requires certain ports to be open. For more information, see knowledge base article 38385.

Hardware requirements

For hardware requirements, see knowledge base article 118635.

Note The minimum recommended screen resolution for Sophos Enterprise Console is 1280 x 800 pixels.

Upgrading to Sophos Enterprise Console 5.5.2

You can upgrade to Sophos Enterprise Console 5.5.2 directly from the versions listed below.

Note If you upgrade from 5.4.0 or earlier, Sophos Enterprise Console may have problems communicating with computers running older versions of Sophos Remote Management System. See knowledgebase article 124873.
  • Sophos Enterprise Console 5.5.1
  • Sophos Enterprise Console 5.5
  • Sophos Enterprise Console 5.4.1
  • Sophos Enterprise Console 5.4.0
  • Sophos Enterprise Console 5.3.1
  • Sophos Enterprise Console 5.3.0
  • Sophos Enterprise Console 5.2.2
  • Sophos Enterprise Console 5.2.1 R2
  • Sophos Enterprise Console 5.2.1
  • Sophos Enterprise Console 5.2.0
  • Sophos Enterprise Console 5.1
  • Sophos Enterprise Console 5.0
Note If you are upgrading from Sophos Enterprise Console 5.0, 5.1, 5.2.0, 5.2.1, 5.2.1 R2, 5.2.2, 5.3.0, 5.3.1, 5.4, 5.4.1, 5.5.0 or 5.5.1 changes to the database component are required. For more information, go to knowledgebase article 125687.
Note If you want to upgrade the Sophos databases manually by running the database install scripts, see knowledgebase article 116768.

If you are using Sophos Control Center 4.0.1 or 4.1, you will need to upgrade in two steps by following one of the supported upgrade paths:

  • Upgrade to Sophos Enterprise Console 5.1 and then upgrade to Sophos Enterprise Console 5.5.2.
  • Upgrade to Sophos Enterprise Console 5.2.2 and then upgrade to Sophos Enterprise Console 5.5.2.
Note Alternatively, you could use Sophos Central to manage your computers. To find answers to frequently asked questions about Sophos Central, see knowledgebase article 119598. For information about migration to Sophos Central, see knowledgebase article 122264.

See also knowledgebase article 119105 for more information about different upgrade paths.

The installers for earlier versions of Sophos Enterprise Console are available from the Sophos Enterprise Console downloads page (http://www.sophos.com/en-us/support/downloads/console/sophos-enterprise-console.aspx).

Tool version compatibility for Sophos Enterprise Console

The following table shows version compatibility between Sophos Enterprise Console tools and Sophos Enterprise Console.

Restriction After an upgrade to Sophos Enterprise Console 5.5.2 reinstall Sophos Cloud Migration Tool and Virtualization Scan Controller, and restart the Reporting Log Writer service. This enables these tools to work.

Virtualization Scan Controller is only compatible with SQL up to and including 2016.

The Sophos Enterprise Console tools are available for download from https://www.sophos.com/support/downloads.aspx.

Table 1. Tool version compatibility for Sophos Enterprise Console

Sophos Enterprise Console

Reporting Interface

Reporting Log Writer

Virtualization Scan Controller

5.5.2

*

5.5.2

2.1

5.5.1

*

5.1

2.0

5.5

*

5.1

2.0

5.4.1

*

5.1

2.0

5.4.0

*

5.1

2.0

5.3.1

*

5.1

2.0

5.3.0

*

5.1

2.0

5.2.2

*

5.1

2.0

5.2.1 R2

*

5.1

2.0

5.2.1

*

5.1

2.0

5.2

*

5.1

2.0

5.1

5.1*

5.1

1.0

* Since version 5.1, Reporting Interface database objects are installed as part of the Sophos Enterprise Console database installation, and the standalone installer on the Sophos Reporting Interface download page includes only Reporting Log Writer.

CAUTION
If you installed Reporting Interface separately with an earlier version of Sophos Enterprise Console, uninstall it before upgrading that version.

Known issues and limitations

Installation

  • (DEF56407) Distributed installation: Sophos Management Service doesn't start if a database instance is present without the appropriate network protocols enabled.

    For distributed installations of Sophos Enterprise Console (with SQL Server on a different server) the Sophos Management Service may not start if the "SOPHOS" database instance was created by PureMessage for Microsoft Exchange, or if the chosen SQL Server instance has TCP/IP protocol disabled.

    To work around this problem, do the following.

    • When installing Sophos Enterprise Console and PureMessage together, you must first install Sophos Enterprise Console.
    • If PureMessage for Exchange is already present, or if you are using SQL Server 2005 or 2008 on a different server (a remote database) and the issue occurs, use the SQL Server Configuration Manager to enable the TCP/IP protocol for the database instance and also start the SQL Server Browser service.

Upgrading

  • If you upgrade to Sophos Enterprise Console 5.5 from 5.4 or earlier, there may be problems connecting with endpoints that have older versions of the Sophos Remote Management System (RMS). This is because Enterprise Console 5.4.1 and later enforces TLS (Transport Layer Security) protocol, which can be incompatible with RMS 3 and RMS for Linux or vShield. See knowledgebase article 124873.
  • (WKI79868) When you upgrade from Sophos Enterprise Console 5.0 to Sophos Enterprise Console 5.4.x or later, the Patch Assessment Event Viewer will be blank. Missing patches data will appear in the Patch Assessment Event Viewer after the computers are assessed for missing patches during their next scheduled assessment. (The patch assessment interval is specified in the Patch Policy and can be set to "Every 8 hours", "Every day" (default), or "Every week".)

    This issue does not appear when upgrading to Sophos Enterprise Console 5.4.x or later from Sophos Enterprise Console 5.1 or later.

For more information about issues with upgrading Sophos Enterprise Console, see knowledge base article 114627.

Deployment

  • (DEF84838) It is not possible to protect Windows 8 and Windows 8.1 computers that are in a workgroup from Enterprise Console 5.4.x or later running on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2.

    For more information and instructions on how to enable deployment, see knowledge base article 118354.

General

  • (DEF82914) Optional user-defined desktop messages are not displayed on computers running Windows 8. For more information, see knowledge base article 118233.
  • (DEF58871, DEF58872) When discovering computers or synchronizing to Active Directory, Sophos Enterprise Console may fail to differentiate between multiple computers with the same name, and may switch them between groups alternately. This situation may arise where identically-named computers are situated on different domains or sub-domains.

    To work around this problem, do one of the following.

    • Ensure that Sophos RMS (Remote Management System) is installed and running on all identically-named computers before attempting to find them from Sophos Enterprise Console.

      Do not synchronize any Active Directory groups that contain machines which have identically-named computers. Manage the computers manually.

    • Eliminate duplicate computer names on your network.
  • Email Alerting only works if the Management Service is restarted after configuration.

Data control

For information about limitations of data control, see knowledge base article 63016.

Information from previous releases

Legal notices

Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.