/
Sophos Adminstrative Procedures for the Enterprise Console

Sophos Adminstrative Procedures for the Enterprise Console

Owned by Dennis H. Wiedeman
Last updated: Mar 01, 2012

The following items need to be attended to by an administrator in order to incorporate and maintain systems that use Sophos Anti-Virus on the Sophos Enterprise Console:

 

  • BOOTING / REBOOTING PROCEDURE – The Sophos VM's will not come up correctly, as evidenced by the UPDATES – they will stop updating.  Also, chances are the Console won't even come up, because the SOPHOS MANAGEMENT SERVICE won't start.  So, you have to stop services, then start them in this order:

 

    • STOP THESE SERVICES IN THIS ORDER
      • Sophos Message Router
      • Sophos Certification Manager
      • Sophos Agent
      • Sophos Update Manager
      • (Sophos Management Service) – Only if it is started
    • START THESE SERVICES IN THIS ORDER
      • Sophos Message Router
      • Sophos Certification Manager
      • Sophos Agent
      • Sophos Update Manager
      • Sophos Management Service – If this service doesn't start, you're hosed.  Good luck.

 

  • DAILY PROCEDURES

 

    • Add new systems to appropriate Policies
      • Systems are assigned to a policy, either as a WORKSTATION or as a SERVER
      • <CLICK> on MANAGED in the Dashboard, then <CLICK> on UNASSIGNED in the Groups area to see what systems need to be assigned to a policy
      • Determine which policy best suits a new system by reviewing where other similar systems have been placed either in the SERVERS, WORKSTATIONS or NOT PROTECTED area.
      • <CLICK>, DRAG and DROP the UNASSIGNED system into the appropriate area
      • Compare the number of systems supported in the GLOBAL GROUP by comparing it to the number of MANAGED systems in the DASHBOARD; they should match
    • Resolve COMPUTERS WITH ALERTS in the DASHBOARD
      • <CLICK> on any of the three categories that show systems with issues – VIRUSES/SPYWARE, SUSPICIOUS BEHAVIOR/FILES, or ADWARE AND PUA
      • <RIGHT CLICK> on a specific system and select RESOLVE ALERTS AND ERRORS
      • Determine whether the system can be CLEANED; if so, select it to be cleaned and initiate a clean
      • Select all systems and ACKNOWLEGE the issue
    • Resolve COMPUTERS THAT DIFFER FROM POLICY – Select it under POLICIES in the DASHBOARD
      • Highlight all "available" systems
      • <RIGHT CLICK> on those systems and select COMPLY WITH and select GROUP UPDATING POLICY
      • <RIGHT CLICK> on those systems and select COMPLY WITH and select GROUP ANTI-VIRUS AND HIPS POLICY
      • No other policies need to be updated
    • Resolve OUT-OF-DATE COMPUTERS – Select it under PROTECTION in the DASHBOARD
      • Highlight all "available" systems
      • <RIGHT CLICK> on those systems and selectUPDATE COMPUTERS NOW

     

    • Resolve3 COMPUTERS WITH ERRORS
      • Sort by SCANNING ERRORS
      • Highlight all "available" systems with scanning errors
      • <RIGHT CLICK> and select RESOLVE ALERTS AND ERRORS
      • ACKNOWLEDGE all items – Chances are they are just missing folders on the system or rootkit scans that were interrupted
      • Sort by UPDATE ERRORS
      • Highlight all "available" systems with scanning errors
      • <RIGHT CLICK> on all items except RESTART NEEDED FOR UPDATES TO TAKE EFFECT (Can't do anything about those) and select UPDATE COMPUTERS NOW

 

  • PERODIC MAINTENANCE (To be performed monthly)
    • Delete items with duplicated IP Addresses
      • Select ALL under COMPUTERS in the DASHBOARD
      • <CLICK> on Global Groups under the GROUPS panel
      • <CLICK> on the COMPUTER DETAILS tab
      • Sort by IP ADDRESS
      • Locate systems with duplicated IP ADDRESSes
      • Delete the oldest of the two as determined by LAST MESSAGE TIME; those systems shouldn't be communicating with the Console any more