Contents
Oxford University is licenced to use a number of the security products available from Sophos. Registered Oxford University IT Support Staff (register via Self-Registration) are able to access all of the products available under the current licence; selected products are also available to any member of the University. This page outlines the various products available, and includes information on the main features and links to download locations.
The following products are available.
1.1. Endpoint Security and Control Suite
This suite of products includes the following components.
The Enterprise Console component installs to a Windows server and allows you to update, manage and monitor installations of Sophos Anti-Virus from a central console. Managed systems may be running Windows, OS X or Linux. Systems may be grouped as required and policies that specify the way in which Sophos updates, scans and disinfects systems can be configured and deployed from the central console. Other features include reporting and synchronisation with Active Directory.
If you want to be able to fully manage and monitor the Sophos installations on all of your managed server and desktop systems, this is the product for you. Although the console requires a Windows server to run, it will allow you to manage Sophos installations on Windows, OS X and Linux. It will also manage update sources (but not allow monitoring or configuration of policies) for a number of other platforms such as Netware and various flavours of unix.
The Sophos Network Access Control (NAC) component requires Sophos Enterprise Console 3.1. Note that the version of Sophos NAC that is included in the Sophos Endpoint Security and Control Suite is not as fully featured as Sophos NAC advanced (which is not included in the site licence). Sophos provide a feature comparison list on their website.
Sophos Mobile Security is a self-contained package that supports a number of Windows Mobile editions. Sophos provide an overview which includes a list of the editions supported.
Registered Oxford University IT Support Staff can download components of the Sophos Endpoint Security and Control Suite from the OUCS ITSS Downloads site.
1.2. EMail Security and Control
Sophos PureMessage is included in the Sophos site licence and provides virus and spam checking for Microsoft Exchange servers (2003 and 2007), and for Notes Domino (R6.5 and R7).
If you are using PureMessage on Exchange, please read the following Sophos advisory as a hotfix is required for some installations.
Registered Oxford University IT Support Staff can download PureMessage from the OUCS ITSS Downloads site.
1.3. Standalone Sophos Anti-Virus Products
Unconfigured standalone installers are available for a wide range of platforms including Windows (from 95), OS X, Linux, Netware and various flavours of unix. These are appropriate for departments and colleges that are not able or do not wish to run the full EndPoint Security and Control suite.
The standalone versions for Windows, OS X and Linux are also available preconfigured with credentials to allow them to automatically update from Sophos. These are designed to be easy to install with no configuration needed. They are available for Windows 2000/XP/2003/2008/Vista, OS X and certain versions of Linux. Two editions are available — University and Personal.
If you are not sure which edition of the installer you have, or which edition is installed on a Windows PC, there are a number of ways to tell. For the installer, when run it will first unpack its files and then present a splash screen with a button to start the installation. At the bottom of this screen you will see For Personally-Owned PCs or For University-Owned PCs. For any operating system, once installed, you can tell from the username used to download updates from Sophos. Current usernames are shown in the IT Support Staff wiki (restricted access).
NB Personal editions should be downloaded by the individual who is going to use the software, to ensure that they have registered to use the program, and have agreed with the terms of use. Registration also ensures that they are included on the mailing list used for announcements (such as new versions and warning of credentials expiring).
Support is available from a variety of sources as follows.
2.1. Current Sophos Product Advisories (updated automatically)
3.1. Automatic update fails on Windows 2000/XP/2003/Vista systems
Problem: When a major update is released by Sophos which causes the product to re-install, this update might fail to apply.
Figure regpermissions.png [ Everyone group will full control of registry ]
Resolution: The latest versions of the personal and university
installers will correct any permissions problems on HKLM, so reinstalling
using the appropriate installer will normally correct the problem. If you
are using Enterprise Console, or the problem is with HKCR, you will need to
correct the problem manually or via a script. Run
regedit, in turn, right-click the HKLM and HKCR hives
and check the permissions. For each of these keys there must be an explicit
entry for the Administrators group with permissions of Full
Control. Reinstate any missing entries.
3.2. Installation fails because of insufficient permissions on registry keys
Problem: In a similar fashion to the above scenario of Sophos failing to update, Sophos will also fail to install if the HKLM and HKCR hives do not have full rights assigned to the Administrators group. Sophos can fail to install at various stages depending on exactly where the permissions fault lies. It can fail almost immediately, or appear to install successfully but fail to produce the blue shield in the System Tray.
Cause: Some programs alter the default registry permissions to ensure a successful installation. The common method is to replace the default windows permissions on HKLM and/or HKCR with a single entry: the Everyone group with full control. Sophos requires that the Administrators group has full control of both of these keys. Problems with HKCR are rare; problems with HKLM are more common.
Resolution: The latest versions of the personal and university
installers will correct any permissions problems on HKLM, so reinstalling
using the appropriate installer will normally correct the problem. If you
are using Enterprise Console, or the problem is with HKCR, you will need to
correct the problem manually or via a script. Run
regedit, in turn, right-click the HKLM and HKCR hives
and check the permissions. For each of these keys there must be an explicit
entry for the Administrators group with permissions of Full
Control. Reinstate any missing entries.
3.3. Installation or automatic update fails because another antivirus product is detected
Problem: Over the last few months we've seen a number of users who cannot install the v7 client due to the presence of another antivirus product on the system. The same problem may also be seen when Sophos tries to update automatically to a new major version (e.g. v6 to v7). The symptoms for a failed installation are as follows.
For cases where an update fails, the shield will generally be blue but with a
red cross, and C:\Windows\temp contains the file
Sophos Anti-Virus Competitor List.txt.
Cause: Sophos will not install or update to a new major version if a competitor antivirus product is installed. Sophos will also fail to install completely if residue from a previous antivirus product is detected on the system.
Sophos Anti-Virus Competitor List.txt will
detail any remaining registry keys which have been left which still
need to be cleared before Sophos will install.3.4. Cannot create scheduled scans
Figure sophpwderror.png [Error displayed when configuring a scan for a user without a password]
Cause: The Sophos client uses the Windows Scheduler service when configuring scheduled scans. By design the Scheduler service does not allow blank passwords irrespective of the local password policy.
Workaround: Users must set a non-null password in order to configure a scheduled scan.