CryptoGuard working on a terminal server

Hello Eric,

We are currently completing the testing of RDS/XenApp for CryptoGuard on Central Windows Servers; we hope to have documented this official support for our CQ2 release.

If you are using Citrix, I would be interested to know which elements you are using (XenApp, XenDesktop) and which versions.

Regards,

Stephen

Hi Stephen

So am I right in thinking that although CryptoGuard is already available in the latest release of Server Protection Advanced, it's not currently certified as ready for use if the server is an RDS server, but fine otherwise? I've just installed Protection Advanced on an RDS server in my test environment and enabled CryptoGuard in the policy assuming it would then work as expected, protecting ransomware activity from any user on the RDS server?

Also, could you confirm that the CryptoGuard feature built in to Server Protection includes the rollback of encrypted files?

Thanks,

Matt

Hi Dan,

As you highlight with the Microsoft example, we are looking to achieve parity between the Endpoint and Server licenses. Therefore, if you are running Central Server Advanced on the RDS server, the users would require Central Endpoint Advanced licenses. The exception is CryptoGuard, as this is included in the Server Advanced license you would get this benefit with Endpoint Advanced, you are not required to purchase Intercept X.

Many thanks for your questions and feedback on this.

Regards,

Stephen

Hi Stephen,

Thanks again for taking the time to reply - that clears everything up nicely. Sorry to have fired so many questions at you!

Thanks,

Dan

Hi Stephen,

is it possible to buy Central Server Advanced and use only the Cryptoguard Feature on an RDS-Server (Citrix ......) to prevent for ransomware ?

My customer uses another antivirus-product on the rds-server and we need only the cryptoguard feature. 

I think we have to license intercept x then for all users connected to the rds-server.

Thanks

Gerd

Hi Gerd,

At this time, CryptoGuard is part of the Sophos Server protection agent, we are looking at plans to offer an Intercept X for Servers that would allow you to run alongisde traditional AV. Until then, you would need to replace the existing anti virus product on the server.

Regards,

Stephen

Hi Stephen,

thanks for your fast answer !!

If I replace the existing AV with Sophos Server Protection then I have to license also Sophos Endpoint Protection for the RDS-Server users ?

And it is not possible to license only Intercept X for these users ?

Regards

Gerd

Hi Gerd,

You are correct, and I should have made that clear in my response. The users connecting to the RDS server would also need a licence, again this would be Central Endpoint license, not Intercept X.

Regards,

Stephen

Hi Stephen,

thanks now it is clear !

Is there a timeline for intercept x for servers ?

Regards Gerd

Hi Gerd,

Not at this time.

Regards,

Stephen

Nice conversation.

I have a customer with Citrix and same issue as described here. It is more related to licensing. I think you need to think about to some license improvements.

For example, if the Organization is using 400 thin client (where you cannot install anything), 200 desktop and 20 Citrix License server, if I understood correctly, to be complaint with licensing we need to:

• buy 20 Central advanced Protection
• buy 400 Sophos Endpoint Protection (even if the real endpoint used will be 200)

Maybe a "Microsoft Terminal Services licenses like" should be thought and implemented soon.

From dashboard, the license says "20 Server advanced license been used" even if the users are many more.

Lastly, Sophos Server Advanced includes Cryptoguard and not the full intercept-X suite, so it means only RCA is missing, correct?

Any eta for it? Having RCA for TS is another way to understand better where the attack came from, which process, etc...

Thanks

Hi Luk,

Please can you elaborate on the 'Microsoft Terminal Services licenses'?

In our next release that will roll out in August we will correctly count users that logon to Remote Desktop servers for Microsoft and Citrix (XenApp). We will also show the RDS Server(s) under the users devices that they have logged into, and show all RDS Users from the RDS Server page.

Server Advanced is missing Anti Exploit and RCA from the Intercept X suite, we are still at the planning stage for Intercept X for Servers, so there are no dates yet for RCA etc

Regards,

Stephen

Hi Luk,

Please can you elaborate on the 'Microsoft Terminal Services licenses'?

In our next release that will roll out in August we will correctly count users that logon to Remote Desktop servers for Microsoft and Citrix (XenApp). We will also show the RDS Server(s) under the users devices that they have logged into, and show all RDS Users from the RDS Server page.

Server Advanced is missing Anti Exploit and RCA from the Intercept X suite, we are still at the planning stage for Intercept X for Servers, so there are no dates yet for RCA etc

Regards,

Stephen

Thanks Stephen for your reply.

For TS I meant Citrix and or Microsfot TS/RDP. So we have to wait new releases when the counting will work even for RDP.

For the Intercept-X, same story. We need to wait. At the moment cryptoguard and Lockdown are the feature to protect Servers.

[;)]