Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 974 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weirdness on management console

RobertL

Ref: Sophos Endpoint Security and Control, version 9.5

I'm helping out a small company with some issues, and I wanted to exclude a backup device from being scanned.  Whoever installed this software on this Windows 2003 R2 server managed to create, in Active Directory,  "SophosAdministrator" as a user and not as a group.

I detected this because the console shows most of the option grayed out. 

So, I renamed the user to "Sophos_Administrator" and then created the group "SophosAdministrator", and then put the server local admin into the group.  Then I rebooted the server, logged in as the local admin, but everything is still grayed out. 

I have no idea what to do now.  Any suggestions?  Thanks!

:8617


This thread was automatically locked due to age.
  • 0

    Hello RobertL,

    could you name a few options which are greyed out as I can't really imagine what you are seeing. It sounds more like the SAV GUI on the local machine. We can talk about the groups in detail if needed once it's clear what the problem is. Only this - while you can add or delete members to/from a Sophos group creating a group after install usually won't get you anywhere.

    Christian

    :8627
  • 0

    I'm talking about the icon in the bottom-right corner of the server... I right-click that and select "Open Sopho Endpoint Security and Control."   I see a screen titled "Sophos Endpoint Security and Control", with 2 panes. On the left are a Status box and a Help and information box.  In the right pane, a Anti-virus and HIPS box, a Tamper protection box, and an Updating box.

    In the Anti-virus and HIPS box, the 'Scan my computer', 'Scans', 'Manage quarantine items' and 'Configure anti-virus and HIPS' are selectable, but 'View anti-virus and HIPS log' is grayed out.  When I select 'Configure anti-virus and HIPS', I see 'Configure' and 'Alerting" items.  Under 'Configure', only the 'Right-click scanning' and 'Authorization' items are selectable, and the rest are grayed out.  

    I was originally trying this approach to make an exclusion, but ended up using the Enterprise console, but I am concerned about this grayed out items, and the whole SophosAdministrator user vs. group issue.  

    :8643
  • 0

    So it's the SAV GUI we are talking about. The last item in the Help and information box is View product information. Under General you have a line with Current user rights - the value should be Sophos Administrator but from your description I guess it is not. BTW: Is this a DC or a member server?

    Open machine.xml in %ALLUSERSPROFILE%\Sophos\Sophos Anti-Virus\config\. You'll see something like:

    <security>
           <roles>
                <role name="SophosAdministrator"><SID>S-1-5-21-1234567890-1234567890-123456789-1111</SID></role>
                <role name="SophosPowerUser"><SID>S-1-5-21-1234567890-1234567890-123456789-1112</SID></role>
                <role name="SophosUser"><SID>S-1-5-21-1234567890-1234567890-123456789-1113</SID></role>
           </roles>

    There might be more than one <SID></SID> value. Use PsGetSid from the Sysinternals PsTools suite to verify that they map to the correct groups. You can use PsGetSid to obtain the correct values and replace them in machine.xml.

    HTH

    Christian

    :8677