Sophos Enterprise Library Console
Installation Guide V6.1
Servers
Before starting this installation make sure:
1) You have a working internet connection
2) You have removed any previous AVP installation including folders.
Server Setup
INSTALLING CONSOLE
Remove existing Sophos installation including the remote update client
Download es20sfx.exe using the download details sent separately.
Double click the downloaded file es20sfx.exe
Click Install
Click Next
Accept Licence Agreement
Click Next
Accept default installation folder
Click Next
Select Complete
Click Next
Click Install
From the menu, choose “Domain Admins” group
Click Next
Click Finish
You will be logged off the server.
Log on to the server again.
Note addition SQL icon in tool tray
The Enterprise Console Setup wizard will start automatically
Click Next
Setting up the Library
Click Create Library
Select local installation
Click Next
Accept default folder
Click Next
Accept local path folder
Click Next
Click Install
Click Finish
Network Account Configuration
Click Next
Select Create New Local Account
Click Next
Create a password of your choice & confirm (PA55word)
Click Next
Click Finish
Selecting Parent location for downloading Sophos
Click select parent
Replace default URL with:
http://av0.cleo.net.uk/library/
Click set access
Select use an account to access the server
Username = sav
Password = d0wnl0ads
Click OK
Click OK.
Click Schedule Downloads
Click new schedule
Click Next
Change name to default schedule
Change description to hourly downloads
Click Next
Choose “Hourly Updates” from the menu
Click Next
Click Next to accept the defaults
Click Finish
Click OK
Select Packages
Tick Packages for client operating systems
Note: these are the operating systems used on client machines on
your network. Realistically, the only option is 2000/XP/2003.
Click OK
Select Download Packages
Click YES
This concludes the setup for Enterprise Console on the server. You can check it’s been successfully
installed by checking the date/ time of the last successful download adjacent to the download
packages tab.
Close Enterprise Manager window and save settings.
Setting up Clients
Select Start-Programs-Sophos – Enterprise Console
Locating Clients
Click Find
Type in a Domain Administrator username and password:
Note: Check in My Computer/properties/computer name/domain (ignore the .local extn)
Click OK
Tick domain clients are part of
Click OK
Enterprise console now displays clients
Creating Groups
Note: Groups are created so that you can give different groups of client’s unique settings.
Expand Server in left pane
Click Create Group Tab
Rename group folder ie servers, workstations, laptops, admin etc
Repeat to create additional groups
Drag clients from right pane to appropriate groups
**Setting Policies
Note: Do not use the Firewall policy
Select Policy Type “Updating”
Right Click and choose Create Policy
Give the policy a name
Double click the policy
*Choose the Operating System for which you downloaded the packages earlier.
Click Configure
Click drop down arrow
Select server from list
Enter server administrator account details
Select secondary server
Tick Specify Server Details
http://av0.cleo.net.uk/updates/esxp (or es9x etc depending on clients)
UserName = sav
Password = d0wnl0ads
Select Schedule
Change update check to 60 minutes
Click OK
Choose an additional operating system if required and repeat from * above or
Click Close
Select Policy Type “Anti-Virus”
Right Click and choose “Create Policy”
Give the policy a name
Double Click the policy
Configure Client Options – on access – accept default
See Appendix 1 for notes on using scanning options
Click OK
Add a Scheduled scan
Create a schedule and click OK
Click OK.
Right click on the Group folders you created
Choose View Group Policy Details.
Choose the group policy you want to apply to the folder from the drop down list.
Click OK
Click OK on the confirm policy changes dialog box.
Installing Sophos on Servers & Clients
Open Group Folder in left pane
Select workstations in Right pane
Click Protect
Click Next In the Protect Wizard
Click Next
Click Next
Enter account details inc domain ie cict\administrator
Click Finish
Note: you can check it’s installing by looking for a green arrow on the server icon. When the green
arrow disappears the update icon will appear in the tool tray on the client. Once the icon stops
moving the process is complete and status details will be displayed in the console - this could take
up to 5 minutes depending on the speed of the internet connection.
Repeat to set policies for additional group folders (from ** above)
Close all windows when the installation is completed.
Appendix 1
Sophos “Authorized Applications” Feature:
Sophos V6 on Windows 2000 & Windows XP Pro scans for potentially harmful files which are not
virus infected, eg PSKill hacking tool, and will then handle the file according to the settings you
choose on the “On Access” or “Scheduled Scan” pages.
Configuring Sophos to scan for Unauthorized Applications:
1. Right click the Anti-Virus Group policy which you want
to use to scan for Unauthorized Applications:
2. Click View / Edit Policy
Edit the scheduled scan you created during the setup of
Enterprise Console by clicking the “Edit” button:
Click on the “Configure” button then configure the scan options:
Ensure that “Scan for Potentially Unwanted applications” is
ticked:
On the “Cleanup” tab, look at the option for “Automatically
Clean Up Potentially Unwanted Applications”
If this is ticked, Sophos will automatically delete Unauthorized
Applications when doing a scheduled scan. If unticked, it will
report it on the “Authorize Applications” button later.
Press “OK” to return to the scheduled scan page.
Press “OK” to return to the “Anti-Virus Policy” page.
Press “OK” to return to the console.
Allow a scheduled scan to run on the workstations before checking for Unauthorized
Applications.
When Sophos runs its next scheduled scan, it will check for potentially harmful files that don’t
contain a virus, for example hacking tools, port monitors etc. If the “Automatically Clean up
Potentially Unwanted Applications” option is ticked, then the file will be deleted as soon as it is
encountered. Otherwise, it will be reported in Enterprise Console:
At this point, you can either clear up the alert, or choose to authorize the application.
Clearing Up the Alert:
Right click on the computer affected by the application, and
choose “Clear Up Threats”:
On the “Application Alerts” tab, choose the application (s) you want to clear off the PC, and press
“OK”
The PC should be
cleaned up, but run a
scheduled scan to be
certain.
Authorizing the Application:
Right click on the group policy which you want to
authorize the application on.
Click on “View/Edit Policy…”
Click on the “Authorize Applications” button:
The “Authorize Applications” dialog will open.
Any applications that have been detected will be
displayed in the left hand window. If you want
to add it to the list of approved applications and
stop the alert from appearing, choose the
application and press the “Add” button