Docstoc

esav_uen

Document Sample
esav_uen Powered By Docstoc
					http://laptop1.blogbus.com/




     Network upgrade guide
     Includes:
     Enterprise Console 2.0
     EM Library 1.3
     Sophos Anti-Virus
     Sophos Client Firewall




                       This is trial version
                       www.adultpdf.com
http://laptop1.blogbus.com/
    About this guide
         This guide describes the procedure for upgrading from Sophos Enterprise
         Console 1.0 (including EM Library 1.2) to Sophos Enterprise
         Console 2.0. In particular, it
         ! tells you about new features in Sophos Enterprise Solutions
         ! outlines the procedure for upgrading to Sophos Enterprise Console 2.0
         ! guides you through the upgrade step by step
         ! details post-upgrade tasks.
         The guide also covers the procedure for upgrading from EM Library 1.1 and
         details the process of moving the database to another computer, should you
         wish to do so after the upgrade.
         You can find details of all other configuration options of Enterprise Console,
         that are not covered in this guide, in Sophos Enterprise Console Help.
         Sophos documentation is published at www.sophos.com/support/docs/ and
         on the Sophos Network Install CD.




                         This is trial version
                         www.adultpdf.com
http://laptop1.blogbus.com/    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    Contents
       About this guide                                                2


       Planning the upgrade

       1 Upgrade process overview                                      6

       2 Upgrade checklist and flow charts                             8

       3 What’s new in Sophos Enterprise Solutions?                  11

       4 System requirements                                         13


       Upgrading Sophos Enterprise Console 1.0

       5 Before you upgrade                                          16

       6 Upgrading Sophos Enterprise Console                         17

       7 Reconnecting existing library or libraries                  19

       8 Downloading new anti-virus and firewall software            20

       9 Upgrading remote management console                         26

       10 Setting up default updating policy                         28

       11 Checking Enterprise Console policies                       30

       12 Setting up firewall policies                               34


       Upgrading protection on networked computers

       13 Protecting computers from Enterprise Console               38

       14 Protecting computers manually or with a script             43


       Post-upgrade tasks

       15 Checking computers are protected                           46

       16 Setting up scanning for potentially unwanted
          applications                                               47



                                                                                               iii
                            This is trial version
                            www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          Upgrading from EM Library 1.1

          17 Upgrading from EM Library 1.1                               50


          Appendices

          Appendix 1. Upgrading Sophos Enterprise Console
                      using custom setup                                 56

          Appendix 2. Moving the database to another computer 61


          Technical support                                              80




    iv
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/




                           Planning the upgrade




            This is trial version
            www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide



    1 Upgrade process overview

    1.1 The software you are going to upgrade
              When upgrading to Sophos Enterprise Console 2.0, you are going to upgrade
              or install some or all of the following (depending on your existing installation
              and the terms of your license).
              Sophos Enterprise Console components:
              ! Management console
              ! Management server
              ! Database
              ! EM Library
              Protection on networked computers:
              ! Sophos Anti-Virus
              ! Sophos Client Firewall (if your license includes it)


    1.2 Upgrade tasks
          1. Back up your system and make sure you can restore it successfully, if
             required.
              It is very important that you have a valid, complete backup of your Sophos
              Enterprise Console installation before starting the upgrade.
              The upgrade process is not reversible.
          2. Upgrade Sophos Enterprise Console 1.0 and EM Library 1.2, or EM Library
             1.1, to Sophos Enterprise Console 2.0.
          3. Upgrade remote management console (if relevant).
              After you have upgraded management software on the server, the server
              may need to be rebooted.
          4. Upgrade protection on networked computers.
              Windows 95/98/Me and Mac OS X computers running Sophos Anti-Virus
              4.5.x will update automatically.
          5. Perform post-upgrade tasks.
              The flow charts in section 2 illustrate the procedures for upgrading
              Enterprise Console. You can also use the checklist in that section, which
              describes the steps required to upgrade to Enterprise Console 2.0.
    6
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    1.3 Skills required to complete the upgrade
           The person who performs the upgrade must
           ! be able to perform system backup and recovery operations
           ! know and be able to install and configure software on Windows server
             operating system used in your organization, on which the previous
             version of Sophos Enterprise Console is installed (that is, Windows 2000
             Server (SP3 or later) or Windows 2003 Server), and operating system(s)
             installed on your networked computers (Windows and/or Mac)
           ! if required, be able to install a remote management console, on a
             computer other than the one running the management server
           ! have experience with changing the configuration of package subscription
             and setup of the Central Installation Directories (CIDs) within EM Library
             (if necessary, refer to EM Library Help for more information).

    1.4 Duration of the upgrade
           The duration of the upgrade process depends on your configuration, but
           usually should not take longer than one day, not including the upgrade of
           networked computers.

    1.5 Upgrade scenarios

        Phased rollout
           Sophos recommends that you use this scenario and upgrade your network in
           stages, especially if you have a relatively big network and plan to deploy
           protection against potentially unwanted applications and the firewall.
           A phased rollout will help you avoid flooding the network with traffic. (The
           size of the package containing Sophos Anti-Virus 6 is approximately 68 MB;
           the size of the package containing both Sophos Anti-virus 6 and Sophos
           Client Firewall is approximately 93 MB.) A phased rollout will also give you
           the opportunity to assess the threat posed to your system, test the software
           and its configuration on a small group of computers that can be easily
           monitored, and fine-tune your protection settings before deploying them
           across the entire network. You can configure different protection policies for
           different groups of your networked computers, and then deploy these
           policies to the computers in stages, one group at a time.

        Immediate upgrade
           You may consider this scenario if you have a relatively small network.
           Remember, however, that the upgrade is not reversible.
                                                                                               7
                           This is trial version
                           www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    2 Upgrade checklist and flow charts
              This checklist can help guide you through the upgrade process. The flow
              charts that follow illustrate the procedures for upgrading Enterprise Console
              in two cases - when your license includes Sophos Client Firewall and when
              your license does not include the firewall.

    Checklist: Upgrading from Sophos Enterprise Console 1.0 and EM Library 1.2

    Task no. Task description                               Instructions                             Completed

    1         Create a valid, complete backup               Your system documentation                   "

    2         Install Sophos Enterprise Console 2.0         6 Upgrading Sophos Enterprise
                                                                                                        "
                                                            Console

    3         Reconnect existing librar y or libraries to   7 Reconnecting existing librar y or
              the EM Librar y console (if required)                                                     "
                                                            libraries

    4         Download Sophos Anti-Virus 6 and (if          8 Downloading new anti-virus and
              included in your license) Sophos Client       firewall software                           "
              Firewall

    5         Upgrade remote management console             9 Upgrading remote management
                                                                                                        "
              (if relevant)                                 console

    6         Set up the default updating policy            10 Setting up default updating policy       "

    7         Check Enterprise Console policies             11 Checking Enterprise Console
                                                            policies
                                                                                                        "

    8         Set up firewall policies                      12 Setting up firewall policies             "

    9         Upgrade managed computers                     13.1 Upgrading managed computers            "

    10        Protect new and unassigned computers          13.2 Protecting new and unassigned
              (if any)                                      computers
                                                                                                        "

    11        Protect computers that cannot be              14 Protecting computers manually of
              protected automatically (if any)              with a script
                                                                                                        "

    12        Check that computers are protected            15 Checking computers are protected         "

    13        Set up scanning for potentially               16 Setting up scanning for potentially
              unwanted applications                         unwanted applications
                                                                                                        "


    8
                                   This is trial version
                                   www.adultpdf.com
http://laptop1.blogbus.com/
             Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




                                                                             9
            This is trial version
            www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    10
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/   Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    3 What’s new in Sophos Enterprise Solutions?
          For a complete list of new features refer to the Sophos Anti-Virus release
          notes. Listed here are only the new features you should be aware of during
          or after the upgrade to Sophos Enterprise Console 2.0.

       Sophos Enterprise Console 2.0
          ! Policies for updating, anti-virus, and client firewall
          In Sophos Enterprise Console 2.0 a policy is a collection of settings applied
          to all the computers in a group or groups. There are three types of policy:
          • The updating policy specifies how computers are updated with new
            software.
          • The anti-virus policy specifies how Sophos Anti-Virus scans and cleans
            up computers.
          • The firewall policy specifies how Sophos Client Firewall protects
            computers.
          Sophos Enterprise Console 1.0 also had policies, but each policy was
          created for a specific group and could only be applied to that group.
          In Sophos Enterprise Console 2.0 you can apply the same policy to more
          than one group. It makes it easy to change the settings for all those groups
          when you want to do so. You can create more than one policy of each type.
          ! Central cleanup of networked computers
          With Sophos Enterprise Console 2.0 you can centrally clean up computers
          that are infected with a virus or have unwanted applications on them.
          ! SNMP messaging
          In Enterprise Console 2.0 you can configure computers to send alerts to the
          administrator using SNMP messaging. Before this could only be done at
          each workstation.
          Sophos Anti-Virus 4.7 for Mac OS X does not have SNMP capability.




                                                                                             11
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          EM Library 1.3
              ! Frequent updates schedule
              The new Frequent updates schedule allows you to get regular updates from
              Sophos between fixed hours, on selected days. With this schedule, you can
              set up EM Library to check for updates and download them (if new updates
              are available) as frequently as every 10 minutes. (Before you could only get
              hourly updates.)

          Sophos Anti-Virus
              ! Detection and cleanup of potentially unwanted applications
              Sophos Anti-Virus 6 can scan for potentially unwanted applications (PUA),
              prevent them from running on and clean them from your network.
              Potentially unwanted applications detected by Sophos include a wide range
              of programs that perform actions such as displaying advertising, tracking
              websites visited, or changing the configuration of a computer.

          Sophos Client Firewall
              Sophos Client Firewall is available as part of Sophos Enterprise Solutions (if
              your license includes it). The firewall limits access to the company network
              or the internet to specifically permitted applications or classes of
              applications. It proactively locks down computers, protecting networks
              against internet worms, hackers and the risk of virus infection from
              unprotected computers, especially those that connect directly to the
              internet.




    12
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    4 System requirements

      Sophos Enterprise Console 2.0
         ! Supported operating systems: Windows 2000 Professional (SP3 or later),
           Windows 2000 Server (SP3 or later), Windows XP Professional (SP1 or
           later), Windows Server 2003
            Sophos recommends that you install the management server and
            database on a computer running a server operating system (e.g. Windows
            2000 Server or Windows Server 2003). You can install a remote
            management console on any of the supported systems, including
            Windows 2000 Professional (SP3 or later) and Windows XP Professional
            (SP1 or later).
         ! Internet Explorer 5 or later
         ! At least 80 MB of hard disk space for installation. You need further space
           for your software library and database, as detailed below.
         ! Around 120 MB for the library
         ! Up to 300 MB for the central installation directories
         ! At least 300 MB of disk space for data. If you use MSDE, the maximum
           size that a database can reach is 2 GB. If you use Microsoft SQL Server,
           there is no limit apart from that set by the administrator.
         ! 256 MB of RAM

      Sophos Anti-Virus 6.0
         ! Windows 2000, Windows XP Windows 2003, and 64-bit versions of
                                   ,
           these platforms
         ! 120 MB of hard disk space
         ! 256 MB of RAM (recommended)




                                                                                            13
                         This is trial version
                         www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          Sophos Client Firewall 1.0
              If you want to protect Windows 2000 and later computers with Sophos
              Client Firewall, you should uninstall any other firewall software first (with
              the exception of the Windows Firewall).
              ! Sophos Client Firewall is available only for Windows 2000 and later
                workstation operating systems, i.e. Windows 2000 Professional and
                Windows XP (32-bit versions).
              ! Sophos Client Firewall version 1.0 is designed to run on workstations
                connected to an Ethernet based LAN (local area network) or the internet.
              Sophos Client Firewall requires:
              ! Minimum 100 MB of hard disk space
              ! Minimum 320 MB of RAM
              ! Sophos Anti-Virus version 6 or later


              Sophos Client Firewall is not supported on:
              ! Server operating systems (e.g. Windows 2000 Server, Windows Server
                2003)
              ! 64-bit versions of Windows XP
              Sophos Client Firewall 1.0 does not support IPv6. It lets IPv6 packets
              through.




    14
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/




          Upgrading Sophos Enterprise Console 1.0




              This is trial version
              www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    5 Before you upgrade
              Before you start upgrading, make sure you have a valid, complete backup
              of your Sophos Enterprise Console installation. If for some reason the
              upgrade fails, you will need to recover your Sophos Enterprise Console
              system to its previous state from your backup.
              "Downgrading" or reverting from Sophos Enterprise Console version 2.0 back
              to version 1.0 will not work. Data created using Sophos Enterprise Console
              version 2.0 is not compatible or usable with Sophos Enterprise Console
              version 1.0.
              If you are upgrading from Sophos Enterprise Console 1.0 and
              EM Library 1.2, go to section 6.
              If you are upgrading from EM Library 1.1, with no Enterprise Console
              previously installed, go to section 17.




    16
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/   Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    6 Upgrading Sophos Enterprise Console
          To upgrade Sophos Enterprise Console, do the following.
       1. Log on as an administrator or domain administrator, as appropriate, at the
          Windows 2000 or 2003 server where version 1.0 of Sophos Enterprise
          Console is installed.
       2. Close all open Sophos applications, if any.
       3. Insert the Sophos Network Install CD. The CD should auto-run. If the CD
          does not auto-run, browse to the CD and double-click Launchcd.exe.
          On the Welcome page, click Install.
          Alternatively, download the Sophos Anti-Virus and Sophos Client Firewall
          Network Installer from the Sophos website and run it.
          If you upgrade on Windows 2003, you may see a security warning saying
          that the publisher could not be verified. Click Run to continue.
       4. On the Welcome page of the Sophos Enterprise Console InstallShield
          Wizard, click Next.




       5. On the License Agreement page of the wizard, read the license agreement
          and click I accept the terms in the license agreement if you want to
          continue. Click Next.




                                                                                             17
                           This is trial version
                           www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          6. On the Destination Folder page, you see the folder where Enterprise Console
             will be installed. By default, this is the folder where Enterprise Console 1.0
             was installed. Click Next.
          7. On the Setup Type page, leave Complete selected and click Next.
              You can also select the Custom option, for example, if you want to preview
              the scripts before running them on your database. For instructions on
              upgrading using Custom setup, see Appendix 1, step 6.
          8. On the Ready to Install page, click Install. If the computer is in a domain
             and you are logged in as domain administrator, you see the page in step 9.
             Otherwise, you see the message box described in step 10.
          9. If the computer is in a domain, the Enterprise Console user group page is
             displayed. This lets you specify who can use Enterprise Console. Select an
             existing global group or enter the name of a new global group. Click Next.
          10.When upgrade is complete, you are prompted to log off or restart. Click Yes
             or Finish.
              You have now upgraded all components of Sophos Enterprise Console –
              management server, management console, EM Library, and database.
              If ever you replace the file server, ensure the replacement has the same name
              and IP address, so that Enterprise Console can continue to manage computers.
          11.When you log on to the computer again, as the same user, the EM Library
             console is displayed.
              You can continue using earlier versions of the library with the upgraded EM
              Library console. However, earlier versions of the library cannot use a
              Frequent updates schedule. If you want to use an existing library with a
              Frequent updates schedule, upgrade it to version 1.3. Otherwise, make sure
              an Hourly updates schedule is active.
              If any child libraries depend on the library for which you want to set up a
              Frequent updates schedule, you must upgrade them to version 1.3 before
              you configure them to download new packages from the parent library.
          12.If you do not see your existing library in the EM Library console tree (the
             library is shown as “not connected”), reconnect to it as described in
             section 7.
          13. If you see your existing library in the EM Library console, download the new
             anti-virus and (if your license includes it) firewall software as described in
             section 8.




    18
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/     Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    7 Reconnecting existing library or libraries
       1. In Sophos Enterprise Console, on the toolbar, click Libraries.
          Alternatively, you can open EM Library console from the Start menu
          (Start|Programs|Sophos|EM Library|Sophos EM Library Console).
          Click Open Library.
       2. In the EM Library Properties dialog box, in the first text box, type the path
          to the computer that has the library. Ensure that the same computer’s name
          is displayed in the second text box.




       3. In the EM Library dialog box, click Yes to upgrade the library.




          The library should now appear in the EM Library console, with all your
          existing settings, including updating location and subscriptions, preserved.
                                                                                               19
                           This is trial version
                           www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    8 Downloading new anti-virus and firewall software
              If you want to receive installations and updates for Sophos Anti-Virus 6 and
              (if your license includes it) Sophos Client Firewall, you will need to specify a
              different source from which EM Library downloads updates (the “primary
              parent”). Then you will need to subscribe to and download the package that
              contains the latest version of Sophos Anti-Virus and Sophos Client Firewall.
              Sophos Client Firewall version 1.0 is designed to run on workstations
              connected to a LAN (local area network) or the internet. It should not be
              installed on a computer running a server operating system or a computer
              where EM Library is installed. You should include such computers in a
              separate Enterprise Console group and apply a separate firewall policy to the
              group, with the firewall disabled.
              If you have chosen a phased rollout upgrade scenario, before you download
              new software, make sure that you are subscribed to a “fixed” package (IDEs
              only) of Sophos Anti-Virus for Windows 2000/XP/2003. If you are
              subscribed to the latest package (SAV+IDEs), your networked computers
              will be upgraded automatically as soon as you change the databank address
              in EM Library during the upgrade. To avoid this, in the EM Library console
              tree, under EM Library, Packages, make sure that you are subscribed to the
              “Sophos Anti-Virus for Windows 2000/XP/2003 IDEs only” package, and
              your networked computers update from the CID where this package is
              downloaded.
              If your license includes Sophos Client Firewall, proceed to section 8.1. If
              your license does not include Sophos Client Firewall, go to section 8.2.

    8.1 Downloading Sophos Anti-Virus 6 and Sophos Client Firewall
          1. In the EM Library console tree, right-click EM Library and select Properties.
             A set of tabbed pages is displayed.
          2. Click the Primary parent tab. By default, Website is selected. In the drop-
             down menu, select one of the databank addresses depending on what
             upgrade scenario you have chosen.




    20
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




         Phased rollout
         If you want to upgrade protection on your networked computers to Sophos
         Anti-Virus 6 and Sophos Client Firewall in stages, and continue receiving
         updates for Sophos Anti-Virus 5 for some time (while it is still supported),
         select http://es-central-2.sophos.com/update. This databank contains both
         Sophos Anti-Virus 5 and Sophos Endpoint Security packages. (The Sophos
         Endpoint Security package contains an installer for both Sophos Anti-Virus 6
         and Sophos Client Firewall.)




         Immediate upgrade
         If you want to upgrade protection on your networked computers to Sophos
         Anti-Virus 6 and Sophos Client Firewall right away, select
         http://es-latest-2.sophos.com/update. This databank contains the Sophos
         Endpoint Security package, with an installer for both Sophos Anti-Virus 6
         and Sophos Client Firewall.
         Click Apply, and then click OK.
      3. In the EM Library console tree, click EM Library. In the Configuration pane,
         click Select Packages. EM Library will fetch the list of packages from the
         parent.
      4. In the EM Library console tree, under EM Library, Packages, click
         Unsubscribed.
      5. In the list of software packages, highlight the package “Sophos endpoint
         security for Windows 2000/XP/2003 v6.0.”
         Sophos recommends that you subscribe to the “Latest” package, because
         you will automatically receive the latest version each month as well as new
         virus identity (IDE) files.




                                                                                            21
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          6. Right-click the selection to display a menu and select Subscribe.




          7. In the message box asking you to confirm the subscription, click Yes.
          8. In the message box asking you whether you want to add a central
             installation directory (CID) for this package, click Yes. A wizard guides you
             through specifying a CID into which the software will be placed. The default
             directory name is SAVSCFXP     .
              For more information about completing the wizard, see EM Library Help,
              “How do I download the software for new platforms?”
          9. In the EM Library console tree, click EM Library. In the Configuration view,
             click Download Packages.
          10.In the message box asking you to confirm the download, click Yes. The
             Updating packages from the parent progress bar is displayed.
              When downloading is complete, the Updating your central installations
              progress bar is displayed.
              After the new package has been downloaded from the parent and placed
              into your central installation directory, you are ready to pre-configure your
              anti-virus and firewall software and install it on your networked computers.



    22
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




           If you have a remote management console you want to upgrade, proceed to
           section 9. Otherwise, click the Start Enterprise Console button in the
           Configuration view and go to section 10.

    8.2 Downloading Sophos Anti-Virus 6 only
           You can continue receiving updates for Sophos Anti-Virus 5 (while it is still
           supported) from the old updating location (primary parent)
           http://es-latest.sophos.com/update.
           If you subscribe to Sophos Anti-Virus 6 and specify the same central
           installation directory (CID) you have been using for Sophos Anti-Virus 5,
           your Sophos Anti-Virus 5 clients will be automatically upgraded to version 6
           across your entire network. Sophos recommends that you create a different
           CID for Sophos Anti-Virus 6 (e.g. ESXPSAV6) and upgrade your computers
           by pointing to it only after you have verified Enterprise Console policies.
           To subscribe to Sophos Anti-Virus 6, do the following.
        1. In the EM Library console tree, right-click EM Library and select Properties.
           A set of tabbed pages is displayed.
        2. Click the Primary parent tab. By default, Website is selected. In the drop-
           down menu, select one of the databank addresses depending on what
           upgrade scenario you have chosen.

           Phased rollout
           If you want to upgrade protection on your computers to Sophos Anti-Virus 6
           in stages, select http://es-central-2.sophos.com/update. This databank
           contains both Sophos Anti-Virus 5 and Sophos Anti-Virus 6 packages. You
           will then need to create custom CID location(s) for Sophos Anti-Virus 6
           because the default directory name is the same as the name of the directory
           for Sophos Anti-Virus 5, i.e. ESXP .




                                                                                              23
                            This is trial version
                            www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




              Immediate upgrade
              If you want to upgrade protection on your networked computers to Sophos
              Anti-Virus 6 right away, select http://es-latest-2.sophos.com/update. This
              databank contains the Sophos Anti-Virus 6 package.
          3. In the EM Library console tree, click EM Library. In the Configuration pane,
             click Select Packages. EM Library will fetch the list of packages from the
             parent.
          4. In the EM Library console tree, under EM Library, Packages, click
             Unsubscribed.
          5. In the list of software packages, highlight the package “Sophos Anti-Virus for
             Windows 2000/XP/2003 v6.0.”
              Sophos recommends that you subscribe to the “Latest” package, because
              you will automatically receive the latest version each month as well as new
              virus identity (IDE) files.
          6. Right-click the highlighted package to display a menu and select Subscribe.
          7. In the message box asking you to confirm the subscription, click Yes.
          8. In the message box asking you whether you want to add a central
             installation directory (CID) for this package, click Yes. A wizard guides you
             through specifying a CID into which the software will be placed. The default
                                      ,
             directory name is ESXP the same as the name of the directory for Sophos
             Anti-Virus 5.
          9. If you do not want your networked computers to be upgraded immediately,
             create a custom CID for the Sophos Anti-Virus 6 package. On the CID
             Location page of the wizard, select Custom CID location and specify a
             different directory, e.g. ESXPSAV6.
              For more information about completing the wizard, see EM Library Help,
              “How do I download the software for new platforms?”
          10.In the EM Library console tree, click EM Library. In the Configuration view,
             click Download Packages.
          11.In the message box asking you to confirm the download, click Yes. The
             Updating packages from the parent progress bar is displayed.
              When downloading is complete, the Updating your central installations
              progress bar is displayed.




    24
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




       If you have chosen a phased rollout, after the new package has been
       downloaded from the parent and placed into your central installation
       directory, you are ready to pre-configure your anti-virus software and install
       it on your networked computers.
       If you have a remote management console you want to upgrade, proceed to
       section 9. Otherwise, click the Start Enterprise Console button in the
       Configuration view and go to section 10.
       If you have chosen an immediate upgrade, and you have a remote
       management console you want to upgrade, proceed to section 9. If you do
       not have a remote management console, you have completed the upgrade.
       Your networked computers will be upgraded automatically. If you want to
       verify Enterprise Console policies that were created during the upgrade, go
       to section 11.




                                                                                          25
                       This is trial version
                       www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    9 Upgrading remote management console
              If you use a remote management console and want to upgrade it, do the
              following.
          1. Log on as an administrator at the computer where the remote management
             console, version 1.0 is installed.
          2. Insert the Sophos Network Install CD. The CD should auto-run. If the CD
             does not auto-run, browse to the CD and double-click Launchcd.exe.
             On the Welcome page, click Install.
              Alternatively, download the Sophos Anti-Virus and Sophos Client Firewall
              Network Installer from the Sophos website and run it.
          3. On the Welcome page of the Sophos Enterprise Console InstallShield
             Wizard, click Next.
          4. On the License Agreement page of the wizard, read the license agreement
             and click I accept the terms in the license agreement if you want to
             continue. Click Next.
          5. On the Destination Folder page, you see the folder where the remote
             management console will be installed. Click Next.
          6. On the Setup Type page, select Custom and click Next.
          7. On the Custom Setup page, make sure that both Management console and
             EM Library are selected for installation. Click Next.




    26
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      8. On the Management Service page, you specify the computer where the
         Sophos Management Service is running. The name of the computer where
         Enterprise Console management server is installed is displayed. Click Next.




      9. On the Ready to Install page, click Install. If the computer is in a domain
         and you are logged in as domain administrator, you see the page in step 10.
         Otherwise, you see the message box described in step 11.
      10.If the computer is in a domain, the Enterprise Console user group page is
         displayed. This lets you specify who can use Enterprise Console. Select an
         existing global group or enter the name of a new global group. Click Next.
      11.When upgrade is complete, you are prompted to log off or restart. Click Yes
         or Finish.
         The installer has now upgraded the remote management console, retaining
         your settings.




                                                                                            27
                         This is trial version
                         www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    10 Setting up default updating policy
              Now you need to specify an updating location and credentials for the default
              updating policy, before it is assigned to new groups. Until you do so, your
              computers cannot be updated using this policy.
          1. Start Sophos Enterprise Console from the Start menu.
          2. In the Enterprise Console, Policies pane, double-click Updating, and then
             double-click Default to edit the default policy.
          3. In the Updating policy dialog box, select an operating system. Click
             Configure.




          4. In the Set updating policy dialog box, click the Primary server tab and
             make sure the correct CID location is selected in the drop-down menu.




    28
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      5. If necessary, enter the Username for the account that will be used to access
         the server, and then enter and confirm the Password.
         If the Username needs to be qualified to indicate the domain, use the form
         domain\username.




         For more information about setting up updating, see Sophos Enterprise
         Console Help, “How do I set up updating?”
         Repeat steps 3 through 5 for each operating system.
         The default updating policy is now complete.
         Sophos recommends that a particular updating location (CID) should not be
         associated with more than 1,000 updatable computers, to ensure efficient
         network load balancing and traffic distribution. The optimum number of
         computers updating from the same location is 600-700. If you have more
         than 1,000 networked computers, create several updating policies with
         different updating locations and make sure each policy is applied to a group
         of no more than 1,000 computers.
         Now proceed to section 11, for instructions on how to verify Enterprise
         Console policies generated during the upgrade.




                                                                                            29
                         This is trial version
                         www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    11 Checking Enterprise Console policies
              After upgrading from Sophos Enterprise Console version 1.0 to version 2.0,
              you should check that the policies generated during the upgrade are correct.

    11.1 How anti-virus and updating policies are generated
              ! Existing Enterprise Console policies assigned to groups are converted
                into new updating or anti-virus policies. This happens automatically
                provided that the database was included in the installation. Policies
                created in this way are given names consisting of the name of a group
                followed by a unique number.
              ! If there is no existing policy for a group, the respective default policy is
                used.
              ! If a group’s configuration matches that of the default policy, a new
                policy will be created and assigned to the group – the group will not be
                assigned the default policy.




    11.2 Verifying policies
              Check that correct policies are assigned to groups and if any duplicate
              policies have been created during the upgrade.
              In Sophos Enterprise Console 2.0, a group must always have a policy
              assigned to it for each policy type. A policy cannot be set to None.
              Each policy type has a default policy. You can modify default policies as
              required.




    30
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




       Updating policy
       You should have already modified the default updating policy to include the
       location from which computers will fetch updates, as described in
       section 10.
       If you apply the same policy to more than one group, ensure that you do not
       have more than 1,000 computers altogether updating from the same
       location. The optimum number updating from the same location is 600-
       700.
       Anti-virus policy
       By default, all files likely to contain a virus are scanned on access. But you
       might also want to:
       ! configure Sophos Anti-Virus to send email alerts when a virus is found.
       ! turn off on-access scanning on Exchange servers or other servers where
         performance might be affected. (See the knowledgebase article “Sophos
         Anti-Virus for Windows 2000/XP/2003: installing without on-access
         scanning on servers”:
          http://www.sophos.com/support/knowledgebase/article/2421.html).
       ! scan computers for potentially unwanted applications.
       In the default anti-virus policy on-access scanning for potentially
       unwanted applications is disabled. Sophos recommends that you do not
       enable it until after you have run a scheduled scan, to detect potentially
       unwanted applications. This lets you deal safely with applications that are
       already running on your network. Scanning for potentially unwanted
       applications is best configured after the upgrade. You can then enable on-
       access detection to protect your computers in future. For instructions, see
       section 16.
       Firewall policy
       By default, the firewall blocks all non-essential connections. Therefore, you
       must create your own firewall policy. We recommend that you install the
       firewall on a few sample computers, customize it and use these settings as
       your policy (see section 12).
       You should include your servers in a separate Enterprise Console group and
       apply a separate firewall policy to the group, with the firewall disabled.
       The firewall should not be installed on a computer where EM Library is
       installed. You should include such computers in a separate Enterprise
       Console group and apply a separate firewall policy to the group, with the
       firewall disabled.

                                                                                          31
                         This is trial version
                         www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




              You can check policies that apply to each group or view the list of groups a
              particular policy is assigned to.
              To check policies that apply to each group:
          1. In Sophos Enterprise Console, in the Groups pane, right-click a group to
             display a menu. Select View group policy details.




          2. In the Group details window, verify that the group is assigned the right
             policies. If not, for a policy type, select a different policy from the drop-down
             list and confirm your selection.




              To view the list of groups a policy is assigned to:
          1. In Sophos Enterprise Console, in the Policies pane, right-click a policy to
             display a menu. Select View groups using policy.




    32
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      2. In the Groups using this policy window, verify that the policy has the right
         groups assigned to it.




         You cannot change the groups assigned to a policy. If you need to change
         the settings, do this from the Group details window as described earlier in
         this section.
         If required, update policies, delete duplicates or create new policies.
         When you are ready to upgrade, remember to configure the updating policy
         you want to apply, by specifying the address of updating location (CID) that
         contains the latest package. You can then upgrade your computers by
         applying to their group this updating policy, as described in section 13.
         To learn how to set up firewall policies (if your license includes Sophos
         Client Firewall), go to section 12.
         If your license does not include Sophos Client Firewall, and you haven’t
         chosen an immediate upgrade when downloading Sophos Anti-Virus 6, you
         can now proceed with upgrading your networked computers. Go to
         section 13.




                                                                                            33
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    12 Setting up firewall policies
              By default, the firewall blocks all non-essential connections. Therefore,
              before you begin using the firewall, you must create your own firewall policy
              so that appropriate applications can access the network. We recommend
              that you install the firewall on a few sample computers, customize it and
              use these settings as your policy.
              You will need to restart computers where you are deploying the firewall, to
              complete the installation.
              For more information about planning, deploying, and configuring firewall
              protection, follow the link below to view the knowledgebase article “Sophos
              Client Firewall: Administrator roll-out guidelines”:
              http://www.sophos.com/support/knowledgebase/article/4197.html
              To install the firewall on sample computers that are representative of your
              network and configure the firewall, do the following.
          1. If you haven’t already done so, use EM Library console to reconfigure EM
             Library so that it downloads the “Sophos Endpoint Security” package, which
             includes the firewall, as described in section 8.1. The default update
             directory name should be SAVSCFXP     .
          2. Select the sample computer(s) where you want to install the firewall. Right-
             click the selected computer(s) and select Protect computers.
          3. A wizard is launched. On the Welcome page, click Next.
          4. On the Select security software page, select Install Sophos Client Firewall.
             Click Next.
          5. On the Protection summary page, you see a list of the computers where the
             software will be installed automatically. Click Next.
          6. On the Credentials page, enter details of an account which can be used to
             install software. This account is typically a domain administrator account.
             Click Finish.
              To complete the installation, the sample computers need to be restarted.
              When you first install the firewall, it uses the default settings. The firewall:
              ! is enabled
              ! is in non-interactive mode
              ! blocks all non-essential connections.



    34
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      7. On each sample computer, log on to an account that is a member of the
         SophosAdmin or SophosPowerUser group. Right-click the firewall icon in the
         system tray to display a menu, and select Configure.




      8. On the General tabbed page, under Working mode, select Interactive. The
         firewall will prompt you to allow or block each application when it is used.
         You need to start and allow each application that would normally be used
         on the computer, to generate rules allowing the applicatons to access the
         network.
         Alternatively, in the SCF Configuration Editor dialog box, click the
         Applications tab. Click Add and browse to each application you want. The
         application is then “trusted.” For greater security, highlight the program,
         click Custom (bottom right-hand of the dialog box) and create a rule. For
         instructions on how to create an application rule, refer to Sophos Client
         Firewall Help.




      9. When the firewall is configured, on the General tab, under Managing
         configuration, click Export to export the configuration to your chosen
         location.
      10.In the Export configuration dialog box, browse to the location where you
         want to save the configuration file, enter a file name, and then click Save. A
         firewall configuration file with a .conf extension is created.
      11.Repeat the above steps on each computer you want to use as a sample.
      12.Now go to the Enterprise Console.




                                                                                            35
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




              After the firewall has been deployed on networked computers, it may take
              approximately 15 minutes or a little longer (depending on system
              configuration) for the status to be updated in the Enterprise Console.
          13.In the Policies pane, double-click Firewall and then double-click the policy
             you want to edit.
          14.In the Firewall policy dialog box, on the General tabbed page, click Import
             to import a configuration you developed earlier.
          15.In the Import configuration dialog box, browse to the configuration file you
             created earlier in step 10, and then click Open.
              When you import each configuration, you are given the option to merge it
              with other configurations you have already imported, to create a policy that
              is valid for all computers on the network.




              For more information on configuring the firewall, refer to Sophos Client
              Firewall Help.
              After you have set up and verified Enterprise Console policies, you can apply
              them to groups of your networked computers, as described in
              section 13.




    36
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/




       Upgrading protection on networked computers




               This is trial version
               www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    13 Protecting computers from Enterprise Console

    13.1 Upgrading managed computers
              After you have upgraded Enterprise Console, downloaded the new versions
              of anti-virus and (if your license includes it) firewall software, and set up
              and verified Enterprise Console policies, you can upgrade protection on your
              networked computers that are managed from Enterprise Console. Sophos
              recommends that you upgrade one group of computers at a time.
              Remember to include a computer where EM Library is installed and your
              servers in separate Enterprise Console group(s) and apply a separate firewall
              policy to the group(s), with the firewall disabled.
          1. To upgrade protection on networked computers that are managed from
             Enterprise Console, apply to their group an updating policy pointing to a CID
             that contains one of the following packages:
              ! Sophos endpoint security for Windows 2000/XP/2003 v6.0 (if your
                license includes Sophos Client Firewall). The default directory name is
                SAVSCFXP   .
              ! Sophos Anti-Virus for Windows 2000/XP/2003 v6.0 (if your license does
                not include Sophos Client Firewall). The directory should be the one you
                created in section 8.2, step 9.
              For example, check that a policy points to the correct CID as shown below.




    38
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




         Then assign the updating policy to the group. Right-click the group to
         display a menu, and then click View group policy details. In the Group
         details dialog box, select the policy in the Updating drop-down menu.




      2. Apply anti-virus and firewall policies that you have configured for the group.
         In the Group details dialog box, select the anti-virus and firewall policies.
         Click OK.
      3. In the Confirm policy changes for this group dialog box, click OK.
      4. After the software and policies have been deployed on the computers in this
         group and tested, proceed with the next group.
      5. After all your computers have been successfully upgraded, unsubscribe from
         an old package (Sophos Anti-Virus 5) in EM Library and delete any unused
         CIDs containing the old package.




                                                                                            39
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    13.2 Protecting new and unassigned computers
              If some of your computers are not yet protected automatically, you may
              want to start managing them from the management console.
              Automatic installation is not possible on Windows 95/98/Me and Mac
              computers. Use manual or scripted installation instead (see section 14).
              However, if you are already running the latest version of Sophos Anti-Virus
              for Windows NT/95/98/Me or Mac OS X computers (version 4.5 or later),
              you do not need to upgrade those. To view the list of current versions of
              Sophos products for various operating systems, follow this link:
              http://www.sophos.com/support/knowledgebase/article/1846.html
              To protect new computers from the console, follow this procedure.
          1. Before you can install security software on networked computers, you must
             add them to the computer list in Enterprise Console. On the toolbar, click
             the Find icon.
              Alternatively, click the drop-down arrow by the icon and specify how you
              want to find computers. You can search for computers by using one of the
              following:
              ! Active Directory (recommended, if available)
              ! Microsoft network browsing
              ! IP range.
              Searching for computers can take some time, especially if you do not use
              Active Directory, so you may want to search by stages (e.g. by domain).
              Enterprise Console places new computers in the Unassigned folder.
          2. Drag the computer(s) from the Unassigned folder onto a group. A wizard is
             launched.
          3. On the Welcome page of the wizard, click Next.




    40
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      4. On a Windows 2000 or later computer, if your license includes Sophos
         Client Firewall, on the Select security software page, select Install Sophos
         Client Firewall. Click Next.
         Sophos Client Firewall version 1.0 is designed to run on workstations
         connected to a LAN (local area network) or the internet. It should not be
         installed on a computer where EM Library is installed. You should include
         such computers in a separate Enterprise Console group and apply a separate
         firewall policy to the group, with the firewall disabled.




      5. On the Protection summary page, you see a list of the computers where the
         software will be installed automatically. Click Next.




                                                                                            41
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          6. On the Credentials page, enter details of an account which can be used to
             install software. This account is typically a domain administrator account. It
             must:
              ! have local administrator rights on computers you want to protect
              ! be able to log on on the computer where you installed the management
                server
              ! have read access to the Primary server location you specified when you
                set up updating.
              If you are using a domain account, you must enter the username in the form
              domain\user.
              Click Finish.




    42
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/   Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    14 Protecting computers manually or with a script
          If Enterprise Console is unable to install anti-virus or firewall software, or
          upgrade anti-virus software on certain computers automatically, you can
          perform the installation or upgrade manually or using a script.
          Enterprise Console will subsequently manage and update these installations,
          provided that you have put the computers into a group or groups.
          If you have Sophos Anti-Virus 4.0.x or earlier installed on
          Windows 95/98/Me computers, you must uninstall it before installing the
          latest version of Sophos Anti-Virus. To check which Sophos Anti-Virus
          version is installed, open the Sophos Anti-Virus user interface and from the
          Help menu select About. The version number is on the first line. For more
          information about removing Sophos products, follow the link below to view
          the knowledgebase article “Removing Sophos products”:
          http://www.sophos.com/support/knowledgebase/article/2958.html
          If you are already running the latest version of Sophos Anti-Virus for
          Windows NT/95/98/Me or Mac OS X computers (version 4.5 or later), you
          do not need to upgrade those.
          To upgrade software on your Windows 95/98/Me computers with a script,
          follow the link below to view the knowledgebase article “Sophos Anti-Virus
          for Windows 95/98/Me: Upgrading Windows 95/98/Me workstations to the
          current version automatically”:
          http://www.sophos.com/support/knowledgebase/article/2420.html
          If you are manually installing Sophos Anti-Virus on computers for the first
          time, for more information, follow the link below to view the knowledgebase
          article “Sophos Anti-Virus: installing software manually on networked
          computers”:
          http://www.sophos.com/support/knowledgebase/article/2386.html
          To install software manually:
       1. In Enterprise Console, select the computer(s) where you want to make a
          manual installation. Click the Update details tab and look in the “Primary
          server” column. This shows you the directory that each computer will
          update from.
          For Windows 2000 or later computers, the default directory for the “Sophos
          Endpoint Security” package, which contains the installer for both Sophos
          Anti-Virus and Sophos Client Firewall, is SAVSCFXP.



                                                                                             43
                           This is trial version
                           www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          2. Go to the computer and browse to the directory that it will update from.
              On a Windows computer, double-click setup.exe.
              On a Windows 2000 or later computer, if your license includes Sophos
              Client Firewall, in the Setup dialog box, select the Install Sophos Client
              Firewall check box.
              Alternatively, to protect Windows 2000 and Windows XP workstations with
              the firewall, as well as anti-virus software, click Start, Run, and drag the
              setup.exe file into the Open field. Type “-scf” at the end of the line,
              for example,
              \\Hyperion\Interchk\SAVSCFXP\setup.exe -scf
              and click OK.
              On a Mac OS X computer, double-click Sophos Anti-Virus.mpkg.




    44
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/




                             Post-upgrade tasks




            This is trial version
            www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    15 Checking computers are protected
              Your computers are fully protected if on-access scanning is running, the
              firewall is enabled (if installed), and the computers are up to date.
              This applies to workstations. You may decide to turn off on-access scanning
              on Exchange servers or other servers where performance might be affected.
              To check that computers are protected, do as follows.
          1. In Enterprise Console, select the group of computers you want to check.
          2. If you want to check computers in sub-groups of the group, select At this
             level and below in the drop-down menu next to the View drop-down menu.
          3. Look in the On-access column. If you see the word “Active”, the computer is
             protected by on-access scanning. If you see a grey shield and “Inactive”, the
             computer is not.
              Look in the Firewall enabled column. If you see the word “Yes”, the
              computer is protected by the firewall. If you see a greyed-out firewall icon, it
              is not.
              Look in the Up to date column. If you see the word “Yes”, the computer is
              up to date. If you see a clock icon and “Not since ....”, it is not.
              For advice on what to do if computers are not protected, see Sophos
              Enterprise Console Help, “How do I find and fix computers with problems?”




          4. If your license does not include Sophos Client Firewall, and you upgraded
             Sophos Anti-Virus on your network from a new custom CID, then do the
             following. On the computer where Enterprise Console management server is
             installed, check that Sophos Anti-Virus is upgraded to version 6. To view the
             version number, in the Sophos Anti-Virus window, click View product
             information. If Sophos Anti-Virus hasn’t been upgraded, you will need to
             uninstall it and install Sophos Anti-Virus 6 from the new CID.
    46
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/   Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    16 Setting up scanning for potentially unwanted
    applications
          When you install Sophos Enterprise Console 2.0 and Sophos Anti-Virus 6,
          on-access scanning for potentially unwanted applications is disabled.
          Protection against potentially unwanted applications is available only in
          Sophos Anti-Virus 6 or later running on Windows 2000 or later.
          Sophos recommends that you begin by using a scheduled scan to detect
          potentially unwanted applications. This lets you deal safely with applications
          that are already running on your network. You can then enable on-access
          detection to protect your computers in future.
          For more information about planning, deploying, and configuring protection
          against potentially unwanted applications, follow the link below to view the
          knowledgebase article “Sophos Endpoint Security: administrator’s roll out
          guide for potentially unwanted application (PUA) protection”:
          http://www.sophos.com/support/knowledgebase/article/3815.html
          To set up scanning for potentially unwanted applications, do the following.
       1. Check which anti-virus policy is used by the group of computers you want to
          configure. In the Groups pane, right-click the group. Select View group
          policy details. In the group details dialog box, you can see the policies
          currently used.
       2. In the Policies pane, double-click Anti-virus. Then double-click the policy
          you want to change. The Anti-virus policy dialog box is displayed.
       3. In the Scheduled scanning panel, click Add to create a new scan, or
          double-click a scan in the list to edit it.
       4. In the Scheduled scan settings dialog box, click Configure (at the bottom of
          the page).




                                                                                             47
                           This is trial version
                           www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          5. In the Scanning and cleanup settings dialog, click the Scanning tab. In the
             Other scanning options panel, select Scan for potentially unwanted
             applications. Click OK.




              When the scan is carried out, Sophos Anti-Virus may report some
              “potentially unwanted applications.”
              Sometimes a potentially unwanted application, such as adware, is part of a
              program that you intentionally installed, and needs to be there for the
              program to run. If you remove the application, the program may stop
              running on your computer.
          6. If you want your computers to run the applications, you must authorize
             them. In the Anti-virus policy dialog box, click Authorize applications. Add
             the applications to the Authorized applications list.
          7. If you do not want to authorize the applications, remove them. In the list of
             computers, right-click the computer(s) that you want to clean up and select
             Clean up threats. In the Clean up threats dialog box, on the Application
             alerts tab, select the check box next to each application you want to
             remove, or click Select all. Click OK to remove the unwanted applications
             from the computer(s).
          8. If you want to enable on-access detection, open the Anti-virus policy dialog
             box again. Click On-access and select Scan for potentially unwanted
             applications.
              Some applications monitor files and attempt to access them frequently. If
              you have on-access scanning enabled, it detects each access and sends
              multiple alerts.
              If you want full detection and cleanup of potentially unwanted applications
              or multi-component threats on external disk drives, you must configure
              Windows to report such drives as local.

    48
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/




                 Upgrading from EM Library 1.1




            This is trial version
            www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    17 Upgrading from EM Library 1.1
              If you do not have Sophos Enterprise Console 1.0 but have already been
              using EM Library 1.1, and now want to install Sophos Enterprise Console
              2.0, follow the steps in this section.
              The following checklist can help guide you through the upgrade process. For
              a detailed step-by-step procedure, go to the description on the next page.

    Checklist: Upgrading from EM Library 1.1

    Task no. Task description                          Instructions                          Completed

    1         Create a valid, complete backup          Your system documentation                "

    2         Check system requirements and            Sophos Anti-Virus and Sophos Client
              prerequisites                            Firewall Network Star tup Guide,         "
                                                       chapters 1 and 2

    3         Install Sophos Enterprise Console 2.0    17 Upgrading from EM Librar y 1.1
                                                                                                "
              and upgrade EM Librar y

    4         Download Sophos Anti-Virus 6 and (if     8 Downloading new anti-virus and
              included in the license) Sophos Client   firewall software                        "
              Firewall

    5         Install remote management console (if    Sophos Anti-Virus and Sophos Client
              relevant)                                Firewall Network Star tup Guide,
                                                                                                "
                                                       chapter 8, "Set up a remote
                                                       management console"

    6         Configure Sophos Enterprise Console      Sophos Anti-Virus and Sophos Client
                                                       Firewall Network Star tup Guide,         "
                                                       chapters 9 through 11

    7         Protect networked computers              Sophos Anti-Virus and Sophos Client
                                                       Firewall Network Star tup Guide,         "
                                                       chapters 12 through 15

    8         Protect computers that cannot be         14 Protecting computers manually or
                                                                                                "
              protected automatically                  with a script

    9         Perform maintenance tasks                Sophos Anti-Virus and Sophos Client
                                                       Firewall Network Star tup Guide,         "
                                                       chapters 17 through 19



    50
                                  This is trial version
                                  www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      Before you begin
         For information about planning the upgrade, system requirements and
         prerequisites, refer to the Sophos Anti-Virus and Sophos Client Firewall
         Network Startup Guide, chapters 1 and 2.
         Once you have installed Sophos Enterprise Console, you need to refer to the
         Sophos Anti-Virus and Sophos Client Firewall Network Startup Guide again,
         for detailed instructions on how to configure it.
      1. Log on as an administrator at the computer where EM Library 1.1 is
         installed.
      2. Follow the steps in section 6 to install Sophos Enterprise Console 2.0 and
         upgrade EM Library to version 1.3.
         After you have logged off from the computer and then logged back on, EM
         Library console is displayed. If you have a local installation of EM Library,
         you should see your library in the EM Library console, with all its settings
         retained. If this is the case, go to step 10.
         If you do not see your existing library in the EM Library console tree (the
         library is shown as “not connected”), reconnect to it as described in
         section 7, and then go to step 10.
         If you have a remote EM Library installation, you need to connect your
         console to the library as follows.




                                                                                            51
                         This is trial version
                         www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          3. In the EM Library console, click Open Library. In the EM Library Properties
             dialog box, in the first text box, type the path to the computer that has the
             library. Ensure that the same computer’s name is displayed in the second
             text box.




          4. In the EM Library dialog box, click Yes to upgrade the library. This does not
             affect your library settings.




    52
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/   Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      5. In the User Account dialog box, the user name for the logged-on user (i.e.
         the name with which you logged on to this computer) is displayed. Enter
         and confirm the password. Then click Next.




      6. In the Location dialog box, specify the folder for the upgraded library. In the
         Installation Location text box, enter the path to the folder as seen on the
         computer where the installation is made. In the Library Share Name text
         box, accept the default, or type an alternative. Click Next.




                                                                                             53
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          7. In the Install Files dialog box, click Install to begin the upgrade. A progress
             bar is displayed.




          8. When upgrading is complete, a message is displayed.
          9. In the EM Library console, the library is now shown in the left-hand pane.
             Ensure it is selected, so that you can see the Configuration page.
              If a library that was already displayed in the left-hand pane of the console is
              no longer displayed, snap it in using File|Add/Remove Snap-in. For details,
              refer to EM Library Help.
          10.To download the new version of Sophos Anti-Virus and (if your license
             includes it) Sophos Client Firewall, follow instructions in section 8.
          11.If you want to set up a remote management console, refer to the Sophos
             Anti-Virus and Sophos Client Firewall Network Startup Guide, chapter 8,
             “Set up a remote management console.”
          12.Configure Sophos Enterprise Console. For instructions, refer to the Sophos
             Anti-Virus and Sophos Client Firewall Network Startup Guide, chapters 9
             through 11.
          13.Protect networked computers. Refer to the Sophos Anti-Virus and Sophos
             Client Firewall Network Startup Guide, chapters 12 through 15.
          14. Protect computers that cannot be protected automatically, manually or with
             a script. For instructions, see section 14.
          15.Perform maintenance tasks. For instructions , refer to the Sophos Anti-Virus
             and Sophos Client Firewall Network Startup Guide, chapters 17 through
             19.
    54
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/




                                    Appendices




            This is trial version
            www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    Appendix 1. Upgrading Sophos Enterprise Console
    using custom setup
              If you want to preview the scripts before running them on your database,
              you can select Custom setup when running the Sophos Enterprise Console
              InstallShield Wizard, and then choose to populate the database manually.
              To upgrade Sophos Enterprise Console using custom setup, do the following.
          1. Log on as an administrator or domain administrator, as appropriate, at the
             Windows 2000 or 2003 server where version 1.0 of Sophos Enterprise
             Console is installed.
          2. Insert the Sophos Network Install CD. The CD should auto-run. If the CD
             does not auto-run, browse to the CD and double-click Launchcd.exe.
             On the Welcome page, click Install.
              Alternatively, download the Sophos Anti-Virus and Sophos Client Firewall
              Network Installer from the Sophos website and run it.
          3. On the Welcome page of the Sophos Enterprise Console InstallShield
             Wizard, click Next.
          4. On the License Agreement page of the wizard, click I accept the terms in
             the license agreement if you want to continue. Click Next.
          5. On the Destination Folder page, you see the folder where Enterprise Console
             will be installed. By default, this is the folder where Enterprise Console 1.0
             was installed. Click Next.
          6. On the Setup Type page, select Custom and click Next.




    56
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      7. On the Custom Setup page, select Database and other features you want to
         upgrade now. Click Next.




      8. On the Database page, under Instance name, select SOPHOS. Then select
         Populate database later. Click Next.
         Script files will be created in your installation directory, usually C:\Program
         Files\Sophos\Enterprise Console\DB.




                                                                                            57
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          9. On the User Account Impersonation page, enter the username and
             password of the user account that Enterprise Console will impersonate in
             order to connect to the database.




         10. On the Ready to Install page, click Install. If the computer is in a domain
             and you are logged in as domain administrator, you see the page in step 11.
             Otherwise, you see the message box described in step 12.




    58
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      11.If the computer is in a domain, the Enterprise Console user group page is
         displayed. This lets you specify who can use Enterprise Console. Select an
         existing global group or enter the name of a new global group. Click Next.




      12.When upgrade is complete, you are prompted to log off or restart. Click Yes
         or Finish.

      Populate the database
         To populate the database, you use the batch file manualInstall.bat. It calls
         the .sql scripts which create tables and stored procedures in the database.
      13.At the computer where you installed the database, open Command Prompt
         and browse to the directory
         Program Files\Sophos\Enterprise Console\DB




                                                                                            59
                         This is trial version
                         www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          14.Locate the batch file manualInstall.bat and run it. If the database instance is
             called SOPHOS, you do not need to specify any parameters.
              If the database instance is anything other than SOPHOS, run the batch file
              with the name of the database, for example
              manualInstall.bat MYINSTANCE
              If installing on a default, unnamed instance of the database, enter
              manualInstall.bat (local)
              If the computer is a domain controller, you will also need to specify the
              name of the domain that it controls. For example
              manualInstall.bat MYINSTANCE domainname
              This will create all the tables and stored procedures in the database.

          Transfer data from the old database
              To transfer data from the old database to the one you have just created and
              populated, you use the utility DBUpgrade.exe, which is installed into
              Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn
              The utility takes two parameters:
              ! the database instance name (SOPHOS)
              ! the directory that contains an utility called dtsrun:
                 Program Files\Microsoft SQL Server\80\Tools\Binn
          15. Open Command Prompt and browse to the directory
              Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn
          16.Type
              DBUpgrade.exe SOPHOS "C:\Program Files\Microsoft SQL
              Server\80\Tools\Binn"
              This will transfer and upgrade the information in the database.
          17.Go to Control Panel, Administrative tools, Services and start the Sophos
             Management Service process.
          If you haven’t upgraded all Sophos Enterprise Console features, upgrade them.
          If you want to move the database to a different computer, see Appendix 2.




    60
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    Appendix 2. Moving the database to another
    computer
          Unlike Sophos Enterprise Console 1.0, Sophos Enterprise Console 2.0 does
          not require all its components to be installed on the same computer. Now
          the database and management server can be on different computers. Once
          you have upgraded, you can move the database. You may want to move the
          database to make better use of available resources, e.g. a corporate
          Microsoft SQL Server installation, or improve the system’s resilience. You
          may also want to move the database when recovering from a hardware
          failure.

       Prerequisites
          ! You must be running Sophos Enterprise Console version 2.0.
          If you have upgraded from Sophos Enterprise Console version 1.0, the
          following is recommended before moving the database:
          ! The upgrade of your network has been completed and tested.
          ! Any necessary adjustments to groups in Sophos Enterprise Console 2.0
            have been made.
          ! Any necessary adjustments to policies in Sophos Enterprise Console 2.0
            have been made.

       Computer names in the example below
          Management Services Host - computer running Sophos Enterprise
          Console 2.0, SAV 6.x and SOPHOS instance of Microsoft SQL Server
          Desktop Engine (MSDE)
          Database Host - computer running SQL server

       Tasks
       1. Create a valid, complete backup of your Sophos Enterprise Console
          installation.
          If for some reason the move process is unsuccessful, you will need to
          recover your Sophos Enterprise Console system to its previous state from
          your backup.
       2. Install the database component on the Database Host.



                                                                                            61
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          3. If you chose to populate the database after the installation, populate the
             database on the Database Host using a script supplied by Sophos.
          4. Copy data from the database on the Management Services Host to the
             database on the Database Host, using a script supplied by Sophos.
          5. Reconfigure the Management Services Host to point to the database on the
             Database Host and uninstall the database on the Management Services
             Host.
          6. Check that the database was moved successfully.
              It is also possible to move the management server to another computer. The
              process of moving the server is complex and generally not recommended.
              However, you may need to do this, for example, when recovering from a
              hardware failure. Make regular backups of your installation and, if you need
              to move the management server to another computer, contact Sophos
              technical support for advice.
              For instructions on moving the database to another computer in a domain
              environment, go to section “Moving the database in a domain environment.”
              For instructions on moving the database in a workgroup environment, go to
              section “Moving the database in a workgroup environment.”




    62
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    Moving the database in a domain environment

        Preconditions
           ! You have all major components of Sophos Enterprise Console –
             management console, management server, database, and EM Library –
             installed on a domain computer (“Management Services Host”).
           ! You want to move the database to another domain computer (“Database
             Host”).
           ! You are logged on to the Management Services Host and the Database
             Host as a domain administrator.
              If the built-in administrator account has been deleted from the Database
              Server on the Management Services Host, the account you are logged on
              to must have system administrator rights on the Database Server on the
              Management Services Host.
           Before you move the database, make sure you have a valid, complete
           backup of your Sophos Enterprise Console installation. If for some reason
           the move process is unsuccessful, you will need to recover your Sophos
           Enterprise Console system to its previous state from your backup.

        Install the database on the Database Host
        1. Launch the Sophos Enterprise Console installer as follows.
           Insert the Sophos Network Install CD. The CD should auto-run. If the CD
           does not auto-run, browse to the CD and double-click Launchcd.exe.
           On the Welcome page, click Install.
           Alternatively, download the Sophos Anti-Virus and Sophos Client Firewall
           Network Installer from the Sophos website and run it.
           Follow instructions in the wizard.
        2. On the Setup Type page of the wizard, select Custom and click Next.




                                                                                              63
                           This is trial version
                           www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          3. On the Custom Setup page, select Database and deselect all other
             components. Click Next.




    64
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      4. On the Database page, note the name of the Microsoft SQL Server instance
         that you install the database to – you will need this later when reconfiguring
         the management server on the Management Services Host. By default, a
         new SQL Server instance called SOPHOS is created and populated
         automatically.
         If you want to preview the scripts before running them on your database,
         you can choose to populate the database later. Script files will be created in
         your installation directory, usually C:\Program Files\Sophos\Enterprise
         Console\DB. The batch file for populating the database is called
         manualInstall.bat. It calls the .sql scripts which create tables and stored
         procedures in the database.
         Click Next.




                                                                                            65
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          5. On the User Account Impersonation page, enter the username and
             password of the user account that Enterprise Console will impersonate in
             order to connect to the database. Click Change to browse to the domain and
             username and type in the password. Alternatively, you can create a new
             user. Note these credentials – you will need them later when reconfiguring
             the management server on the Management Services Host.
              After you have entered and noted the Impersonation User credentials, click
              Next.




          6. On the Ready to Install page, click Install.




    66
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/ Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      7. On the Enterprise Console user group page, select the group that you want
         to allow to use Sophos Enterprise Console. This group must be the same as
         the Enterprise Console user group you chose when upgrading Enterprise
         Console on the Management Services Host, as described in section 6,
         step 9.
         The right to access the console is granted to a user (member of the domain)
         by making them a member of this global group. This group must be a
         member of the Sophos Console Administrators local group on the
         Management Services Host and the Sophos DB Users group on the
         Database Host.
         After you have selected the group, click Next.




         If you did not populate the database when you installed it, continue to
         step 8. Otherwise, proceed to step 10.

      Populate the database
      8. At the computer where you installed the database, open Command Prompt
         and browse to the directory
         Program Files\Sophos\Enterprise Console\DB




                                                                                           67
                         This is trial version
                         www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          9. Locate the batch file manualInstall.bat and run it. If the database instance is
             called SOPHOS, you do not need to specify any parameters.
              If the database instance is anything other than SOPHOS, run the batch file
              with the name of the database, for example
              manualInstall.bat MYINSTANCE
              If installing on a default, unnamed instance of the database, enter
              manualInstall.bat (local)
              If the computer is a domain controller, you will also need to specify the
              name of the domain that it controls. For example
              manualInstall.bat MYINSTANCE domainname

          Copy data from the database on the Management Services Host to the
          database on the Database Host
          10.On the Management Services Host, go to Control Panel, Administrative
             tools, Services and stop the Sophos Management Service process.
          11.Open command prompt and navigate to the Sophos installation directory
             (usually “C:\Program Files\Sophos”).
          12.Navigate to “Enterprise Console\DB” and type the command in the format
              moveSophos2 Management Services Host\SOPHOS Database
              Host\Database Instance
              where Management Services Host is the name of the computer where you
              move the database from, Database Host is the name of the computer where
              you move the database to, and Database Instance is the name of the
              Microsoft SQL Server instance on the Database Host, recorded earlier in
              step 4, for example
              moveSophos2 Morpheus\SOPHOS Zeus\SOPHOS
              This will transfer the data from the Management Services Host (Morpheus)
              to the Database Host (Zeus).
              The moveSophos2 batch file requires the dtsrun utility. This utility is not
              included with SQL Server 2005 Express Edition and is not always installed
              with SQL Server 2005. If you do not have dtsrun installed, install either the
              client tools for SQL Server 2000 or MSDE. You can run DTS (Data
              Transformation Services) packages and SSIS (SQL Server 2005 Integration
              Services) packages on the same computer.




    68
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide



      Reconfigure the Management Services Host to point to the database on the
      Database Host and uninstall the database on the Management Services
      Host
      13.Go to Control Panel, Add or Remove Programs. Select Sophos Enterprise
         Console and click Change.
      14.On the Welcome page of the Sophos Enterprise Console InstallShield
         Wizard, click Next.
      15.On the Program Maintenance page, select Modify and click Next.




      16.On the Custom Setup page, deselect Database. Click Next.




                                                                                          69
                        This is trial version
                        www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          17.On the Database details page, select the Database Host and the name of
             the Microsoft SQL Server instance (recorded earlier in step 4). Click Next.




          18.On the User Account Impersonation page, add the domain, username and
             password recorded earlier in step 5. Click Change and, in the Browse for a
             user account dialog box, enter the user account details. Click Next.




          19.On the Ready to Modify page, click Install. The database is removed from
             the computer.
    70
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      20.The following registry key is created:
         HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\ManagementTools\DatabaseUser
         In this key, in the DatabaseUserPassword string value, the password will be
         obfuscated. To further increase security, change permissions on the
         Management Tools key so that the users cannot view the key’s settings.
         Make sure that the SYSTEM account has access to this key, because Sophos
         Management Service is running under this account.
         If you run Windows 2000, you will not be able to change the key’s security
         settings using Regedit.exe because the Permissions feature is not included in
         earlier versions of Regedit. In this case, to change the key’s permissions, run
         Regedt32. Select the
         HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\Management Tools key
         and, on the Security menu, click Permissions. Change the settings as
         appropriate.
      21.On the Management Services Host, go to Control Panel, Administrative
         tools, Services and check that the Sophos Management Service process has
         started.

      Check that the database was moved successfully
      22.Go to Enterprise Console and check that all your groups and policies appear
         in the console. You may also want to test Enterprise Console and verify that
         it is working properly, before removing MSDE from the Management
         Services Host.
         If for some reason the move process was unsuccessful, restore your Sophos
         Enterprise Console system to its previous state from your backup.




                                                                                            71
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    Moving the database in a workgroup environment

          Preconditions
              ! You have all major components of Sophos Enterprise Console –
                management console, management server, database, and EM Library –
                installed on a workgroup computer (“Management Services Host”).
              ! You want to move the database to another workgroup computer
                (“Database Host”).
              ! You are logged on to an account on the Management Services Host that
                has administrative rights on both computers. If the Administrator account
                on both computers has the same password, it is sufficient to log on to the
                Management Services Host as Administrator.
                 If the built-in administrator account has been deleted from the Database
                 Server on the Management Services Host, the account you are logged on
                 to must have the same username and password on both computers. This
                 account must have system administrator rights on the Database Server
                 on both computers.
              Before you move the database, make sure you have a valid, complete
              backup of your Sophos Enterprise Console installation. If for some reason
              the move process is unsuccessful, you will need to recover your Sophos
              Enterprise Console system to its previous state from your backup.

          Install the database on the Database Host
          1. Launch the Sophos Enterprise Console installer as follows.
              Insert the Sophos Network Install CD. The CD should auto-run. If the CD
              does not auto-run, browse to the CD and double-click Launchcd.exe.
              On the Welcome page, click Install.
              Alternatively, download the Sophos Anti-Virus and Sophos Client Firewall
              Network Installer from the Sophos website and run it.
              Follow instructions in the wizard.
          2. On the Setup Type page of the wizard, select Custom and click Next.




    72
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/ Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      3. On the Custom Setup page, select Database and deselect all other
         components. Click Next.




                                                                                           73
                         This is trial version
                         www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          4. On the Database page, note the name of the Microsoft SQL Server instance
             that you install the database to – you will need this later when reconfiguring
             the management server on the Management Services Host. By default, a
             new SQL Server instance called SOPHOS is created and populated
             automatically.
              If you want to preview the scripts before running them on your database,
              you can choose to populate the database later. Script files will be created in
              your installation directory, usually C:\Program Files\Sophos\Enterprise
              Console\DB. The batch file for populating the database is called
              manualInstall.bat. It calls the .sql scripts which create tables and stored
              procedures in the database.
              Click Next.




    74
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      5. On the User Account Impersonation page, enter the username and
         password of the user account that Enterprise Console will impersonate in
         order to connect to the database. The username should be in the format
         DOMAIN\Username, where DOMAIN is the name of the Database Host. The
         username should correspond to an account with the same username and
         password on both the Database Host and Management Services Host. Note
         the username and password - you will need them later when reconfiguring
         the management server on the Management Services Host.
         After you have entered and noted the Impersonation User credentials, click
         Next.




      6. On the Ready to Install page, click Install.
         If you did not populate the database when you installed it, continue to
         step 7. Otherwise, proceed to step 9.




                                                                                            75
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          Populate the database
          7. At the computer where you installed the database, open Command Prompt
             and browse to the directory
              Program Files\Sophos\Enterprise Console\DB
          8. Locate the batch file manualInstall.bat and run it. If the database instance is
             called SOPHOS, you do not need to specify any parameters.
              If the database instance is anything other than SOPHOS, run the batch file
              with the name of the database, for example
              manualInstall.bat MYINSTANCE
              If installing on a default, unnamed instance of the database, enter
              manualInstall.bat (local)

          Copy data from the database on the Management Services Host to the
          database on the Database Host
          9. On the Management Services Host, go to Control Panel, Administrative
             tools, Services and stop the Sophos Management Service process.
          10.Open command prompt and navigate to the Sophos installation directory
             (usually “C:\Program Files\Sophos”).
          11.Navigate to “Enterprise Console\DB” and type the command in the format
              moveSophos2 Management Services Host\SOPHOS Database
              Host\Database Instance
              where Management Services Host is the name of the computer where you
              move the database from, Database Host is the name of the computer where
              you move the database to, and Database Instance is the name of the
              Microsoft SQL Server instance on the Database Host, recorded earlier in
              step 4, for example
              moveSophos2 Morpheus\SOPHOS Zeus\SOPHOS
              This will transfer the data from the Management Services Host (Morpheus)
              to the Database Host (Zeus).
              The moveSophos2 batch file requires the dtsrun utility. This utility is not
              included with SQL Server 2005 Express Edition and is not always installed
              with SQL Server 2005. If you do not have dtsrun installed, install either the
              client tools for SQL Server 2000 or MSDE. You can run DTS (Data
              Transformation Services) packages and SSIS (SQL Server 2005 Integration
              Services) packages on the same computer.


    76
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide


      Reconfigure the Management Services Host to point to the database on the
      Database Host and uninstall the database on the Management Services
      Host
      12.Go to Control Panel, Add or Remove Programs. Select Sophos Enterprise
         Console and click Change.
      13.On the Welcome page of the Sophos Enterprise Console InstallShield
         Wizard, click Next.
      14.On the Program Maintenance page, select Modify and click Next.




      15.On the Custom Setup page, deselect Database. Click Next.




                                                                                          77
                        This is trial version
                        www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




          16.On the Database details page, select the Database Host and the name of
             the Microsoft SQL Server instance (recorded earlier in step 4). Click Next.




          17.On the User Account Impersonation page, enter the username and
             password recorded earlier in step 5. The username should be in the format
             DOMAIN\Username, where DOMAIN is the name of the Management
             Services Host. Click Change and, in the Browse for a user account dialog
             box, enter the user account details. Click Next.




    78
                                 This is trial version
                                 www.adultpdf.com
http://laptop1.blogbus.com/  Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




      18.On the Ready to Modify page, click Install. The database is removed from
         the computer.
      19.The following registry key is created:
         HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\ManagementTools\DatabaseUser
         In this key, in the DatabaseUserPassword string value, the password will be
         obfuscated. To further increase security, change permissions on the
         Management Tools key so that the users cannot view the key’s settings.
         Make sure that the SYSTEM account has access to this key, because Sophos
         Management Service is running under this account.
         If you run Windows 2000, you will not be able to change the key’s security
         settings using Regedit.exe because the Permissions feature is not included in
         earlier versions of Regedit. In this case, to change the key’s permissions, run
         Regedt32. Select the
         HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\EE\Management Tools key
         and, on the Security menu, click Permissions. Change the settings as
         appropriate.
      20.On the Management Services Host, go to Control Panel, Administrative
         tools, Services and check that the Sophos Management Service process has
         started.

      Check that the database was moved successfully
      21.Go to Enterprise Console and check that all your groups and policies appear
         in the console. You may also want to test Enterprise Console and verify that
         it is working properly, before removing MSDE from the Management
         Services Host.
         If for some reason the move process was unsuccessful, restore your Sophos
         Enterprise Console system to its previous state from your backup.




                                                                                            79
                          This is trial version
                          www.adultpdf.com
http://laptop1.blogbus.com/
    Sophos Anti-Virus and Sophos Client Firewall Network Upgrade Guide




    Technical support
              For technical support, visit www.sophos.com/support.
              If you contact technical support, provide as much information as possible,
              including:
              ! Sophos software version number(s)
              ! operating system(s) and patch level(s)
              ! the exact text of any error messages you may have received.




    Copyright 2006 Sophos Group. All rights reserved. No part of this publication may be
    reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic,
    mechanical, photocopying, recording or otherwise unless you are either a valid licensee where
    the documentation can be reproduced in accordance with the licence terms or you otherwise
    have the prior permission in writing of the copyright owner.
    Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All
    other product and company names mentioned are trademarks or registered trademarks of their
    respective owners.


    Document version 200607


    80
                                 This is trial version
                                 www.adultpdf.com

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:12
posted:5/16/2010
language:English
pages:80