Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

The following items need to be attended to by an administrator in order to incorporate and maintain systems that use Sophos Anti-Virus on the Sophos Enterprise Console:

 

  • DAILY PROCEDURES

 

    • Add new systems to appropriate Policies
      • Systems are assigned to a policy, either as a WORKSTATION or as a SERVER
      • <CLICK> on MANAGED in the Dashboard, then <CLICK> on UNASSIGNED in the Groups area to see what systems need to be assigned to a policy
      • Determine which policy best suits a new system by reviewing where other similar systems have been placed either in the SERVERS, WORKSTATIONS or NOT PROTECTED area.
      • <CLICK>, DRAG and DROP the UNASSIGNED system into the appropriate area
      • Compare the number of systems supported in the GLOBAL GROUP by comparing it to the number of MANAGED systems in the DASHBOARD; they should match
    • Resolve COMPUTERS WITH ALERTS in the DASHBOARD
      • <CLICK> on any of the three categories that show systems with issues – VIRUSES/SPYWARE, SUSPICIOUS BEHAVIOR/FILES, or ADWARE AND PUA
      • <RIGHT CLICK> on a specific system and select RESOLVE ALERTS AND ERRORS
      • Determine whether the system can be CLEANED; if so, select it to be cleaned and initiate a clean
      • Select all systems and ACKNOWLEGE the issue
    • Resolve COMPUTERS THAT DIFFER FROM POLICY – Select it under POLICIES in the DASHBOARD
      • Highlight all "available" systems
      • <RIGHT CLICK> on those systems and select COMPLY WITH and select GROUP UPDATING POLICY
      • <RIGHT CLICK> on those systems and select COMPLY WITH and select GROUP ANTI-VIRUS AND HIPS POLICY
      • No other policies need to be updated
    • Resolve OUT-OF-DATE COMPUTERS – Select it under PROTECTION in the DASHBOARD
      • Highlight all "available" systems
      • <RIGHT CLICK> on those systems and selectUPDATE COMPUTERS NOW

     

    • Resolve3 COMPUTERS WITH ERRORS
      • Sort by SCANNING ERRORS
      • Highlight all "available" systems with scanning errors
      • <RIGHT CLICK> and select RESOLVE ALERTS AND ERRORS
      • ACKNOWLEDGE all items – Chances are they are just missing folders on the system or rootkit scans that were interrupted
      • Sort by UPDATE ERRORS
      • Highlight all "available" systems with scanning errors
      • <RIGHT CLICK> on all items except RESTART NEEDED FOR UPDATES TO TAKE EFFECT (Can't do anything about those) and select UPDATE COMPUTERS NOW

 

  • PERODIC MAINTENANCE (To be performed monthly)
    • Delete items with duplicated IP Addresses
      • Select ALL under COMPUTERS in the DASHBOARD
      • <CLICK> on Global Groups under the GROUPS panel
      • <CLICK> on the COMPUTER DETAILS tab
      • Sort by IP ADDRESS
      • Locate systems with duplicated IP ADDRESSes
      • Delete the oldest of the two as determined by LAST MESSAGE TIME; those systems shouldn't be communicating with the Console any more
  • No labels