In this section:
This page does not apply to
Note that these are Sophos marketing titles. Depending on the country and partner/reseller, the orderable product names may differ. For example, one partner website shows the product names as Sophos Server Protection for Windows, Linux and vShield.
Sophos antimalware software contains a Management Interface (Console+Server+Update Manager) that runs in a separate Windows Server and Antivirus (Agent) software that runs in the ASM/SBA.
We recommend running the Management Interface and Antivirus separately to conserve CPU processing in ASM/SBA.
The deployment of the Sophos management interface on the
You do not need to configure or modify the ASM in order to install Sophos.
Here are the key steps performed when installing:
Task | Installation Instructions Covered in Sophos Deployment Guide | Installation Instructions unique to the Unable to show "metadata-from": No such page "_space_variables" SBAscovered in this WIKI article
|
---|---|---|
Download the Enterprise Console installer | ||
Check the system requirements | ||
Create the accounts you need | ||
Prepare for installation | ||
Install the Enterprise Console | ||
Download security software | ||
Create computer groups | ||
Set up security policies | ||
Search for computers | ||
Prepare to protect computers | ||
Protect computers | ||
Check the health of your network | ||
Add Exclusions | ||
Activate Exploit Prevention | ||
Protect the ASM |
The following are the steps to protect the SBC Edge device with an SBA-targeted ASM:
Protecting the ASM.
Create the antivirus and Host Intrusion Prevention System (HIPS) policy with the file and folder exclusions recommended by Microsoft SBA deployments.
C:\windows\SoftwareDistribution\Datastore\
C:\windows\SoftwareDistribution\Datastore\Logs\
C:\Windows\security\database\*.edb
C:\Windows\security\database\*.sdb
C:\Windows\security\database\*.log
C:\Windows\security\database\*.chk
C:\Windows\security\database\*.jrs
C:\Windows\System32\LogFiles\
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\
C:\Program Files\Skype for Business Server 2015\
C:\Program Files\Common Files\Microsoft Lync Server 2010\
C:\Program Files\Common Files\Microsoft Lync Server 2013\
C:\Program Files\Common Files\Skype for Business Server 2015\
C:\Program Files\Microsoft SQL Server\MSSQL11.LYNCLOCAL\MSSQL\Binn\SQLServr.exe
C:\Program Files\Microsoft SQL Server\MSSQL12.LYNCLOCAL\MSSQL\Binn\SQLServr.exe
C:\Program Files\Microsoft SQL Server\MSSQL11.RTCLOCAL\MSSQL\Binn\SQLServr.exe
C:\Program Files\Microsoft SQL Server\MSSQL12.RTCLOCAL\MSSQL\Binn\SQLServr.exe
ABServer.exe
ClsAgent.exe
LysSvc.exe
MediationServerSvc.exe
ReplicaReplicatorAgent.exe
ReplicationApp.exe
RtcHost.exe
RTCSrv.exe
Fabric.exe
FabricDCA.exe
FabricHost.exe
Note that the preceding list of items can be saved in a file using a third party simple text editor and imported into exclusions.
Enter the Exploit Prevention credentials and activate it by performing the following steps:
Step | Action |
---|---|
1 | Open the console and click View and then Update Managers. |
2 | In the Update managers pane, click the appropriate computer name and then View/Edit Configuration.
|
3 | Click Sources > Edit. When the Source Details dialog box opens, apply the credentials and then click OK.
|
4 | In the Sophos Enterprise Console - Protect Computers Wizard, select Exploit Prevention, Sophos Clean and then click Next.
|
Step | Action |
---|---|
1 | Create a group. |
2 | Add the ASM node into the group. Note: Make sure to choose the Exclusion policy for the group and select Exploit prevent only.
This will install the Agent software with Exploit Prevention and also apply the exclusions.
|
3 | To verify the installation, log on to the ASM node by establishing a Remote Desktop Connection. |
4 | Find and open the installed Sophos program and then navigate to Configure antivirus > On-access scanning > Exclusion to verify the exclusions you added in Adding Exclusions (AntiVirus File/Folder Scan Exclusion List). |
5 | Confirm that the Exploit prevention is active on the Agent by viewing its listing on View Product Information. |