Sophos Endpoint Security and Control for Windows

IT Services

Sophos Endpoint Security and Control for Windows

Contents

1. Installing and Updating Sophos
- 1.1. Introduction
- 1.2. Obtaining and Installing Sophos
- 1.3. Installing Sophos for Windows
- 1.4. Checking the status of Sophos
- 1.5. Updating Sophos Anti-virus for the first time
- 1.6. Keeping Sophos up to date
- 1.7. Further Information
2. Further Configuration and Setting up Manual and Scheduled Scans
- 2.1. General Sophos Settings
- 2.2. Configuring, Running and Scheduling Scans
  - 2.2.1. Configuring a new scan
  - 2.2.2. Scheduled scans
  - 2.2.3. Running a scan

1. Installing and Updating Sophos

1.1. Introduction

Sophos Endpoint Security and Control for Windows (also known as Sophos Anti-Virus) is a security application that provides a number of features for computer systems running Microsoft Windows, in particular protection against malware such as viruses.

Members of Oxford University may download and install the Sophos software on their own desktops and laptops.

These instructions are primarily for people who want to install the Sophos software onto their personal laptop and/or desktop. Please check with your local IT Support Staff about antivirus protection for college and departmental systems as local arrangements often apply, and installing the version intended for personal systems may cause problems.

1.2. Obtaining and Installing Sophos

Before installing Sophos for Windows:

Make sure that your computer is running a supported version of Windows. The current version of Sophos Endpoint Security and Control is version 10.0 which is supported on the following desktop operating systems including 64 bit versions where applicable.
- Windows 7
- Windows Vista
- Windows XP Service Pack 1 and above
- Windows 2000 Service Pack 3 and above
Remove any other anti-virus software installed on your machine. To do this use the [Programs and Features] control panel (Windows 7 and Vista) or the [Add or Remove Programs] control panel (Windows XP).

If you haven't already obtained Sophos you can download it for free via the following link:

https://register.it.ox.ac.uk/software

When you download the installer you may receive a warning that the program may harm your computer because it is not commonly downloaded. This is normal if you use a recent version of Internet Explorer, for example. You may need to click on Actions before you can run the installer. When you click on Actions you will see a Smartscreen Filter window. The Sophos installer is now digitially signed; click on the entry against Publisher to see the details. To run the installer you will need to click on Run anyway.

1.3. Installing Sophos for Windows

This section describes how to install the Sophos software once you have downloaded it from the OUCS Self-registration page.

After you have downloaded the file, Run it or find the downloaded file and double-click on it. You will see a dialog box with a progress bar as the files are extracted. This may take a minute or two

Once the files have been extracted the installation screen (shown below) will appear. Click on the Start button to begin the installation.

Figure images/v10-install1.png [Start screen]

The installation of Sophos onto your computer is an automatic process. Once you have started the installation please be patient and wait for it to complete (this may take several minutes). You are not required to help in this process. To begin with you will see the following screen while the program is installed:

Figure images/v10-install2.png [Installation in progress screen 1]

Once the first part of the installation is complete, the text on the screen will change to show that Sophos is being configured, as shown below.

Figure images/v10-install3.png [Installation in progress screen 1]

When the installation has completed you will see the following screen.

Figure images/v10-install4.png [Installation complete screen]

If the installation has failed for any reason the shield will be red. If this happens please refer to the Frequently Asked Questions (FAQ) web page for information on how to find out what the problem is.

Figure images/v10-installfailed.png [Installation failed screen]

If the installation was successful we recommend that you restart your computer as Sophos frequently needs the computer to be rebooted before all features are enabled.

1.4. Checking the status of Sophos

Once you have rebooted check that you can see a blue and white shield in the system tray (usually in the bottom-right of the screen, near the clock).

On Windows 7 systems the shield will probably be hidden and to view it you will need to click on the up-arrow near the clock.

Figure images/v10-win7-shield-normal.png [Blue and white shield on Windows 7]

On older versions of Windows the shield should be visible immediately.

Figure images/v10-shield-normal.png [The blue and white shield icon found in the task bar]

On Windows 7 systems you may prefer to change the settings so that the shield is always visible. This may make it easier to see when Sophos is running normally or whether there are any problems.

To change the settings select [Customize] from the menu that appears when you click on the up-arrows near the clock.

Figure images/v10-win7-system-tray-customize.png [Customize option for Notification Area]

This will open the Notification Area Icons control panel. Look down the list (and if necessary scroll down) until you see the entry for [Sophos Endpoint Security and Control]. From the drop-down list next to it change the setting to [Show icon and notifications]. Finally click on OK to apply the changes.

Figure images/v10-win7-notification-area.png [Windows 7 Notification Area Icons control panel]

So long as the shield is blue and white as shown then Sophos should be working correctly. However you still need to update it as described below to protect against malware discovered since the installation package was built. If the shield looks different, such as shown in the following picture, please refer to the Frequently Asked Questions (FAQ) web page for explanations and possible solutions.

Figure images/v10-shield-exclamation.png [Exclamation mark on shield icon]

Sophos generally pops up status messages from the shield to alert you to problems, as well as to confirm that Sophos is running properly. For example, after you start up your computer you may see a message telling you that all protection is enabled as shown below.

Figure images/v10-shield-message-protection-enabled.png [Shield popup showing all protection enabled]

1.5. Updating Sophos Anti-virus for the first time

Although the blue and white shield shows that Sophos is installed and running properly you still need to update it immediately to make sure that it can identify the most recent viruses. Before you update Sophos make sure that your computer is connected to the Internet.

Right click on the blue and white shield icon in the task bar. A small pop-up box will appear:

Figure images/v10-shield-menu-update-now.png [Update now pop-up screen]

Click the Update Now link. Sophos will begin to download files and will show you a downloading screen.

Figure images/v10-progress-updating.png [Download files screen]

Once all the necessary files have been downloaded, Sophos will automatically install these files onto your system. At this point you will see an installation progress screen. While Sophos is updating the Sophos shield near the clock may disappear for a short time.

Figure images/v10-progress-installing.png []

Once the files have been successfully installed, the installation screen will close automatically. The Sophos shield icon in the task bar should be visible and blue, and any progress boxes will close indicating that the update is complete.

Figure images/v10-shield-normal.png [The blue and white shield icon found in the task bar]

From this point on Sophos will try to update itself automatically every hour. You won't see the downloading screen during these automatic updates. See the Keeping Sophos up to date section below for more information on auto-updating.

Once installed Sophos should automatically check files that you open for viruses. To open the main Sophos program itself, if you need to run scans, modify configuration or manage items in quarantine, open Sophos EndPoint Security and Control from the [Start] menu (in the Sophos program group, or right-click on the shield in the task bar and select Open Sophos EndPoint Security and Control.

1.6. Keeping Sophos up to date

Sophos Endpoint Security and Control uses a username and password to automatically download updates. These credentials are valid for around 14 months and expire during November each year. Once they have expired, Sophos will no longer be able to download updates, and your computer will be more vulnerable to new viruses etc.

This normally only applies to Sophos installed onto personal laptops and desktops. On college or departmental systems, Sophos (or other antivirus software) is often managed by your local IT Support staff and you should check with them before making any changes.

To make sure that you keep your computer(s) up to date, you will need to download and install a new Sophos package in October each year. Please see the Frequently Asked Questions (FAQ) for more details on how to check whether your installation(s) of Sophos is using valid credentials.

On computers that are connected to the internet Sophos will check for updates once an hour. To find out when the program last updated itself, hover your mouse over the blue and white shield icon found in the task bar and you should see a small pop-up window showing the date and time of the last update:

Figure images/v10-shield-status-lastupdate.png [hover mouse over task bar Sophos shield]

If you find it difficult to make this status message appear you can see the same information by right-clicking on the shield and choosing [Open Sophos Endpoint Security and Control] from the menu. This will open the Sophos program, and the main screen will show a Status box near the top left of the window.

Figure images/v10-sav-main-status.png [Main Sophos window - status box]

When the program is in the process of updating itself you the pop-up window will look a little different.

Figure images/v10-shield-status-updating.png [Sophos shield showing updating message]

While Sophos is updating you can choose to view a progress window. Do this by right-clicking on the shield and choosing [View updating status] from the menu that appears. The option will be unavailable if Sophos isn't updating.

Figure images/v10-progress-updating.png [File update downloading window]

If Sophos finds new updates it will automatically install them after downloading them.

If you see a red circle with a white cross superimposed on the blue and white shield (see below), the most recent update failed. This will always happen (and is normal) if Sophos tries to update while your computer is disconnected from the Internet. If your Internet connection is working correctly and the update fails, refer to the Frequently Asked Questions (FAQ) for some possible reasons and solutions.

Figure images/v10-shield-cross.png [Red cross on blue and white shield]

1.7. Further Information

If you encounter any problems there is a Frequently Asked Questions (FAQ) web page with answers to some of the most common issues that people encounter.

We provide some outline information on configuring Sophos options and scans in the next section.

2. Further Configuration and Setting up Manual and Scheduled Scans

2.1. General Sophos Settings

The Sophos clients that OUCS distributes come with a preset standard configuration. The default actions are:

Clean up virus-infected files. If this fails it will move them to a special folder: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED (Windows XP) or C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED (Windows 7 and Vista).
A weekly full scan of your C: drive is scheduled to run at 21:00 on Wednesdays.
Web Protection is enabled

If you wish to change any Sophos client settings you may do so. This section covers some common configuration changes including configuring and running manual scans. For full details, refer to the built-in Help in the Sophos EndPoint Security and Control program.

Open Sophos and you will see the following screen. Note particularly the greyed out Home button near the top of the window under the [Help] menu. You can use this button from other Sophos screens to return to this main window.

Figure images/v10-sav-main.png [Sophos front page]

Choose the option Configure anti-virus and HIPS.

A new screen will open showing the different configuration settings available.

Figure images/v10-sav-configure.png [Configuration screen]

Click on the first option [On-access scanning] under the Configure heading to open the On-access scanning configuration screen.

The options on the Scanning tab control whether on-access scanning is enabled together with when Sophos will check files (i.e. on read, on write etc.). For version 10 of Sophos files are checked On read, On write and On rename.

Figure images/v10-prefs-onaccess-scanning.png [on access scanning settings]

The Scan for section of this tab specifies what type of malware Sophos checks for. By default Sophos is configured to scan for malware including viruses but will not check for Adware and PUAs (potentially unwanted applications) or Suspicious files. This is because some legitimate software can be detected if these options are enabled. Enabling these options is more thorough but may also detect legitimate software. If you do want to enable them we recommend that you first do a manual scan of your computer for Adware and PUAs and/or Suspicious files. You can then authorise any any legitimate software that is detected as supicious or a PUA before you enable detection of these files via On-access scanning. To authorise legitimate software use the [Anti-Virus/Authorization...] option on the [Configure] menu.

The settings on the Cleanup tab allow you to configure the options for removing malware.

Figure images/v10-prefs-onaccess-cleanup.png [Cleanup tab settings]

If you change any settings then click the Apply button followed by the OK button to close the configuration window. You will return to the main configuration page.

2.2. Configuring, Running and Scheduling Scans

2.2.1. Configuring a new scan

Sophos provides automatic on-access scanning which gives you constant protection against viruses in any files, emails etc. that you are actually using. In addition, you can perform on-demand scans of either your whole hard disk(s) or just selected sections.

On-demand scans can be run manually, or you can schedule them to run at a particular time and on particular days of the week. The preconfigured package provided is configured to run a scan every Wednesday at 9pm. You can't edit this scan but you can delete it and set up your own scan.

To configure scans first return the the Sophos main page by clicking on the Home button near the top of the window under the [Help] menu. Now click on the Scans icon.

Figure images/v10-sav-icon-scans.png [Scans icon]

The scan configuration page will open. Under Available scans you should see the preconfigured Wednesday 9pm Scan that has been set up for you.

Figure images/v10-sav-scans.png [Scans window]

To start a scan of your whole computer click on the Scan my computer icon (this option is also on the home page.)

Figure images/v10-sav-icon-scan.png [Scan my computer icon]

To configure your own scan(s), first select the Set up a new scan icon from the Scans page.

Figure images/v10-sav-icon-new-scan.png [Set up a new scan]

Figure images/v10-sav-scans-new.png [Settings for your own scan]

From here you can choose what files or folders the program will scan for you. In this example on Windows 7, Sophos has been configured to scan My Documents. In the Scan name box, add a name e.g. My Documents Scan.

Next, select the Configure this scan option near the bottom of the window. A new window, Individual scan settings, will open. The Cleanup tab will allow you to specify what Sophos does it it finds any malware. The options on both the Scanning and the Cleanup tabs are very similar to those outlined in section 2.1. General Sophos Settings.

Figure images/v10-sav-scans-prefs-settings.png [Scan-specific configuration options.]

Once you have configured your scan , save the new scan settings. This new scan will be added to the front page in the Available Scans box:

Figure images/v10-sav-scans2.png [List of available scans created by the user]

To start the scan, click on the Start button next to the name of the scan. Sophos will then scan the files and directories specified when it was configured.

2.2.2. Scheduled scans

Saved scans can be scheduled to run automatically on your machine. NB. You cannot save a scheduled scan if you do not have a password set to log on to your machine. For advice on passwords and password security please see the OUCS Password pages.

From the Available Scans listing on the front page, open a saved scan by selecting it from the list and then clicking on Edit. The scan configuration page will open.
Click on the Schedule this Scan option near the bottom of the window.
A new screen will open. Initially all options are greyed out, but these are enabled by clicking the Enable schedule checkbox. Sophos adds default values when this is first enabled.
Change the default settings to those that you require. In our example, the scan is scheduled to run every weekday at 21:00.

Figure images/v10-sav-scans-prefs-schedule.png [Schedule a scan screen]

Type the username and password you use to log onto the machine into the boxes provided. Click OK to save the new schedule.
The scan will run automatically at the day and time specified. Note that if your computer is turned off at the time when the scan is supposed to run then it simply will not run.

2.2.3. Running a scan

To run the general virus scan, return to the main Sophos window (use the Home button under the [Help] menu) and select the Scan my computer icon. This will immediately start a full scan of your system.

Figure images/v10-sav-icon-scan.png [Scan my computer]

To run a saved scan, select the Scans option on the main Sophos window to view the list of available scans. Select a scan from the list and then click on the Start button. Note that you cannot do this for the preconfigured Wednesday 21:00 scan.

Once a scan has started you will see the following screen:

Figure images/v10-sav-scan-progress.png [Picture shows a scan in process]

Click the More button to see if any viruses have been found on your system during the scan. At the end of the scan you will see a summary of the results:

Figure images/v10-sav-scan-summary.png [Scan results summary]