Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 22 replies
  • Answers 3 answers
  • Subscribers 16 subscribers
  • Views 61286 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CryptoGuard working on a terminal server

EricKant

Is CryptoGuard  in Central Server Protection Advanced working on a terminal server or a Citrix server?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Eric,

    We are currently completing the testing of RDS/XenApp for CryptoGuard on Central Windows Servers; we hope to have documented this official support for our CQ2 release.

    If you are using Citrix, I would be interested to know which elements you are using (XenApp, XenDesktop) and which versions.

    Regards,

    Stephen

  • 0 in reply to StephenMcKay

    Hi Stephen

    So am I right in thinking that although CryptoGuard is already available in the latest release of Server Protection Advanced, it's not currently certified as ready for use if the server is an RDS server, but fine otherwise? I've just installed Protection Advanced on an RDS server in my test environment and enabled CryptoGuard in the policy assuming it would then work as expected, protecting ransomware activity from any user on the RDS server?

    Also, could you confirm that the CryptoGuard feature built in to Server Protection includes the rollback of encrypted files?

    Thanks,

    Matt

  • 0 in reply to GerdNesch

    Hi Gerd,

    At this time, CryptoGuard is part of the Sophos Server protection agent, we are looking at plans to offer an Intercept X for Servers that would allow you to run alongisde traditional AV. Until then, you would need to replace the existing anti virus product on the server.

    Regards,

    Stephen

  • 0 in reply to StephenMcKay

    Hi Stephen,

     

    thanks for your fast answer !!

     

    If I replace the existing AV with Sophos Server Protection then I have to license also Sophos Endpoint Protection for the RDS-Server users ?

    And it is not possible to license only Intercept X for these users ?

     

    Regards

     

    Gerd

  • 0 in reply to GerdNesch

    Hi Gerd,

    You are correct, and I should have made that clear in my response. The users connecting to the RDS server would also need a licence, again this would be Central Endpoint license, not Intercept X.

    Regards,

    Stephen

  • 0 in reply to StephenMcKay

    Hi Stephen,

     

    thanks now it is clear !

     

    Is there a timeline for intercept x for servers ?

     

     

    Regards Gerd

  • 0 in reply to GerdNesch

    Hi Gerd,

    Not at this time.

    Regards,

    Stephen

  • 0 in reply to StephenMcKay

    Nice conversation.

    I have a customer with Citrix and same issue as described here. It is more related to licensing. I think you need to think about to some license improvements.

    For example, if the Organization is using 400 thin client (where you cannot install anything), 200 desktop and 20 Citrix License server, if I understood correctly, to be complaint with licensing we need to:

    • buy 20 Central advanced Protection
    • buy 400 Sophos Endpoint Protection (even if the real endpoint used will be 200)

    Maybe a "Microsoft Terminal Services licenses like" should be thought and implemented soon.

    From dashboard, the license says "20 Server advanced license been used" even if the users are many more.

    Lastly, Sophos Server Advanced includes Cryptoguard and not the full intercept-X suite, so it means only RCA is missing, correct?

    Any eta for it? Having RCA for TS is another way to understand better where the attack came from, which process, etc...

    Thanks

  • 0 in reply to lferrara

    Hi Luk,

    Please can you elaborate on the 'Microsoft Terminal Services licenses'?

    In our next release that will roll out in August we will correctly count users that logon to Remote Desktop servers for Microsoft and Citrix (XenApp). We will also show the RDS Server(s) under the users devices that they have logged into, and show all RDS Users from the RDS Server page.

    Server Advanced is missing Anti Exploit and RCA from the Intercept X suite, we are still at the planning stage for Intercept X for Servers, so there are no dates yet for RCA etc

    Regards,

    Stephen

  • 0 in reply to StephenMcKay

    Thanks Stephen for your reply.

    For TS I meant Citrix and or Microsfot TS/RDP. So we have to wait new releases when the counting will work even for RDP.

    For the Intercept-X, same story. We need to wait. At the moment cryptoguard and Lockdown are the feature to protect Servers.

    [;)]

  • 0 in reply to GerdNesch

    Hi Gerd,

    We are working on plans to bring Intercept X to Windows Servers, timeframe to be confirmed. Can I ask, are there specific components that you would like, or is it the ability to co-exist with other AV?

    Is this specifically for RDS environments?

    Regards,

    Stephen

  • 0 in reply to StephenMcKay

    Hi all,

    We have published this article; https://community.sophos.com/kb/en-us/127299 to confirm our support of CryptoGuard (plus other features) on Temrinal Servers. We are working on further enhancements to our support which I will share with the community early in 2018.

    Regards,

    Stephen

Reply Children
No Data
Unfiltered HTML