Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Includes:
Enterprise Console 1.0
EM Library 1.2
Sophos Anti-Virus
Document version 1.0
Contents
About this guide
Getting started
1 What you need for installation
11
15
18
6 Set up messaging
20
21
8 Download software
31
32
36
46
47
49
50
52
53
54
55
19 Find and fix computers that do not use the group policies
55
56
21 Generate reports
58
60
63
66
67
69
76
80
89
Appendix
Appendix: Enable other users to use Enterprise Console
94
Getting started
This guide tells you how to protect your computers, whether on the network
or not, against viruses,Trojans, worms and malicious spyware.
You are going to:
install a management server that downloads products from Sophos and
keeps them updated
select and download the anti-virus software you want by using EM
Library
install a management console that lets you manage the software from a
remote computer (this is optional)
install the anti-virus software on networked computers, either
automatically or manually
configure computers that are sometimes off the network (e.g. laptops) so
that they are always kept updated
tell off-site users how to download anti-virus software via the internet.
Once you have followed these steps, your computers will be protected. They
will also receive frequent updates to ensure that they detect the latest
viruses.
Now read on.
The computer must run these services, which are used by the operating
system by default: Server, Workstation, Remote Procedure Call (RPC).
If you use a dial-up internet connection, change your internet options before
installation, as described in EM Library supplement for companies with a
dial-up connection to the internet, available on the Sophos Anti-Virus
Network Install CD.
If you access the internet via a proxy, you should be using one of these
authentication protocols: Anonymous, Basic or NT Challenge/Response (NTLM).
4. In the License Agreement dialog box, click I accept the terms in the licence
agreement if you want to continue. Click Next.
5. In the Destination Folder dialog box, you see the default folder where the
management server will be installed. If you want to use a different folder,
click Change and select a folder on this computer.
9. When you log on or restart, a welcome dialog box is displayed. Click Next to
continue.
10
11
4. In the User Account dialog box, the user name for the logged-on user (i.e.
the name with which you logged on to this computer) is displayed by
default. Enter and confirm the password. Then click Next.
5. In the Location dialog box, specify the folder for the upgraded library. In the
Installation Location text box, enter the path to the folder as seen on the
computer where the installation is made. In the Library Share Name text
box, accept the default, or type an alternative. Click Next.
12
6. In the Install Files dialog box, click Install to begin the upgrade. A progress
bar is displayed.
13
14
15
3. In the Location dialog box, you specify where the library is installed. In the
Installation Location text box, accept the default folder, or type an
alternative folder (as a local path). In the Library Share Name text box,
accept the default share name for that folder, or type an alternative. Click
Next.
4. In the Central Installation dialog box, you specify the shared folder where
EM Library will place downloaded Sophos software, ready for distribution to
networked computers. The share name and the local path to the folder are
displayed. You can change the local path. Click Next.
This dialog does not appear if you already have an InterChk share on the
computer where you are creating the library.
16
5. In the Install Files dialog box, click Install to begin installing the library. A
progress bar is displayed. When the process is complete, click Finish.
17
18
3. In the Enter account password dialog box, enter and confirm the password.
If you are using the EMLibUser1 account, you make up this password now.
Click Next.
Next you set up messaging so that you can receive error messages or
warnings when you configure the library (section 6).
19
6 Set up messaging
By default, EM Library places details of all its activity in the system Event
Log. You can also set up email or network messaging, so that you are
alerted to any problems.
1. In the console, on the Tools menu, select Options.
2. In the EM Library options dialog box, click the Notifications tab.
In the drop-down menu, select the form of message you want to receive
(e.g. email, desktop). Then deselect Disable alerts for this notification
method.
Select EM Library activity and then select all the options. This ensures you
receive information about any problems during installation.
Later, you can change these settings if you want to receive fewer messages.
If you are setting up email messaging, click Configure and enter the
address(es) to which you want email sent, along with details of your SMTP
server.
When you have finished, close the dialog box. Now you set up automatic
downloading of software (section 7).
20
2. In the Primary parent tabbed page, select the parent from which you will
download software. For this initial setup, ensure that Website is selected.
Select http://es-latest.sophos.com/update/. Click Set access.
21
3. In the Web server access settings dialog box, select Use an account to
access the server. Enter the User name and Password that Sophos has
given you. Both are case sensitive.
If you do not access the internet through a proxy server, click OK and go
straight to step 5.
If you do access the internet through a proxy server, select Use a proxy
server and enter the servers address and port number. If you need to enter
credentials to use the proxy, click Advanced and go to step 4. Otherwise, go
straight to step 5.
If you access the internet via a dial-up connection, make sure you have
changed your internet connection settings as described in EM Library
supplement for companies with a dial-up connection.
4. If you clicked Advanced, the Advanced Proxy server settings dialog box is
displayed. Ensure Authenticate on the Proxy server is selected. Enter the
User Name for the proxy server (available from your network administrator).
Enter and confirm the Password. Click OK to return to the Web server
access settings dialog box. Click OK to return to the Primary Parent tabbed
page. Then click OK in the EM Library Properties dialog box.
22
23
4. In the Schedule Name and Description dialog box, enter a Name and
Description for the schedule. Click Next.
24
5. In the next dialog box, you specify when the task will run. By default, hourly
updates are already set up. To change this, select the Days of week when
the task will run. To remove a time, highlight it in the list of times and click
Remove. If you want to add hours again later, click the up and down arrows
in the Hour browser, find the hour and then click Add.
When you have finished, click Next.
The task will run during each hour that you selected (e.g. if you selected 9,
the task will run at a random time between 09:00 and 09:59).
6. In the Completing the Schedule Wizard dialog box, check that the details of
the schedule are correct. Click Finish.
25
7. In the Update schedules tabbed page, the new schedule is now displayed in
the list. Ensure that the checkbox beside it is ticked so that the update will
be run at the set time(s). Click OK.
You can activate only one schedule (by ticking its checkbox) at a time.
26
27
28
29
3. In the Properties dialog box, click the Location tab. Select Custom CID
location and enter the full path of the shared folder.
For Mac OS 8/9, enter a location on a Windows 2000 or 2003 server
that has an AppleShare compatible network share, with read permission
set to "everyone".
For NetWare, enter the location of the updates folder on the NetWare
server. By default, this is \\server\SYS\SWEEP\NLMINST.
For UNIX, enter the location of a Windows file store that can be read by
UNIX, e.g. a Samba share.
Click OK.
4. Credentials for the CID are usually the same as for the EM Library account,
as described in section 5. If necessary, e.g. if the CIDs are on a remote
server, click the Credentials tab and enter the credentials EM Library needs
to access the CID.
For central installations on a NetWare server, click NDS details. In the NDS
Information dialog box, enter the tree name and fully distinguished names
for the user and server in the format
cn=user.o=organisation
When you have finished, click Test to check that the account can access the
CID. Then continue to step 5.
5. In the details pane, check that the new CID location is displayed.
You have specified the CID(s) to which the software will be downloaded. You
are ready to download software for the first time (section 8).
30
8 Download software
Now download Sophos software and place it in a central installation
directory or directories, as follows.
1. In the Configuration view, click Download Packages.
2. In the EM Library message box, click Yes.
31
4. In the License Agreement dialog box, click I accept the terms in the license
agreement if you want to continue. Click Next.
32
5. In the Management Server Details dialog box, enter the name of the
computer where you installed the Sophos management server.
This is the computer where you first ran this installation program.
6. In the Destination Folder dialog box, you see the default folder where the
remote console will be installed. If you want to use a different folder, click
Change and select a folder on this computer.
33
34
If you want another user to be able to use the console, add the user
name to Sophos Console Administrators group manually (see the
Appendix).
35
Make sure your computers meet the system requirements (section 1.3).
3. To create further groups, go the left-hand pane. Select the server shown at
the top if you want another top-level group. Select a group if you want a
sub-group within it. Then repeat step 1.
Now set up automatic updating for each group (section 10.2).
36
37
3. Click the Primary server tab. In the Address field, click the drop-down arrow
and select the directory from which computers will fetch updates, e.g. the
\\Servername\InterChk\ESXP directory for Windows 2000, XP and 2003
computers. Enter the User name and Password for an account that
can run on the computers in the group
has read access to the address you have just entered.
If the User name needs to be qualified to indicate the domain, use the form
domain\username.
For NDS networks, enter an NDS fully distinguished user name in the form
[Account]|[Tree]|[Server]. The account needs read and filescan permissions.
If you have computers that are not always on the network or move from one
site to another, e.g. laptops, you can configure them to update from an
alternative source when necessary. Click the Secondary server tab to do
this. See section 13 for more details.
38
You can change this policy. For example, you may want to
configure Sophos Anti-Virus to send email alerts when a virus is found
turn off on-access scanning on Exchange servers or other servers where
performance might be affected
set up scheduled scans.
39
2. The Anti-virus policy dialog box is displayed. Here you can configure
On-access scanning or Messaging, or set up Scheduled scanning.
If you want to set up email virus alerts, click Messaging and continue to
step 3. Otherwise, go to section 10.4.
For advice, see How do I change the anti-virus settings? in the help files.
3. Click the Email alerting tab. In the Recipients panel, click Add and enter
the address you want virus alerts sent to. Then click Configure SMTP.
40
4. In the Configure SMTP settings dialog box, type the host name or IP
address of the SMTP server. Click Test to send a test email alert. In the
SMTP 'sender' address text box, type an email address to which bounces
and non-delivery reports can be sent. In the SMTP 'reply to' address, type
an email address to which replies to email alerts can be sent (alerts come
from an unattended address). Click OK and close the dialog boxes.
41
42
3. Click the Unassigned folder. Select the computers you want to place in the
new group. Drag and drop the computers onto the new group folder.
You can put computers with different operating systems in the same group.
43
Click Finish.
44
7. Installation is staggered, so that the process may not be complete on all the
computers for some minutes.
When installation is complete, look at the list of computers again. In the
On-access column, you should see the word Active: this shows that the
computer is running on-access virus scanning.
8. Repeat the above steps for each group of computers.
Computers need to be restarted to scan files accessed by DFS (Windows
2000/XP) or via non-Microsoft file systems (Windows 2000).
You should now protect any Macintosh computers and any Windows
computers that require manual installation (sections 11 and 12).
You should also make sure that any computers that are not always on the
network (e.g laptops) are protected at all times. See section 13.
45
//Servername/InterChk/ESXP
//Servername/InterChk/ESNT
//Servername/InterChk/ES9X
//Servername/InterChk/ESOSX
//Servername/InterChk/macinst
\\Servername\InterChk\ESXP
\\Servername\InterChk\ESNT
\\Servername\InterChk\ES9X
\\Servername\InterChk\ESOSX
\\Servername\InterChk\macinst
For Windows 95/98/Me computers, you can use a login script (see section
12.1).
For Mac OS X computers, use Apple Remote Desktop. Go to the central
installation directory and copy the installer to the computer running Apple
Remote Desktop before using it.
47
48
If the User name needs to be qualified to indicate the domain, use the form
domain\username.
If you access the internet via a proxy server, click Proxy details and continue
to step 5.
5. In the Proxy details dialog box, select Access the server via a proxy. Then
enter the proxy server Address and Port number. Enter a User name and
Password that give access to the proxy server. If the user name needs to be
qualified to indicate the domain, use the form domain\username. Click OK.
49
50
52
53
54
55
56
57
21 Generate reports
You can generate reports about virus alerts throughout the organisation.
1. Click the Reports icon in the toolbar.
2. In the Reporting window, in the drop-down menu, click the type of report
you want to generate:
Alerts by virus shows the number of alerts for each virus detected.
Alerts per location shows the number of alerts for each computer or group.
Alerts by time shows the rate of virus alerts occurring during a set time.
Alert details shows full details of each virus alert.
The Configuration tabbed page is open. At this page, you can customise the
report. Accept the default settings, or enter your own settings.
Then, to view the report, click the Table or Chart tab.
58
60
You have loaded Sophos Anti-Virus.We recommend that you add the
command LOAD SWEEP to the AUTOEXEC.NCF file, so that Sophos
Anti-Virus will be restarted if the server is rebooted.
Next set up auto-updating (section 22.3).
61
3. Press Return. Set Status to Active and press Return. Press Esc twice to
return to the Main menu.
From now on, Sophos Anti-Virus for NetWare will be updated automatically
by EM Library.
62
63
6. Run
eminstall.sh
7. Whether you are an existing user or a new user, you must now create a cron
job to run eminstall periodically. This will check for new virus updates and
product upgrades, and install them automatically. For instructions see
knowledgebase article 2176.
64
Slow WAN (or you want to distribute software via web server)
Create more libraries that download software from your original library.
These libraries are known as child libraries.
For instructions, see sections 28.2 and 28.3.
66
3. In the Properties dialog box, click the Location tab. Select Custom CID
location and enter the full path of the shared folder. Click OK.
67
4. If necessary, click the Credentials tab and enter the credentials EM Library
needs to access the CID, as described below. When you have finished, click
Test to check that the account can access the CID. Then continue to step 5.
5. In the details pane, check that the new CID location is displayed.
68
69
3. In the EM Library message box, click Yes. This confirms that you want to
add another CID.
4. In the Welcome to the Add CID Wizard dialog box, click Next.
70
5. In the Package Information dialog box, ensure the package whose CID you
want to specify is displayed. Click Next.
6. In the CID Name and Description dialog box, default details are displayed.
To change them, type your chosen details in the text boxes. Click Next.
71
7. In the CID Credentials dialog box, you specify the credentials that EM
Library will use to access the CID.
If you select Global credentials, the credentials used for existing CIDs are
used. These are either the credentials of the EM Library account (section 5)
or credentials you specified when changing or adding the CID (section 7.4)
If you need to use credentials specific to this CID, e.g. because the CID is on
a UNIX server, click Individual and enter alternative details, as described
below. When you have finished, click Next.
72
8. In the CID Location dialog box, the default central installation directory
(CID) for the software is displayed. Click Custom CID location. Then enter
the full UNC path for the directory, or click Browse and find the directory.
Click Next. EM Library will check whether it can contact the CID, and will
warn you if it cannot.
9. In the Schedule Deployments to the CID dialog box, you specify when the
CID is updated. By default, the CID will be updated automatically when the
packages in the library are updated. Sophos recommends this. If you want
to use manual updating instead, select On demand (manual). If you want to
schedule updates for set times, select As scheduled and select a schedule
from the list or click New Schedule to create a new schedule. Click Next.
If you schedule updating of a CID, the update occurs at a random time
during the hour you specify. This can delay the distribution of the latest
software by up to an hour.
73
10.In the Integrity checking dialog box, select the level of integrity checking
that EM Library will use when the CID is updated. Click Next.
11.In the Completing the Add CID Wizard dialog box, check the CID
configuration details. Click Finish.
74
12.The new CID is now displayed in the details pane. To place the latest
software in the CID, right-click on its entry. In the menu that is displayed,
select Update CID.
The central installation is updated whenever EM Library downloads an
updated version of the software package, unless you specified manual or
scheduled updating.
75
76
3. In the Welcome to the Add Multiple CIDs Wizard dialog box, click Next.
4. In the Select Computer Shares dialog box, click Computer and browse to
each computer where you want to add a CID. Alternatively, in the Target
CID Locations window, type the paths of the shared folders where you want
to add a CID, separating them with semicolons. Click Next.
77
5. In the Conflicts with CIDs already managed by EM dialog box, you specify
how EM Library behaves if it is already managing one of the CIDs you have
just specified. By default, EM Library overwrites the CID with a new
software package. If you want to keep the existing CID as it is, select Ignore.
6. In the Completing the Add Multiple CIDs Wizard dialog box, check that the
CID details are correct. Click Finish. If you want to customise the CID, e.g.
to change the schedule for updating the software in the CID, continue to
step 7.
78
8. In the list of central installations shown in the details pane, highlight the one
you want to configure. Right-click to display a menu. Select Properties and
use the tabbed pages to change settings.
79
80
2. In the list of subscribed packages in the Details pane, highlight the item you
want to publish. Right-click to display a menu. In the menu, select Publish.
4. To check that the package has been published, scroll right in the Details
pane to find the Published column. When the package has been published,
the word Yes is displayed. Other libraries can now download this package,
as long as the current library has been selected as their parent.
81
2. In the library creation wizard dialog box, select Remote Installation. Click
Next.
82
3. In the Target dialog box, in the Server Location text box, type the name of
the computer on which you want to create the new library.
4. In the User Account dialog box, the user name for the logged-on user (i.e.
the name with which you logged on to this computer) is displayed by
default. Enter and confirm the password. Then click Next.
83
5. In the Location dialog box, specify the folder where the library will be
installed. In the Installation Location text box, enter the path to the folder as
seen on the computer where the installation is made. In the Library Share
Name text box, accept the default, or type an alternative. Click Next.
6. In the Central Installation dialog box, you specify the shared folder where
EM Library will place downloaded Sophos software, ready for distribution to
networked computers. The share name and the local path to the folder are
displayed. You can change the local path. Click Next.
This dialog does not appear if you already have an InterChk share on the
computer where you are creating the library.
84
7. In the Install Files dialog box, click Install to begin installation. A progress
bar is displayed.
85
3. In the Add Standalone Snap-in dialog box, select Sophos EM Library. Click
Add.
86
4. In the EM Library snap-in wizard: library location dialog box, enter the
UNC path for the additional library you want to manage. Ensure that the
name of the same computer is displayed in the lower text box (which is
where you specify the computer running the EM Library services). Click
Finish.
5. In the Add Standalone Snap-in dialog box, click Close. In the Add/Remove
Snap-in dialog box, click OK.
6. In the EM Library console, in the Console Root, two EM Libraries are
displayed. To manage a library, click on its name.
If you have connected to a newly-created library, continue to step 7.
7. In the console tree, click on the new library. You are prompted to specify the
account that EM Library will use (see section 5)
In the details (right-hand) pane, the Configuration view is displayed.
Now you configure the library (section 28.4).
87
Your child library does not reflect changes in the parent library (e.g. changes
in the subscribed packages) until you select Download Packages.
You can use scripts to start automatic updating of child libraries as soon as
the parent has finished updating. This overcomes delays that can arise from
separate scheduling of child library updates. For more information, see
Trigger library updates automatically in the How do I create more
libraries? section of the EM Library help files and manual.
88
90
4. In the Sophos Default Preferences dialog box, click the AutoUpdate tab. In
the Show pop-up menu, ensure that Network Settings is selected.
In the Primary Server tabbed page, select Network volume. In URL, enter
the full path to your central installation. If necessary, enter the User name
and Password needed to access the central installation. Click Set.
By default, the workstations are updated every sixty minutes. To change this
setting, select Scheduling in the Show pop-up menu.
Then click the Notification tab and continue to step 5.
5. At the Notification tabbed page, in the Show pop-up menu, choose Email
Notification. Select Enable on-access scanner email notification. Enter the
email address of the Recipient to whom you want alerts sent. Enter a
Sender address to which undelivered alerts can be returned. Then enter the
address and port number of the Outgoing mail server.
Click Set and close the dialog box.
91
92
Appendix
3. In the users Properties dialog box, click the Member of tab and click Add.
94
5. The users Properties dialog box now shows them to be a member of the
Sophos Console Administrators group. Click OK.
Technical support
A support knowledgebase and virus information are available on the Sophos
website www.sophos.com
200504