Sophos Antivirus Deployment How-To.

2:38 PM  Guillaume  3 comments

I came across a couple of issue while test-driving Sophos Antivirus Enterprise.

Here are the correct steps to deploy Sophos to Windows machines (XP, Vista and 7):
  1. Create a GPO named Disable UAC with the following settings and apply it to your hosts (Computer Configuration):
    Computer Configuration (Enabled)\Policies\Windows Settings\Security Settings\Local Policies/Security Options\User Account Control\Policy Setting
    User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Elevate without prompting
    User Account Control: Detect application installations and prompt for elevation Disabled
    User Account Control: Run all administrators in Admin Approval Mode Disabled

  2. Create a GPO named Remote Registry Service with the following settings and apply it to your hosts (Computer Configuration):
    Computer Configuration (Enabled)\Policies\Windows Settings\Security Settings\System Services\Remote Registry (Startup Mode: Automatic)
    Allow NT AUTHORITY\Authenticated Users Read
    Allow NT AUTHORITY\Authenticated Users Start, Stop, Pause and continue
    Allow CONTOSO\Domain Admins Full Control
    Allow CONTOSO\Domain Users Read
    Allow CONTOSO\Domain Users Start, Stop, Pause and continue

  3. Create a GPO named Sophos Firewall Exceptions with the following settings and apply it to your hosts (Computer Configuration):
    Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile
    Windows Firewall: Allow inbound file and printer sharing exception Enabled
    Windows Firewall: Allow inbound remote administration exception Enabled
    Windows Firewall: Define inbound port exceptions Enabled
    Define port exceptions:
    8192:TCP:*:enabled:SophosAdmin
    8193:TCP:*:enabled:SophosAdmin
    8194:TCP:*:enabled:SophosAdmin
    Windows Firewall: Define inbound program exceptions Enabled
    Define program exceptions:
    %programfiles%\Sophos\Sophos Anti-Virus\SavMain.exe:*:enabled:SophosAV

  4. Run the following command in your logon script: "netsh firewall set service type=FILEANDPRINT mode=ENABLE"
You should now be able to deploy Sophos Antivirus seamlessly.

Namaste.

Read More
Twitter Delicious Facebook Digg Stumbleupon Favorites More