Startup Guide: Includes: Enterprise Console 1.0 EM Library 1.2 Sophos Anti-Virus

Startup guide
Includes:
Enterprise Console 1.0
EM Library 1.2
Sophos Anti-Virus
Document version 1.0
About this guide

This guide tells you how to protect your computers, whether on the
network or not, against viruses, Trojans, worms and malicious
spyware.
This guide is for Windows, Macintosh, NetWare, UNIX and Linux
computers.
If you have OpenVMS, OS/2, or Windows 3.1/DOS computers, see
the separate guides available from the Sophos Anti-Virus
Supplementary CD or the Sophos website.
Sophos Anti-Virus startup guide
Contents
About this guide
Getting started
1 What you need for installation
2 Install the management server
3 Reuse an existing library or libraries
11
4 Create a software library
15
5 Select a user account
18
6 Set up messaging
20
7 Set the library to download updates automatically
21
8 Download software
31
9 Set up a remote console to manage networked computers
32
10 Protect networked computers against viruses
36
11 Protect computers with manual installation
46
12 Protect computers with a script
47
13 Protect computers not always on the network
49
14 Protect off-site computers
50
Managing anti-virus software
15 Check computers are protected
52
16 Find and fix out-of-date computers
53
17 Find and fix computers that are not running

on-access scanning
54
18 Find and fix unmanaged computers
55
19 Find and fix computers that do not use the group policies
55
20 Deal with virus alerts
56
21 Generate reports
58
Protecting NetWare, UNIX or Linux computers

22 Protect NetWare servers
60
23 Protect UNIX or Linux computers
63
Advanced options for larger networks

24 How can I best manage a large network?
66
25 Make updates available in a different directory
67
26 Make updates available from another server
69
27 Make updates available from many servers easily
76
28 Add a new software library
80
29 Protect computers without using the

Enterprise Console
89
Appendix
Appendix: Enable other users to use Enterprise Console
94
Getting started
This guide tells you how to protect your computers, whether on the network
or not, against viruses,Trojans, worms and malicious spyware.
You are going to:
install a management server that downloads products from Sophos and
keeps them updated
select and download the anti-virus software you want by using EM
Library
install a management console that lets you manage the software from a
remote computer (this is optional)
install the anti-virus software on networked computers, either
automatically or manually
configure computers that are sometimes off the network (e.g. laptops) so
that they are always kept updated
tell off-site users how to download anti-virus software via the internet.
Once you have followed these steps, your computers will be protected. They
will also receive frequent updates to ensure that they detect the latest
viruses.
Now read on.
1 What you need for installation

You are going to install:
a management server
a remote management console (optional)
anti-virus software on networked computers.
1.1 Requirements for the management server

Windows 2000 Server (SP3 or later) or Windows Server 2003
Internet Explorer 5 or higher
At least 80Mb for installation and at least 300Mb for data.
The computer must run these services, which are used by the operating
system by default: Server, Workstation, Remote Procedure Call (RPC).
If you use a dial-up internet connection, change your internet options before
installation, as described in EM Library supplement for companies with a
dial-up connection to the internet, available on the Sophos Anti-Virus
Network Install CD.
If you access the internet via a proxy, you should be using one of these
authentication protocols: Anonymous, Basic or NT Challenge/Response (NTLM).
1.2 Requirements for the remote management console

Windows 2000 Professional, Windows 2000 Server (SP3 or later),
Windows XP Professional (SP1 or later), or Windows Server 2003.
1.3 Requirements for the anti-virus software

The software can be installed on Windows, Macintosh, NetWare and UNIX.
You can install the software directly from the console onto Windows 2000,
XP Professional, 2003, and NT computers provided that they
have the correct service packs (SP3 or later for 2000, SP1 or later for XP,
SP6a for NT)
have Internet Explorer 5 or higher (supplied with Windows, except in NT)
run the Remote Registry, Server, Computer Browser and Task Scheduler
services
have the C$ admin share enabled
have Simple File Sharing turned off (XP only).
If you have Windows XP Service Pack 2 computers running Windows

FireWall, you must
enable File and Printer Sharing for Microsoft Networks
exclude TCP ports 8192, 8193 and 8194
restart the computer to make the changes effective.
Sophos Anti-Virus 5.0 for Windows 2000/XP/2003 cannot be installed on

computers with 64-bit Windows.
If you have a previous version of Sophos Anti-Virus on Windows 95/98/Me
computers, you must uninstall it before installing the latest version.
2 Install the management server

If you install the management server on a Windows 2000 server, it will need
to be restarted after installation.
1. At the server, insert the Sophos Anti-Virus Network Install CD. The CD
should auto-run. At the Welcome page, click Install.
Alternatively, download the Sophos Enterprise Network Installer from the
Sophos website and run it.
2. In the Sophos Enterprise Console installation dialog box, select Install the
management server and console. Click Next. The setup program prepares
for installation.
If you simply want to update an existing installation of Sophos EM Library,
this is the option to use.
3. An installation wizard is launched. In the welcome dialog box, click Next.
4. In the License Agreement dialog box, click I accept the terms in the licence
agreement if you want to continue. Click Next.
5. In the Destination Folder dialog box, you see the default folder where the
management server will be installed. If you want to use a different folder,
click Change and select a folder on this computer.
6. In the Ready to Install the Program dialog box, click Install.
7. The InstallShield Wizard Completed dialog box is displayed. Click Finish.

If you already had Sophos EM Library on this computer, it is now upgraded
and you see another progress bar.
8. You are prompted to log off or restart, depending on the computers

operating system. Click Yes if you want to continue with the Enterprise
Console setup process straight away.
9. When you log on or restart, a welcome dialog box is displayed. Click Next to
continue.
10.A console is displayed. This is the console for Sophos EM Library.

If you had a Sophos software library on this computer before, your existing
library is opened.
If you have used a Sophos library before, on this computer or another one,
you can reuse it and add the new software. Continue to section 3.
If you have not used a Sophos library before, you must create one in order
to make anti-virus software available on a server. Go to section 4.
10
3 Reuse an existing library or libraries

If you have already been using a Sophos software library on your network,
you must
reconnect to your library, if you cannot already see it (section 3.1)
download new versions of Sophos Anti-Virus (section 3.2).
The new versions of Sophos Anti-Virus can be centrally configured, installed

and managed using Enterprise Console. They also offer new features.
Your existing installations of Sophos Anti-Virus are not upgraded to the
new versions automatically. You must follow the steps in section 3.2.
If you want to, you will be able put the new versions of Sophos Anti-Virus on
some computers, while leaving old versions on others. EM Library will keep
updating the older versions. Check the Sophos website to see how long the
older versions will continue to be supported.
3.1 Reconnect to a library

You must be logged on with an account that has administrator rights on the
computer where the library is.
1. In the EM Library console, click Open Library.
2. In the Properties dialog box, in the first text box, type the path to the
computer that has the library. Ensure that the same computers name is
displayed in the second text box.
3. In the EM Library dialog box, click Yes to upgrade the library. This does not
affect your library settings.
11
4. In the User Account dialog box, the user name for the logged-on user (i.e.
the name with which you logged on to this computer) is displayed by
default. Enter and confirm the password. Then click Next.
5. In the Location dialog box, specify the folder for the upgraded library. In the
Installation Location text box, enter the path to the folder as seen on the
computer where the installation is made. In the Library Share Name text
box, accept the default, or type an alternative. Click Next.
12
6. In the Install Files dialog box, click Install to begin the upgrade. A progress
bar is displayed.
7. When upgrading is complete, a message is displayed.

8. In the EM Library console, the library is now shown in the left-hand pane.
Ensure it is selected, so that you can see the Configuration page.
If the library you have just upgraded was not properly configured, you are
prompted to choose an account for it. You can see details in section 5.
If a library that was already displayed in the left-hand pane of the console
has now disappeared, snap it in using File|Add/Remove Snap-in.
Now you must download the new versions of Sophos Anti-Virus (section
3.2).
13
3.2 Download the new versions of Sophos Anti-Virus

You can continue to use the Sophos databank that you are already using.
However, unless you use fixed versions of Sophos software, you can
change to our new databank, which offers more efficient downloads.
To change the databank, ensure you are at the EM LIbrary Configuration
page. Click Select parent. In the Primary parent tabbed page, ensure
Website is selected and enter http://es-latest.sophos.com/update/
You are now ready to download the new versions.
1. In the EM Library Configuration page, click the Select Packages button.
2. Select each new version of Sophos Anti-Virus that you want to download.
Right-click and select Subscribe.
3. Follow the instructions to make the new versions available on your server
(i.e. set up a central installation directory for each new package you have
subscribed to).
Alternatively, if you just want to put the new versions of Sophos Anti-Virus
into default central installations, go to the Library menu and select Select
Packages there.
When you have finished, go straight to section 8.
14
4 Create a software library

1. In the Welcome to EM Library view, click Create library.
2. In the Setup - EM Library (Welcome) dialog box, Local Installation is

selected by default. Click Next.
If you want to install a library on a remote computer, select Remote
Installation and follow the instructions. For details, see sections 28.2 and
28.3.
15
3. In the Location dialog box, you specify where the library is installed. In the
Installation Location text box, accept the default folder, or type an
alternative folder (as a local path). In the Library Share Name text box,
accept the default share name for that folder, or type an alternative. Click
Next.
4. In the Central Installation dialog box, you specify the shared folder where
EM Library will place downloaded Sophos software, ready for distribution to
networked computers. The share name and the local path to the folder are
displayed. You can change the local path. Click Next.
This dialog does not appear if you already have an InterChk share on the
computer where you are creating the library.
16
5. In the Install Files dialog box, click Install to begin installing the library. A
progress bar is displayed. When the process is complete, click Finish.
6. When installation is complete, a SETUP message box is displayed.

Click OK. This starts a wizard that guides you through setting up an
account that EM Library can use (section 5).
17
5 Select a user account

Now you select the account that EM Library uses to place software in
central locations on your network.
1. In the Welcome to the Network Account Configuration Wizard dialog box,
click Next.
2. In the Select network account type dialog box, specify an account.

If you intend to have multiple libraries,or central installation directories on
other computers, click Select an existing account. Enter the details of a
domain account with domain Administrator rights. For advice on setting up
an account, go to the Sophos website and see knowledgebase article 2522.
If your library is on a domain controller server, you must use this option and
select an account already created in Active Directory Users.
If you intend to have a single library and to let all computers update from
the same central installation directory, click Create a new local account.
EM Library will create an account called EMLibUser1. This is a member of
Administrators.
Click Next.
18
3. In the Enter account password dialog box, enter and confirm the password.
If you are using the EMLibUser1 account, you make up this password now.
Click Next.
4. In the Completing the Network Account Configuration Wizard dialog box,

click Finish.
Next you set up messaging so that you can receive error messages or
warnings when you configure the library (section 6).
19
6 Set up messaging
By default, EM Library places details of all its activity in the system Event
Log. You can also set up email or network messaging, so that you are
alerted to any problems.
1. In the console, on the Tools menu, select Options.
2. In the EM Library options dialog box, click the Notifications tab.
In the drop-down menu, select the form of message you want to receive
(e.g. email, desktop). Then deselect Disable alerts for this notification
method.
Select EM Library activity and then select all the options. This ensures you
receive information about any problems during installation.
Later, you can change these settings if you want to receive fewer messages.
If you are setting up email messaging, click Configure and enter the
address(es) to which you want email sent, along with details of your SMTP
server.
When you have finished, close the dialog box. Now you set up automatic
downloading of software (section 7).
20
7 Set the library to download updates automatically

Now you configure the library to download and update software automatically.
7.1 Select where you will download updates from

The parent is the location from which you download software.
1. In the console, in the details pane, the Configuration view is displayed. Click
Select Parent.
2. In the Primary parent tabbed page, select the parent from which you will
download software. For this initial setup, ensure that Website is selected.
Select http://es-latest.sophos.com/update/. Click Set access.
21
3. In the Web server access settings dialog box, select Use an account to
access the server. Enter the User name and Password that Sophos has
given you. Both are case sensitive.
If you do not access the internet through a proxy server, click OK and go
straight to step 5.
If you do access the internet through a proxy server, select Use a proxy
server and enter the servers address and port number. If you need to enter
credentials to use the proxy, click Advanced and go to step 4. Otherwise, go
straight to step 5.
If you access the internet via a dial-up connection, make sure you have
changed your internet connection settings as described in EM Library
supplement for companies with a dial-up connection.
4. If you clicked Advanced, the Advanced Proxy server settings dialog box is
displayed. Ensure Authenticate on the Proxy server is selected. Enter the
User Name for the proxy server (available from your network administrator).
Enter and confirm the Password. Click OK to return to the Web server
access settings dialog box. Click OK to return to the Primary Parent tabbed
page. Then click OK in the EM Library Properties dialog box.
22
5. EM Library attempts to validate your account details. If it cannot (e.g.

because the details are incorrect, or because no network connection has
been made), it prompts you to make changes and try again.
When the account details are validated, the primary parent is displayed in
the Configuration view.
Next you schedule downloads (section 7.2).
7.2 Schedule the downloads

You must schedule downloads.
1. In the Configuration view, click Schedule Downloads.
2. In the Update schedules tabbed page, click New schedule.
23
3. In the Welcome to the Schedule Wizard dialog box, click Next.
4. In the Schedule Name and Description dialog box, enter a Name and
Description for the schedule. Click Next.
24
5. In the next dialog box, you specify when the task will run. By default, hourly
updates are already set up. To change this, select the Days of week when
the task will run. To remove a time, highlight it in the list of times and click
Remove. If you want to add hours again later, click the up and down arrows
in the Hour browser, find the hour and then click Add.
When you have finished, click Next.
The task will run during each hour that you selected (e.g. if you selected 9,
the task will run at a random time between 09:00 and 09:59).
6. In the Completing the Schedule Wizard dialog box, check that the details of
the schedule are correct. Click Finish.
25
7. In the Update schedules tabbed page, the new schedule is now displayed in
the list. Ensure that the checkbox beside it is ticked so that the update will
be run at the set time(s). Click OK.
You can activate only one schedule (by ticking its checkbox) at a time.
You have configured EM Library to download updated software from the

parent at set times. Next select the software you want EM Library to
download and update (section 7.3).
26
7.3 Select the software you want to download

Packages are the files needed to install and update versions of Sophos
Anti-Virus for different operating systems.
1. In the Configuration view, click Select Packages.
2. A progress bar is displayed.
If an error is reported, EM Library has either failed to read a file from the
databank or to write a file to the library or to a CID. It may be using an
account with insufficient rights, or your firewall may be blocking .DAT or
.DB files. To find out what the problem is, click the Message Log node
under the library name in the left-hand side of the console.
3. In the Packages dialog box, the available software packages are displayed. If
no packages are displayed, check your connection to the Sophos databank.
By default, the latest Sophos Anti-Virus for Windows and Macintosh
packages are shown. To see Sophos Anti-Virus packages for other platforms,
deselect Show default packages only.
To subscribe to packages, i.e. to ensure that they will be downloaded and
updated in future, select the check box(es) beside the packages. Click OK.
When EM Library downloads software, it places it in central installation

directories (CIDs), from which it can be distributed across your network. By
default, EM Library creates these CIDs on the same computer as the library,
and assigns the correct access rights to them.
If you have Windows and Mac OS X computers only, and want to use the
default folders set up for you, you are ready to download software for the
first time manually. Go straight to section 8.
27
If you have Mac OS 8/9, NetWare, UNIX or Linux computers, or want to

use non-default folders, you have to change the folders used. Continue to
section 7.4.
If the CIDs are on a computer with FAT partition, you must set the access
rights for that share manually, as follows: Read for Everyone, Full access for
Administrator and Full access for the selected EM Library network account.
28
7.4 Select where you will place downloads

When EM Library downloads software, it places it in central installation
directories (CIDs) on the same computer as the library, from which it is
distributed across your network.
You should change the default directories if
you already have CIDs in non-default locations
you want to set up CIDs in non-default locations
you want to use Sophos Anti-Virus for Mac OS 8/9, NetWare, UNIX or
Linux computers.
To change the location that software is downloaded to, do as follows.

EM Library cannot create shared directories on other computers. If you
are going to use a CID on a remote computer, ensure a shared directory is
available there first.
1. In the console tree, click Central Installations.
2. The default CIDs created by EM Library are displayed. Right-click on the

CID you want to change and select Properties.
29
3. In the Properties dialog box, click the Location tab. Select Custom CID
location and enter the full path of the shared folder.
For Mac OS 8/9, enter a location on a Windows 2000 or 2003 server
that has an AppleShare compatible network share, with read permission
set to "everyone".
For NetWare, enter the location of the updates folder on the NetWare
server. By default, this is \\server\SYS\SWEEP\NLMINST.
For UNIX, enter the location of a Windows file store that can be read by
UNIX, e.g. a Samba share.
Click OK.
4. Credentials for the CID are usually the same as for the EM Library account,
as described in section 5. If necessary, e.g. if the CIDs are on a remote
server, click the Credentials tab and enter the credentials EM Library needs
to access the CID.
For central installations on a NetWare server, click NDS details. In the NDS
Information dialog box, enter the tree name and fully distinguished names
for the user and server in the format
cn=user.o=organisation
When you have finished, click Test to check that the account can access the
CID. Then continue to step 5.
5. In the details pane, check that the new CID location is displayed.
You have specified the CID(s) to which the software will be downloaded. You
are ready to download software for the first time (section 8).
30
8 Download software
Now download Sophos software and place it in a central installation
directory or directories, as follows.
1. In the Configuration view, click Download Packages.
2. In the EM Library message box, click Yes.
3. The Updating packages from the parent progress bar is displayed.
4. When downloading is complete, the Updating your central installations

progress bar is displayed.
You are ready to pre-configure your anti-virus software and install it on your
networked computers.
If you want to install and manage the software from another computer, e.g.
a workstation, go to that computer and continue to section 9.
If you want to do everything from this computer, click the Start Enterprise
Console button in the Configuration view and go straight to section 10.
Even if you do not want to manage your anti-virus software from a central
console, you should follow the steps in sections 9 and 10 to configure the
software for use on Windows computers.
31
9 Set up a remote console to manage networked

computers
1. At a Windows workstation, insert the Sophos Anti-Virus CD. The CD should
auto-run. At the Welcome page, click Install.
2. In the Sophos Enterprise Console installation dialog box, select Install a
remote console. Click Next. The setup program prepares for installation.
3. An installation wizard is launched. In the Welcome dialog box, click Next.
4. In the License Agreement dialog box, click I accept the terms in the license
agreement if you want to continue. Click Next.
32
5. In the Management Server Details dialog box, enter the name of the
computer where you installed the Sophos management server.
This is the computer where you first ran this installation program.
6. In the Destination Folder dialog box, you see the default folder where the
remote console will be installed. If you want to use a different folder, click
Change and select a folder on this computer.
33
7. In the Ready to Install the Program dialog box, click Install.
8. The InstallShield Wizard Completed dialog box is displayed. Click Finish.
34
9. On the Windows taskbar, click Start|Programs|Sophos|Sophos Enterprise

Console to open Enterprise Console for the first time. You are now ready to
put your computers into groups and protect them (section 10).
If you want another user to be able to use the console, add the user
name to Sophos Console Administrators group manually (see the
Appendix).
35
10 Protect networked computers against viruses

This section, together with sections 11 and 12, tells you how to protect your
networked Windows and Macintosh computers.
If you have NetWare, UNIX or Linux computers, see also sections 22 and 23.
If you have OpenVMS, OS/2, or Windows 3.1/DOS computers, see the
special documents for these platforms, available from the Sophos Anti-Virus
Supplementary CD or the Sophos website.
To protect your computers, you:
create groups to hold your computers
set up automatic updating for each group
set an anti-virus policy for each group
put computers into the groups and install anti-virus software (you can do
this directly from the console for Windows NT/2000/XP/2003 computers).
Make sure your computers meet the system requirements (section 1.3).
10.1 Create groups ready for your computers

A group holds a number of computers (which do not all have to run the
same operating system). The computers in the group use the same anti-virus
settings and update from the same location.
You can use groups to put together computers that need a special
configuration. For example, you could have a group for all servers on which
you prefer not to run on-access scanning.
1. To create your first group, click the Create group icon.
2. A New Group is added in the left-hand pane, with its name highlighted.
Type in the name you want to use for the group.
3. To create further groups, go the left-hand pane. Select the server shown at
the top if you want another top-level group. Select a group if you want a
sub-group within it. Then repeat step 1.
Now set up automatic updating for each group (section 10.2).
36
10.2 Set up automatic updating

1. Select the group and click the Updating policy icon.
2. In the Set updating policy for computers in the ... group dialog, select an
operating system used by computers in that group, e.g. Windows
XP/2000/2003. Click Configure.
37
3. Click the Primary server tab. In the Address field, click the drop-down arrow
and select the directory from which computers will fetch updates, e.g. the
\\Servername\InterChk\ESXP directory for Windows 2000, XP and 2003
computers. Enter the User name and Password for an account that
can run on the computers in the group
has read access to the address you have just entered.
If the User name needs to be qualified to indicate the domain, use the form
domain\username.
For NDS networks, enter an NDS fully distinguished user name in the form
[Account]|[Tree]|[Server]. The account needs read and filescan permissions.
If you have computers that are not always on the network or move from one
site to another, e.g. laptops, you can configure them to update from an
alternative source when necessary. Click the Secondary server tab to do
this. See section 13 for more details.
Now you set an anti-virus policy (section 10.3).
38
10.3 Set anti-virus policy

By default, computers in your group will use the standard anti-virus policy.
This means that Sophos Anti-Virus will
scan all files that are vulnerable to viruses
deny access to any file that contains a virus
display an alert on the desktop of any computer where a virus is found.
You can change this policy. For example, you may want to
configure Sophos Anti-Virus to send email alerts when a virus is found
turn off on-access scanning on Exchange servers or other servers where
performance might be affected
set up scheduled scans.
If you turn off on-access scanning on a server, we recommend you set up

scheduled scans on the relevant computers.
To change the policy, do as follows.
1. Select a group and click the SAV policy icon.
39
2. The Anti-virus policy dialog box is displayed. Here you can configure
On-access scanning or Messaging, or set up Scheduled scanning.
If you want to set up email virus alerts, click Messaging and continue to
step 3. Otherwise, go to section 10.4.
For advice, see How do I change the anti-virus settings? in the help files.
3. Click the Email alerting tab. In the Recipients panel, click Add and enter
the address you want virus alerts sent to. Then click Configure SMTP.
40
4. In the Configure SMTP settings dialog box, type the host name or IP
address of the SMTP server. Click Test to send a test email alert. In the
SMTP 'sender' address text box, type an email address to which bounces
and non-delivery reports can be sent. In the SMTP 'reply to' address, type
an email address to which replies to email alerts can be sent (alerts come
from an unattended address). Click OK and close the dialog boxes.
You are now ready to protect your computers (section 10.4).

If you do not intend to use the console for installing or managing your
anti-virus software, do not continue. Go to section 29.
41
10.4 Put computers into groups and protect them

Now you search for computers, put them into groups and protect them.
This section assumes that you use the Find function, but you can import
computers from a file (File|Import computer names from a file). See the
help files for full details.
Enterprise Console searches for computers that are in Windows domains
and workgroups only. On NetWare networks, import the computers from a
file.
If you have a previous version of Sophos Anti-Virus on Windows 95, 98 or
Me, you must uninstall it before installing the latest version.
1. Click the Find icon in the toolbar.
2. In the Find computers dialog box, select the domains or workgroups where
you want to search for computers. You do not need to enter a Username and
Password unless you have computers (e.g. Windows XP Service Pack 2) that
cannot be accessed without account details. The account does not need
administrator rights. Click OK. The console searches for computers and adds
them to the Unassigned folder.
42
3. Click the Unassigned folder. Select the computers you want to place in the
new group. Drag and drop the computers onto the new group folder.
You can put computers with different operating systems in the same group.
4. A wizard is launched to help you install anti-virus software on the

computers. In the Welcome dialog box, click Next.
If you have not set an updating policy for the types of computer you want to
protect (section 10.2), the wizard is not launched.
43
5. In the Protect computers summary dialog box, check whether the

computers are in the Computers where anti-virus software can be installed
automatically list. Any that are not in that list require manual installation
(section 11). Click Next.
6. In the Protect computers credentials dialog box, enter details of an account

that can be used to install software on the computers. This account is
typically a domain administrator account. It must
have local administrator rights on computers you want to protect
be able to log on to the computer where you installed the management
server (section 2)
have read access to the Primary server location you specified when you
set up updating (see section 10.3).
Click Finish.
44
7. Installation is staggered, so that the process may not be complete on all the
computers for some minutes.
When installation is complete, look at the list of computers again. In the
On-access column, you should see the word Active: this shows that the
computer is running on-access virus scanning.
8. Repeat the above steps for each group of computers.
Computers need to be restarted to scan files accessed by DFS (Windows
2000/XP) or via non-Microsoft file systems (Windows 2000).
You should now protect any Macintosh computers and any Windows
computers that require manual installation (sections 11 and 12).
You should also make sure that any computers that are not always on the
network (e.g laptops) are protected at all times. See section 13.
45
11 Protect computers with manual installation

You can protect computers by running the installation program manually.
If you have large numbers of computers, use a script or a program like
Microsoft SMS to run the installation program automatically. See section 12.
You run the installation program from the central installation directory, the
directory where EM Library places Sophos updates for you.
If you already have an earlier version of Sophos Anti-Virus on any Windows
95/98/Me computers, you must uninstall it first.
Before you run the installation program on a Windows 95 computer, install
the Windows Socket 2 Update on it. This update is available from:
www.microsoft.com/windows95/downloads/contents/
wuadmintools/s_wunetworkingtools/w95sockets2/
1. Check the location of the central installation directory.
In Enterprise Console select the group the computers are in and click the
Updating policy icon. Select the operating system and click Configure. Make
a note of the Address shown. The default central installation directory for
each operating system is
Windows 2000/XP/2003
Windows NT
Windows 95/98/Me
Mac OS X 10.2 and later
Mac OS 8/9
//Servername/InterChk/ESXP
//Servername/InterChk/ESNT
//Servername/InterChk/ES9X
//Servername/InterChk/ESOSX
//Servername/InterChk/macinst
2. Go to each computer and log on with local administrator rights. Browse to

the central installation directory.
For a Windows computer, double-click setup.exe
For a Mac OS X 10.2+ computer, double-click Sophos Anti-Virus.mpkg.
For a Mac OS 8/9 computer, double-click Sophos Anti-Virus Installer.
3. If installing on a Windows computer, you may be prompted to enter user
credentials. The account can be the one you used in section 10.4. It must:
! be able to log on to the computers you want to protect
! have read access to central installation directories (see step 1).
If you are installing on a Mac OS X computer, after installation go into

System Preferences and open the Sophos Anti-Virus preferences pages.
Click the AutoUpdate tab, and enter the user credentials.
Windows computers need to be restarted to scan files accessed by DFS
(Windows 2000/XP) or via non-Microsoft file systems (Windows 2000).
46
12 Protect computers with a script

You can protect computers by running the installation program with a script
or a program like Microsoft SMS.
The installation program can be found in the the central installation
directory (CID), the directory where EM Library places Sophos updates for
you. The default CID for each operating system is
Windows 2000/XP/2003
Windows NT
Windows 95/98/Me
Mac OS X 10.2 and later
Mac OS 8/9
\\Servername\InterChk\ESXP
\\Servername\InterChk\ESNT
\\Servername\InterChk\ES9X
\\Servername\InterChk\ESOSX
\\Servername\InterChk\macinst
For Windows 95/98/Me computers, you can use a login script (see section
12.1).
For Mac OS X computers, use Apple Remote Desktop. Go to the central
installation directory and copy the installer to the computer running Apple
Remote Desktop before using it.
47
12.1 Protect Windows 95/98/Me computers with a login script

The script described here installs Sophos Anti-Virus (version 4.5) only on
Windows 95/98/Me computers that do not already have an installation.
If you are already running older versions of Sophos Anti-Virus on Windows
95/98/Me, you must uninstall them first. For advice, go to the Sophos
website and see knowledgebase article 2420.
1. Find the location of the directory that contains the installation program.
In Enterprise Console, select the group the computers are in and click the
Updating policy icon. Select Windows 95/98/Me and click Configure. Make
a note of the Address shown.
2. Add the following line to the login script
<Path>\setup.exe -user <domain\name> -pwd <password> -login -s
where <Path> is the location of the central installation directory.

If you have any Windows 95 computers, you must install the Windows
Socket 2 Update on them before installation. You should visit
www.microsoft.com/windows95/downloads/contents/
wuadmintools/s_wunetworkingtools/w95sockets2/
and place a copy of the update on your server. Then insert a line in the login
script, before the line shown above, to run this utility.
If you do not want to manage the computers with Enterprise Console, you
should add the parameter -mng no
If you want to force a reinstallation of Sophos Anti-Virus, use -rlogin instead
of -login
The user account you specify must
! be able to log on to the computers you want to protect
! have read access to the central installation directories (see details in
section 12).
48
13 Protect computers not always on the network

Some computers are not always on the network, e.g. laptops that are used
away from the office, but are sometimes brought in.
To protect these computers at all times, you configure them to update from
an alternative source when they are not on the network.
The alternative source can be an updates folder on a website maintained by
your company, or it can be a Sophos website.
For information on how to republish Sophos updates on your own website,
visit the Sophos website and see knowledgebase article 2134.
1. In Enterprise Console, select the group that contains the computers you want
to protect.
2. Click the Updating policy icon on the toolbar.
3. In the Set updating policy for computers in the ... group dialog, select an
operating system used by computers in that group, e.g. Windows
2000/2003/XP. Click Configure.
4. Click the Secondary server tab. Enter the Address (UNC path or web
address) from which Sophos Anti-Virus will fetch updates if the Primary
server cannot be contacted. If necessary, enter the User name and Password
for an account that
can log on to the computers in the group
has read access to the secondary server location.
If the User name needs to be qualified to indicate the domain, use the form
domain\username.
If you access the internet via a proxy server, click Proxy details and continue
to step 5.
5. In the Proxy details dialog box, select Access the server via a proxy. Then
enter the proxy server Address and Port number. Enter a User name and
Password that give access to the proxy server. If the user name needs to be
qualified to indicate the domain, use the form domain\username. Click OK.
49
14 Protect off-site computers

Computers that are never on the network and that are not easy to access,
e.g. computers that staff use at home, can install and update anti-virus
software via the internet.
To enable the computers to do this, each user has to download Sophos
Anti-Virus individually, either from a Sophos website, or from a location on
your company website.
For information on how to republish Sophos updates on your own website,
visit the Sophos website and see knowledgebase article 2134.
Send any users who are not on your network the following:
The location from which they can download Sophos Anti-Virus.
A copy of the Sophos Anti-Virus remote user guide. This is an electronic
document available from the Sophos Anti-Virus CD or the Sophos
website.
The username and password they need (if they are downloading from
Sophos directly).
50
Managing anti-virus software
15 Check computers are protected

Your computers are fully protected if they run on-access scanning and they
are up to date.
This applies to workstations. You may decide to turn off on-access scanning
on Exchange servers or other servers where performance might be affected.
If you do this, you should set up scheduled scans on those computers. See
How do I scan computers at set times? in the Enterprise Console help
files.
To check that computers are protected, do as follows.
1. Select the group of computers you want to check.
2. If you want to check computers in sub-groups of the group, select At this
level and below in the drop-down menu.
3. Look in the On-access column. If you see the word Active, the computer is
protected by on-access scanning. If you see a grey shield and Inactive, the
computer is not. For advice on what to do, see section 17.
Look in the Up to date column. If you see the word Yes, the computer is
up to date. If you see a clock icon and Not since ...., it is not. For advice
on what to do, see section 16.
52
16 Find and fix out-of-date computers

A computer can be out of date for one of two reasons:
That computer has failed to fetch an update from the server.
The server itself does not have the latest Sophos software.
This section tells you how to diagnose the problem and update the
computers.
1. On the Status tabbed page, click on the Up to date column to sort
computers by up-to-dateness.
2. Click the Update details tab and look in the Primary server column. This
shows you the directory that each computer updates from.
3. Now look at the computers that update from one particular directory.
If some are out-of-date, but others are not, the problem is with individual
computers. Select them and click the Update computers icon in the toolbar.
If all are out of date, the problem could be with the directory. Click the
Libraries icon in the toolbar. In the EM Library console, click the library
name (in the left-hand pane), then click Central Installations. Select the
directory that you suspect to be out of date. right-click and select Update
CID. Then go back to the Enterprise Console, select the out-of-date
computers and click the Update computers icon in the toolbar.
53
17 Find and fix computers that are not running

on-access scanning
All computers (except some mail servers or servers whose performance may
be affected) should run on-access scanning.
If a computer is not running on-access scanning, you see a grey shield in the
On-access column on the Status tabbed page.
You find and deal with these computers as follows.
1. On the toolbar, in the View drop-down list, select Computers not running
on-access scanning.
2. If any computers are listed, check the anti-virus policy. To do this, select the
group and click the SAV policy icon in the toolbar. Check that Enable
on-access scanning is selected.
3. Select the computers that are not running on-access scanning, right-click
and select Comply with|Group anti-virus policy.
54
18 Find and fix unmanaged computers

Windows and Macintosh computers should be managed by Enterprise
Console, so that they can be updated and monitored.
If a computer is not managed, the computer icon next to its name is greyed
out.
You find and fix unmanaged computers as follows.
1. On the toolbar, in the View drop-down list, select Unmanaged computers.
2. Select any computers that are listed. In the toolbar, click Protect to install a
managed version of Sophos Anti-Virus (see section 10.4).
3. If there are computers on which Enterprise Console cannot install Sophos
Anti-Virus automatically, carry out a manual installation (section 11).
Remember that new computers added to the network are not displayed or
managed by the console automatically. Click Find in the toolbar to search for
them and place them in the Unassigned folder.
19 Find and fix computers that do not use the

group policies
1. On the Status tabbed page, look in the SAV policy and Updating policy
columns. If a computer does not use the group policy, the words Differs
from group are displayed.
2. Select the computers.
3. Right-click and select Comply with. Then select Group anti-virus policy or
Group updating policy.
If users are changing settings on Windows 2000 or XP computers, consider
taking them out of the SophosAdministrators group to prevent them doing
so.
55
20 Deal with virus alerts

You can use Sophos Anti-Virus to disinfect infected items.
To carry out disinfection, go to the infected computer and follow the
instructions below for that type of computer:
Windows 2000/XP/2003 (section 20.1)
Windows NT or Windows 95/98/Me (section 20.2)
Mac (section 20.3).
If any files remain infected, go to www.sophos.com/virusinfo/analyses and

look for information about the virus and advice on disinfecting it manually.
If you want Sophos Anti-Virus to attempt to disinfect infected files
automatically in future, see Disinfect files automatically in the How do I
disinfect files? section of the Enterprise Console help files.
20.1 To disinfect Windows 2000/XP/2003 computers

1. Go to the infected computer, right-click the Sophos icon (the shield) in the
system tray and select Open Sophos Anti-Virus.
2. In the Sophos Anti-Virus window, on the Configure menu, click Right-click
scanning.
3. Click the Disinfection tab. Select Disinfect items that contain a virus. Click
OK.
4. At the taskbar, click Start|Programs|Accessories|Windows Explorer.
5. Select the file(s), folder(s) and/or disk drives you want to disinfect.
Right-click the item and select Scan with Sophos Anti-Virus.
20.2 To disinfect Windows NT or Windows 95/98/Me computers

1. Go to the infected computer, right-click the Sophos icon (the shield) in the
system tray and select Open Sophos Anti-Virus.
2. In the Sophos Anti-Virus window, on the Options menu, click Configuration.
3. Click the Action tab. Then select the disinfection options you want.
4. Return to the main Sophos Anti-Virus window and click Go to run a scan
with disinfection enabled.
56
20.3 To disinfect Macintosh computers

1. Go to the infected computer, click the Sophos Anti-Virus icon (the shield) in
the system status bar and select Open Sophos Anti-Virus.
2. In the Sophos Anti-Virus window, open the Immediate Scanning
Preferences window.
3. On the Immediate Scan menu, choose Disinfection. Select the disinfection
options you want.
4. Return to the main Sophos Anti-Virus window and click the green arrow to
run a scan with disinfection enabled.
57
21 Generate reports
You can generate reports about virus alerts throughout the organisation.
1. Click the Reports icon in the toolbar.
2. In the Reporting window, in the drop-down menu, click the type of report
you want to generate:
Alerts by virus shows the number of alerts for each virus detected.
Alerts per location shows the number of alerts for each computer or group.
Alerts by time shows the rate of virus alerts occurring during a set time.
Alert details shows full details of each virus alert.
The Configuration tabbed page is open. At this page, you can customise the
report. Accept the default settings, or enter your own settings.
Then, to view the report, click the Table or Chart tab.
58
Protecting NetWare, UNIX or Linux computers
22 Protect NetWare servers

To protect NetWare servers, you must
install Sophos Anti-Virus for the first time manually (section 22.1)
load Sophos Anti-Virus for NetWare for the first time (section 22.2)
set up auto-updating (section 22.3).
These instructions assume that you downloaded Sophos Anti-Virus for

NetWare when you set up your library. If not, open the library, select
Library|Select Packages and make a selection. Then select
Library|Download Packages.
22.1 Install Sophos Anti-Virus

1. Log on to the NetWare server with write access rights equivalent to ADMIN.
2. Go to the directory on the server where EM Library has placed the Sophos
Anti-Virus files (the CID). This is
\\server\sys\sweep\nlminst
3. Copy all the files there to
\\server\sys\system
You have installed Sophos Anti-Virus. Now load Sophos Anti-Virus for the
first time (section 22.2).
60
22.2 Load Sophos Anti-Virus for the first time

1. At the server console, or using RCONSOLE from a workstation, type
LOAD SWEEP
2. The first time you load Sophos Anti-Virus, it prompts you to enter
Administrator details. Press any key.
3. At the login prompt, type an Administrator username and the name of your
Organization, and press Return. Sophos Anti-Virus will log in as this user
every time it is started, enabling it to see the complete NDS tree.
4. Type the Administrator password and press Return.
5. If a message about suborgunits is displayed, press Return.

The Sophos Anti-Virus screen is displayed.
You have loaded Sophos Anti-Virus.We recommend that you add the
command LOAD SWEEP to the AUTOEXEC.NCF file, so that Sophos
Anti-Virus will be restarted if the server is rebooted.
Next set up auto-updating (section 22.3).
61
22.3 Set up auto-updating

You can configure the installation of Sophos Anti-Virus on the server so that
it will update automatically as soon as EM Library places an updated
version of the Sophos Anti-Virus for NetWare files on the server.
1. In the Sophos Anti-Virus screen, on the Main menu, scroll down, select
Administration and press Return to display the Administration menu.
2. On the Administration menu, scroll down, select Auto-updating and press

Return to display the Auto-updating screen.
3. Press Return. Set Status to Active and press Return. Press Esc twice to
return to the Main menu.
From now on, Sophos Anti-Virus for NetWare will be updated automatically
by EM Library.
62
23 Protect UNIX or Linux computers

To protect UNIX or Linux computers, you must install Sophos Anti-Virus for
UNIX on each computer for the first time manually and set up auto-updating.
These instructions assume that you downloaded Sophos Anti-Virus for UNIX
when you set up your library. If not, open the library, select Library|Select
Packages and make a selection. Then select Library|Download Packages.
1. Go to the root of the directory where EM Library has placed the Sophos
Anti-Virus files (the CID). Then copy the file eminstall.sh into an executable
path location such as /etc. on each UNIX client.
From now on, this location is shown as <path>.
2. Enter
cd <path>
3. To change the permissions, enter
chmod +x eminstall.sh
4. Create a file called /etc/eminstall.conf
5. Add the following lines to it:
EM install CID=<install_cid>
EM cache dir=<cache_path>
SAV install dir=<install_path>
where
<install_cid> is the location of the CID.
<cache_path> is the location of the cache where a copy of the installation
files is placed when performing an update.
<install_path> is the root location where Sophos Anti-Virus is going to be
installed, or has previously been installed.
The files in <cache_path> must not be deleted as this will cause them to
be downloaded again. For this reason, you should not place the files in the
/tmp directory, which is sometimes purged by the UNIX system.
63
6. Run
eminstall.sh
7. Whether you are an existing user or a new user, you must now create a cron
job to run eminstall periodically. This will check for new virus updates and
product upgrades, and install them automatically. For instructions see
knowledgebase article 2176.
64
Advanced options for larger networks
24 How can I best manage a large network?

If you have a large network, you can modify the way you use Sophos EM
Library so that you update your anti-virus software as efficiently as possible.
The best approach depends on your network.
Single, high-speed, permanently-on LAN or WAN connections

Use a single library but make updates available in multiple central
installations (CIDs).
For instructions, see section 26 or section 27.
Be aware that EM Library pushes files to each CID in turn. This can be
time-consuming if there are many CIDs, or over slow WAN links.
Slow WAN (or you want to distribute software via web server)
Create more libraries that download software from your original library.
These libraries are known as child libraries.
For instructions, see sections 28.2 and 28.3.
No WAN (and you cannot distribute software via web server)

Create more libraries that download software directly from Sophos.
For instructions, see section 28.
If you are considering multiple libraries, be aware that an EM Library
console can only connect to libraries via UNC connections. If your libraries
are linked via HTTP, you need a separate console for each library.
66
25 Make updates available in a different directory

Sophos EM Library makes updates available in a central installation
directory (CID).
If you want to use a non-default CID, or you have Macintosh 0S 8/9,
NetWare or UNIX computers, you need to specify a directory.
To configure EM Library to use a non-default CID, do as follows.
EM Library cannot create shares on other computers. If you are going to
configure EM Library to use a CID on a remote computer, ensure a CID is
already present on that computer, or create a new share there first.
1. In the console tree, click Central Installations.
2. The default CIDs created by EM Library are displayed. Right-click on the

CID you want to change and select Properties.
3. In the Properties dialog box, click the Location tab. Select Custom CID
location and enter the full path of the shared folder. Click OK.
67
4. If necessary, click the Credentials tab and enter the credentials EM Library
needs to access the CID, as described below. When you have finished, click
Test to check that the account can access the CID. Then continue to step 5.
To specify a Windows domain or local computer account

Enter domain\account or computer\account
To specify a NetWare NDS account
Click NDS details. In the NDS Information dialog box, enter the tree name
and fully distinguished names for the user and server in the format
If you are uncertain what to enter, run the NetWare NWADMIN utility
supplied with the NetWare Windows client.
Then click OK to return to the Credentials page.
5. In the details pane, check that the new CID location is displayed.
68
26 Make updates available from another server

To add a single extra central installation (CID) for a Sophos Anti-Virus
package, do as follows.
Before you configure EM Library to use a CID on a remote computer, ensure
a CID is already present on that computer, or create a new share there.
EM Library can only place CIDs on UNC drives, i.e. those conforming to
the naming convention \\server\sharename[\directorytree]. It cannot place
CIDs on mapped drives, e.g. S:\directory.
1. In the EM Library console, in the console tree, double-click EM Library.
Double-click Packages and then click Subscribed.
2. In the list of packages shown in the details pane, highlight an item.

Right-click to display a menu. In the menu, click Add/Configure CID.
69
3. In the EM Library message box, click Yes. This confirms that you want to
add another CID.
4. In the Welcome to the Add CID Wizard dialog box, click Next.
70
5. In the Package Information dialog box, ensure the package whose CID you
want to specify is displayed. Click Next.
6. In the CID Name and Description dialog box, default details are displayed.
To change them, type your chosen details in the text boxes. Click Next.
71
7. In the CID Credentials dialog box, you specify the credentials that EM
Library will use to access the CID.
If you select Global credentials, the credentials used for existing CIDs are
used. These are either the credentials of the EM Library account (section 5)
or credentials you specified when changing or adding the CID (section 7.4)
If you need to use credentials specific to this CID, e.g. because the CID is on
a UNIX server, click Individual and enter alternative details, as described
below. When you have finished, click Next.
To specify a Windows domain or local computer account

Enter domain\account or computer\account
To specify a NetWare NDS account
Click NDS details. Then enter the tree name and fully distinguished names
for the user and server in the format
If you are uncertain what to enter, run the NetWare NWADMIN utility
supplied with the NetWare Windows client.
Then click OK to return to the Credentials page.
72
8. In the CID Location dialog box, the default central installation directory
(CID) for the software is displayed. Click Custom CID location. Then enter
the full UNC path for the directory, or click Browse and find the directory.
Click Next. EM Library will check whether it can contact the CID, and will
warn you if it cannot.
9. In the Schedule Deployments to the CID dialog box, you specify when the
CID is updated. By default, the CID will be updated automatically when the
packages in the library are updated. Sophos recommends this. If you want
to use manual updating instead, select On demand (manual). If you want to
schedule updates for set times, select As scheduled and select a schedule
from the list or click New Schedule to create a new schedule. Click Next.
If you schedule updating of a CID, the update occurs at a random time
during the hour you specify. This can delay the distribution of the latest
software by up to an hour.
73
10.In the Integrity checking dialog box, select the level of integrity checking
that EM Library will use when the CID is updated. Click Next.
11.In the Completing the Add CID Wizard dialog box, check the CID
configuration details. Click Finish.
74
12.The new CID is now displayed in the details pane. To place the latest
software in the CID, right-click on its entry. In the menu that is displayed,
select Update CID.
The central installation is updated whenever EM Library downloads an
updated version of the software package, unless you specified manual or
scheduled updating.
75
27 Make updates available from many servers easily

If you have a large network, you can use a single procedure to create
multiple central installations for a software package.
Before you add multiple CIDs, create a share on each computer or ensure
that a CID is already present there.
EM Library will attempt to create the CIDs using the global CID credentials if
you have specified them, or otherwise the credentials of the logged-in user.
For updating, it will use the global CID credentials or credentials you
specified when setting up the CID.
Double-click Packages and then click Subscribed.
2. In the list of packages shown in the details pane, highlight an item.

Right-click to display a menu. In the menu, click Create multiple CIDs.
76
3. In the Welcome to the Add Multiple CIDs Wizard dialog box, click Next.
4. In the Select Computer Shares dialog box, click Computer and browse to
each computer where you want to add a CID. Alternatively, in the Target
CID Locations window, type the paths of the shared folders where you want
to add a CID, separating them with semicolons. Click Next.
77
5. In the Conflicts with CIDs already managed by EM dialog box, you specify
how EM Library behaves if it is already managing one of the CIDs you have
just specified. By default, EM Library overwrites the CID with a new
software package. If you want to keep the existing CID as it is, select Ignore.
6. In the Completing the Add Multiple CIDs Wizard dialog box, check that the
CID details are correct. Click Finish. If you want to customise the CID, e.g.
to change the schedule for updating the software in the CID, continue to
step 7.
78

Click Central Installations.
8. In the list of central installations shown in the details pane, highlight the one
you want to configure. Right-click to display a menu. Select Properties and
use the tabbed pages to change settings.
79
28 Add a new software library

Setting up and using an additional, child library involves
publishing software packages for the new library to download (section 28.1)
creating the new library (section 28.2)
connecting a console to the library (section 28.3)
configuring the library (section 28.4).
If you want to create an additional library that connects directly to the

Sophos databank (i.e. not a child library), skip section 28.1.
A child library can download updates across the network, or alternatively via
an intranet/the internet. If you want to use an intranet/the internet, you must
first make your main library available on a web server.
28.1 Publish software

At the library that will act as a parent, publish those software packages that
you want to make available, as described below.
If you publish the Latest version of a product, child libraries will be able to
see both the Latest package and the version on which it is based. This is
because Latest packages are simply pointers to other packages.
Double-click Packages and then Subscribed.
80
2. In the list of subscribed packages in the Details pane, highlight the item you
want to publish. Right-click to display a menu. In the menu, select Publish.
3. In the EM Library message box, click Yes.
4. To check that the package has been published, scroll right in the Details
pane to find the Published column. When the package has been published,
the word Yes is displayed. Other libraries can now download this package,
as long as the current library has been selected as their parent.
Next you create a child library (section 28.2).
81
28.2 Create a new library

You can create only one library on each computer.
There are two ways to create an additional library.
Using the EM Library console you have already installed, create a new
library on another computer (as described below).
At the computer where you want to create the new library, install a new
console and then create a library (as in sections 2 to 4).
To create a new library, do as follows.

1. In the EM Library console, on the Tools menu, click Create Library.
2. In the library creation wizard dialog box, select Remote Installation. Click
Next.
82
3. In the Target dialog box, in the Server Location text box, type the name of
the computer on which you want to create the new library.
4. In the User Account dialog box, the user name for the logged-on user (i.e.
the name with which you logged on to this computer) is displayed by
default. Enter and confirm the password. Then click Next.
83
5. In the Location dialog box, specify the folder where the library will be
installed. In the Installation Location text box, enter the path to the folder as
seen on the computer where the installation is made. In the Library Share
Name text box, accept the default, or type an alternative. Click Next.
6. In the Central Installation dialog box, you specify the shared folder where
EM Library will place downloaded Sophos software, ready for distribution to
networked computers. The share name and the local path to the folder are
displayed. You can change the local path. Click Next.
This dialog does not appear if you already have an InterChk share on the
computer where you are creating the library.
84
7. In the Install Files dialog box, click Install to begin installation. A progress
bar is displayed.
8. When installation is complete, a message is displayed.

9. You are asked whether you want to configure the library. Click No.
Now you must connect your console to the new library and configure it, as
described in section 28.3.
28.3 Connecting a console to the library

To connect your console to the new library, so that you can configure and
administer it, do as follows.
1. In the Microsoft Management Console menu, open the Console menu and
select Add/Remove Snap-in.
85
2. In the Add/Remove Snap-in dialog box, the Standalone tabbed page is

displayed. Click Add.
3. In the Add Standalone Snap-in dialog box, select Sophos EM Library. Click
Add.
86
4. In the EM Library snap-in wizard: library location dialog box, enter the
UNC path for the additional library you want to manage. Ensure that the
name of the same computer is displayed in the lower text box (which is
where you specify the computer running the EM Library services). Click
Finish.
5. In the Add Standalone Snap-in dialog box, click Close. In the Add/Remove
Snap-in dialog box, click OK.
6. In the EM Library console, in the Console Root, two EM Libraries are
displayed. To manage a library, click on its name.
If you have connected to a newly-created library, continue to step 7.
7. In the console tree, click on the new library. You are prompted to specify the
account that EM Library will use (see section 5)
In the details (right-hand) pane, the Configuration view is displayed.
Now you configure the library (section 28.4).
87
28.4 Configure the library

To configure the child library so that it will download and deploy software,
use the buttons in the Configuration view. You can find full instructions in
sections 7 and 8.
When you select a parent, specify the library from which the child will
download software. If that library is on a file server, select UNC path and
enter the path in the form
\\computername\SophosEM
Alternatively, if you have made the library available on a web server, select
Website and enter the URL.
Your child library does not reflect changes in the parent library (e.g. changes
in the subscribed packages) until you select Download Packages.
You can use scripts to start automatic updating of child libraries as soon as
the parent has finished updating. This overcomes delays that can arise from
separate scheduling of child library updates. For more information, see
Trigger library updates automatically in the How do I create more
libraries? section of the EM Library help files and manual.
88
29 Protect computers without using the

Enterprise Console
You may decide not to use Enterprise Console to manage your anti-virus
software, e.g. because you have a network that is very large.
In this case, protect Windows and Mac OS X computers as follows. You
protect NetWare and UNIX computers as in sections 22 and 23.
29.1 Protect Windows computers

Although you do not use Enterprise Console to manage the software on your
Windows computers, you can use it to pre-configure the software.
1. Set updating and anti-virus policies with Enterprise Console (see section 10).
Ensure that the user account you specify in the updating policy does not
have access to any directories except the one that computers will update
from. Access to that directory should be read-only.
2. Use the tool exportconfig.exe, available from the Tools folder on the Sophos
Anti-Virus Network Install CD, to export these policies to two XML files.
Each XML file includes the policy information needed for all operating
systems in the computer group.
3. Place the XML files in the directories from which Sophos Anti-Virus and
Sophos AutoUpdate (the updating component) will be installed and updated.
There are different directories for each operating system in the group. The
default directories where you should place the XML files are as follows.
For Windows 2000/XP/2003 computers
Anti-virus XML file in: \\SERVER\InterChk\ESXP\savxp\savconf.xml
Updating XML file in: \\SERVER\InterChk\ESXP\sau\sauconf.xml
For Windows NT4 computers
Anti-virus XML file in: \\SERVER\InterChk\ESNT\sav\savconf.xml
Updating XML file in: \\SERVER\InterChk\ESNT\sau\sauconf.xml
For Windows 95/98/Me computers
Anti-virus XML file in: \\SERVER\InterChk\ES9X\sav9x\savconf.xml
Updating XML file in: \\SERVER\InterChk\ES9X\sau\sauconf.xml
4. Use the tool configcid.exe, available from the Tools folder on the Sophos
Anti-Virus Network Install CD, to add the configuration files to the update list.
5. Now protect the computer, either manually (section 11) or by using a script
(section 12).
89
29.2 Protecting Mac OS X computers

Before you install Sophos Anti-Virus on Mac OS X computers, you need to
configure automatic updating and virus alerts.
1 At a Mac OS X computer, insert the Sophos Anti-Virus Supplementary CD.
Double-click the CD icon on the desktop.
2 In the CD window, double-click Sophos Anti-Virus for OS X 10.2+. Then
double-click the Sophos Update Manager icon.
3. In the Welcome dialog, click Choose. Select the directory in which EM
Library has placed Sophos Anti-Virus for Mac OS X. If the directory is on a
Windows computer, by default it is //SERVER/InterChk/ESOSX.
Then select Change default Sophos preferences. Click Next.
Do not select Manage virus identity files. EM Library manages these files.
90
4. In the Sophos Default Preferences dialog box, click the AutoUpdate tab. In
the Show pop-up menu, ensure that Network Settings is selected.
In the Primary Server tabbed page, select Network volume. In URL, enter
the full path to your central installation. If necessary, enter the User name
and Password needed to access the central installation. Click Set.
By default, the workstations are updated every sixty minutes. To change this
setting, select Scheduling in the Show pop-up menu.
Then click the Notification tab and continue to step 5.
5. At the Notification tabbed page, in the Show pop-up menu, choose Email
Notification. Select Enable on-access scanner email notification. Enter the
email address of the Recipient to whom you want alerts sent. Enter a
Sender address to which undelivered alerts can be returned. Then enter the
address and port number of the Outgoing mail server.
Click Set and close the dialog box.
91
6. If your central installation directory (CID) is held on a Mac OS X server, you

must now reset the file permissions for that directory, so that other
Macintoshes can access it later. In a Finder window, click Applications.
Then click Utilities. Double-click Terminal to open Terminal. Set the current
directory to the CID and run the following command:
chmod -R +x ESOSX
In future, when workstations try to update, you may sometimes see a
warning that the Sophos Anti-Virus installer could not be opened from the
CID. If so, reset the permissions again as above.
7. Now protect the computers, either manually (section 11) or by using a script
(section 12).
92
Appendix
Appendix: Enable other users to use Enterprise

Console
You can give other users rights to use Enterprise Console by making them
members of the Sophos Console Administrators group.
1. At the Windows taskbar, click Start|Settings|Control Panel|Admin
Tools|Computer Management.
2. In the Windows console tree, click Local Users and Groups|Users and
double-click the user you want to add to the Sophos Console Administrators
group.
3. In the users Properties dialog box, click the Member of tab and click Add.
94
4. In the Select Groups dialog box, highlight Sophos Console Administrators

and click Add. Your selection appears in the bottom pane. Click OK.
5. The users Properties dialog box now shows them to be a member of the
Sophos Console Administrators group. Click OK.
6. Restart Windows to enable the user to use Enterprise Console.

95
Technical support
A support knowledgebase and virus information are available on the Sophos
website www.sophos.com
Copyright 2005 by Sophos Plc

All rights reserved. No part of this publication may be reproduced, stored in a
retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise unless you are either a valid licensee where the
documentation can be reproduced in accordance with the licence terms or you
otherwise have the prior permission in writing of the copyright owner.
Any name should be assumed to be a trademark unless stated otherwise. Sophos is a
registered trademark of Sophos Plc.
200504

Startup Guide: Includes: Enterprise Console 1.0 EM Library 1.2 Sophos Anti-Virus

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Startup Guide: Includes: Enterprise Console 1.0 EM Library 1.2 Sophos Anti-Virus

Caricato da

Copyright:

Formati disponibili

Startup guide

About this guide

Sophos Anti-Virus startup guide

Document version 1.0

2 Install the management server

3 Reuse an existing library or libraries

4 Create a software library

5 Select a user account

7 Set the library to download updates automatically

9 Set up a remote console to manage networked computers

10 Protect networked computers against viruses

11 Protect computers with manual installation

12 Protect computers with a script

13 Protect computers not always on the network

14 Protect off-site computers

Managing anti-virus software

15 Check computers are protected

16 Find and fix out-of-date computers

17 Find and fix computers that are not running

18 Find and fix unmanaged computers

Document version 1.0

Sophos Anti-Virus startup guide

20 Deal with virus alerts

Protecting NetWare, UNIX or Linux computers

23 Protect UNIX or Linux computers

Advanced options for larger networks

25 Make updates available in a different directory

26 Make updates available from another server

27 Make updates available from many servers easily

28 Add a new software library

29 Protect computers without using the

Sophos Anti-Virus startup guide

Document version 1.0

Document version 1.0

Sophos Anti-Virus startup guide

1 What you need for installation

1.1 Requirements for the management server

1.2 Requirements for the remote management console

Sophos Anti-Virus startup guide

Document version 1.0

1.3 Requirements for the anti-virus software

If you have Windows XP Service Pack 2 computers running Windows

Sophos Anti-Virus 5.0 for Windows 2000/XP/2003 cannot be installed on

Document version 1.0

Sophos Anti-Virus startup guide

2 Install the management server

Sophos Anti-Virus startup guide

Document version 1.0

Document version 1.0

Sophos Anti-Virus startup guide

6. In the Ready to Install the Program dialog box, click Install.

7. The InstallShield Wizard Completed dialog box is displayed. Click Finish.

8. You are prompted to log off or restart, depending on the computers

Sophos Anti-Virus startup guide

Document version 1.0

10.A console is displayed. This is the console for Sophos EM Library.

Document version 1.0

Sophos Anti-Virus startup guide

3 Reuse an existing library or libraries

The new versions of Sophos Anti-Virus can be centrally configured, installed

3.1 Reconnect to a library

Sophos Anti-Virus startup guide

Document version 1.0