Is CryptoGuard in Central Server Protection Advanced working on a terminal server or a Citrix server?
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
Hello Eric,
We are currently completing the testing of RDS/XenApp for CryptoGuard on Central Windows Servers; we hope to have documented this official support for our CQ2 release.
If you are using Citrix, I would be interested to know which elements you are using (XenApp, XenDesktop) and which versions.
Regards,
Stephen
Hi Stephen
So am I right in thinking that although CryptoGuard is already available in the latest release of Server Protection Advanced, it's not currently certified as ready for use if the server is an RDS server, but fine otherwise? I've just installed Protection Advanced on an RDS server in my test environment and enabled CryptoGuard in the policy assuming it would then work as expected, protecting ransomware activity from any user on the RDS server?
Also, could you confirm that the CryptoGuard feature built in to Server Protection includes the rollback of encrypted files?
Thanks,
Matt
Hi Stephen,
Thanks for that. Can I just check to ensure I'm understanding correctly? If RDS is the only requirement, it doesn't matter which endpoint licenses you purchase, as long as you have one for each user? Your users would still be covered by all the Server Protection Advanced features while logged in to RDS, including CryptoGuard, even if you've only purchased Endpoint Standard for each user? You could, for example:
Purchase and install 1 x Server Protection Advanced for each RDS server
Purchase (but don't install on the endpoints) 1 x Endpoint Protection Standard for each user of that RDS platform
...and that would ensure they are protected, including for ransomware, within their RDS session? They wouldn't need to also purchase Intercept X for each end user, even though that's the only equivalent endpoint product that includes the CryptoGuard feature? I just want to double check I've got that right as the customer is specifically asking what licenses he needs to ensure his RDS users are protected within their session, and CryptoGuard is a key requirement.
This is all assuming CryptoGuard has been QA'd on RDS before they go ahead obviously.
[EDIT] I should have mentioned - in the back of my mind I have Microsoft Office licensing and how that works with regards to terminal services. MS require you to license each device that accesses the terminal services environment with a copy of Office that is the exact same edition as that which runs on the terminal server. You couldn't, for example, license the endpoints with Office Standard and install Office Pro Plus on the server as that would mean the users would have access to additional functionality for which they are not licensed. My worry would be that the same issue would apply with Sophos - to cover the feature set of Server Protection Advanced would require features that are spread across Endpoint and Intercept X (in the case of CryptoGuard).[/EDIT]
Thanks again,
Dan
Hi Dan,
As you highlight with the Microsoft example, we are looking to achieve parity between the Endpoint and Server licenses. Therefore, if you are running Central Server Advanced on the RDS server, the users would require Central Endpoint Advanced licenses. The exception is CryptoGuard, as this is included in the Server Advanced license you would get this benefit with Endpoint Advanced, you are not required to purchase Intercept X.
Many thanks for your questions and feedback on this.
Regards,
Stephen
Hi Stephen,
is it possible to buy Central Server Advanced and use only the Cryptoguard Feature on an RDS-Server (Citrix ......) to prevent for ransomware ?
My customer uses another antivirus-product on the rds-server and we need only the cryptoguard feature.
I think we have to license intercept x then for all users connected to the rds-server.
Thanks
Gerd
Hi Gerd,
At this time, CryptoGuard is part of the Sophos Server protection agent, we are looking at plans to offer an Intercept X for Servers that would allow you to run alongisde traditional AV. Until then, you would need to replace the existing anti virus product on the server.
Regards,
Stephen
Hi Stephen,
thanks for your fast answer !!
If I replace the existing AV with Sophos Server Protection then I have to license also Sophos Endpoint Protection for the RDS-Server users ?
And it is not possible to license only Intercept X for these users ?
Regards
Gerd
Nice conversation.
I have a customer with Citrix and same issue as described here. It is more related to licensing. I think you need to think about to some license improvements.
For example, if the Organization is using 400 thin client (where you cannot install anything), 200 desktop and 20 Citrix License server, if I understood correctly, to be complaint with licensing we need to:
Maybe a "Microsoft Terminal Services licenses like" should be thought and implemented soon.
From dashboard, the license says "20 Server advanced license been used" even if the users are many more.
Lastly, Sophos Server Advanced includes Cryptoguard and not the full intercept-X suite, so it means only RCA is missing, correct?
Any eta for it? Having RCA for TS is another way to understand better where the attack came from, which process, etc...
Thanks
Nice conversation.
I have a customer with Citrix and same issue as described here. It is more related to licensing. I think you need to think about to some license improvements.
For example, if the Organization is using 400 thin client (where you cannot install anything), 200 desktop and 20 Citrix License server, if I understood correctly, to be complaint with licensing we need to:
Maybe a "Microsoft Terminal Services licenses like" should be thought and implemented soon.
From dashboard, the license says "20 Server advanced license been used" even if the users are many more.
Lastly, Sophos Server Advanced includes Cryptoguard and not the full intercept-X suite, so it means only RCA is missing, correct?
Any eta for it? Having RCA for TS is another way to understand better where the attack came from, which process, etc...
Thanks
Hi Luk,
Please can you elaborate on the 'Microsoft Terminal Services licenses'?
In our next release that will roll out in August we will correctly count users that logon to Remote Desktop servers for Microsoft and Citrix (XenApp). We will also show the RDS Server(s) under the users devices that they have logged into, and show all RDS Users from the RDS Server page.
Server Advanced is missing Anti Exploit and RCA from the Intercept X suite, we are still at the planning stage for Intercept X for Servers, so there are no dates yet for RCA etc
Regards,
Stephen
Thanks Stephen for your reply.
For TS I meant Citrix and or Microsfot TS/RDP. So we have to wait new releases when the counting will work even for RDP.
For the Intercept-X, same story. We need to wait. At the moment cryptoguard and Lockdown are the feature to protect Servers.
[;)]