In this section:
This page does not apply to SBC 1000/2000Cloud link units featuring the Microsoft® Cloud Connector Edition application and Intel® Xeon® CPUs, because Microsoft defines alternative procedures to protect against malware.
Ribbon recommends the deployment of an approved third party anti-malware solution to SBC 1000/2000 ASMs with SBA (Applications Solutions Modules running the Skype for Business/Lync 2013 Survivable Branch Appliance application) units as an added measure of security to inspect and “cleanse” devices of viruses and ransomware, such as the 2017 WannaCry https://en.wikipedia.org/wiki/WannaCry_ransomware_attack and Petya attacks.
Ribbon approves the following Antivirus and Ransomware protection software for any SBC 1000 or SBC 2000unit with an Applications Solutions Module shipped with a Microsoft® Skype for Business/Lync Survivable Branch Appliance (SBA) application.
Note that these are Sophos marketing titles. Depending on the country and partner/reseller, the orderable product names may differ. For example, one partner website shows the product names as Sophos Server Protection for Windows, Linux and vShield.
Sophos antimalware software contains a Management Interface (Console+Server+Update Manager) that runs in a separate Windows Server and Antivirus (Agent) software that runs in the ASM/SBA.
We recommend running the Management Interface and Antivirus separately to conserve CPU processing in ASM/SBA.
The deployment of the Sophos management interface on the SBC 1000/2000ASM is not supported
You do not need to configure or modify the ASM in order to install Sophos.
Here are the key steps performed when installing:
Task | Installation Instructions Covered in Sophos Deployment Guide | Installation Instructions unique to the Ribbon SBAs
|
---|---|---|
Download the Enterprise Console installer | ||
Check the system requirements | ||
Create the accounts you need | ||
Prepare for installation | ||
Install the Enterprise Console | ||
Download security software | ||
Create computer groups | ||
Set up security policies | ||
Search for computers | ||
Prepare to protect computers | ||
Protect computers | ||
Check the health of your network | ||
Add Exclusions | ||
Activate Exploit Prevention | ||
Protect the ASM |
The following are the steps to protect the SBC Edge device with an SBA-targeted ASM:
Protecting the ASM.
Create the antivirus and Host Intrusion Prevention System (HIPS) policy with the file and folder exclusions recommended by Microsoft SBA deployments.
C:\windows\SoftwareDistribution\Datastore\
C:\windows\SoftwareDistribution\Datastore\Logs\
C:\Windows\security\database\*.edb
C:\Windows\security\database\*.sdb
C:\Windows\security\database\*.log
C:\Windows\security\database\*.chk
C:\Windows\security\database\*.jrs
C:\Windows\System32\LogFiles\
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\
C:\Program Files\Skype for Business Server 2015\
C:\Program Files\Common Files\Microsoft Lync Server 2010\
C:\Program Files\Common Files\Microsoft Lync Server 2013\
C:\Program Files\Common Files\Skype for Business Server 2015\
C:\Program Files\Microsoft SQL Server\MSSQL11.LYNCLOCAL\MSSQL\Binn\SQLServr.exe
C:\Program Files\Microsoft SQL Server\MSSQL12.LYNCLOCAL\MSSQL\Binn\SQLServr.exe
C:\Program Files\Microsoft SQL Server\MSSQL11.RTCLOCAL\MSSQL\Binn\SQLServr.exe
C:\Program Files\Microsoft SQL Server\MSSQL12.RTCLOCAL\MSSQL\Binn\SQLServr.exe
ABServer.exe
ClsAgent.exe
LysSvc.exe
MediationServerSvc.exe
ReplicaReplicatorAgent.exe
ReplicationApp.exe
RtcHost.exe
RTCSrv.exe
Fabric.exe
FabricDCA.exe
FabricHost.exe
Note that the preceding list of items can be saved in a file using a third party simple text editor and imported into exclusions.
Enter the Exploit Prevention credentials and activate it by performing the following steps:
Step | Action |
---|---|
1 | Open the console and click View and then Update Managers. |
2 | In the Update managers pane, click the appropriate computer name and then View/Edit Configuration.
|
3 | Click Sources > Edit. When the Source Details dialog box opens, apply the credentials and then click OK.
|
4 | In the Sophos Enterprise Console - Protect Computers Wizard, select Exploit Prevention, Sophos Clean and then click Next.
|
Step | Action |
---|---|
1 | Create a group. |
2 | Add the ASM node into the group. Note: Make sure to choose the Exclusion policy for the group and select Exploit prevent only.
This will install the Agent software with Exploit Prevention and also apply the exclusions.
|
3 | To verify the installation, log on to the ASM node by establishing a Remote Desktop Connection. |
4 | Find and open the installed Sophos program and then navigate to Configure antivirus > On-access scanning > Exclusion to verify the exclusions you added in Adding Exclusions (AntiVirus File/Folder Scan Exclusion List). |
5 | Confirm that the Exploit prevention is active on the Agent by viewing its listing on View Product Information. |