Skip navigation

With the security on Windows devices improving natively, things are a little more difficult now to push applications out to the desktop – this is something that should be welcomed, but at the same time makes installation of products like Sophos Antivirus a little more difficult to deploy via the Enterprise Manager.

There are some pre-requisite steps that now need to be taken prior to deployment:

1) Allow traffic to the SBS Server from the LAN.

netsh firewall add portopening TCP 8192 “Sophos”
netsh firewall add portopening TCP 8193 “Sophos”
netsh firewall add portopening TCP 8194 “Sophos”
netsh firewall add portopening TCP 8081 “Sophos quarantine digest”

2) Open up Group Policy and edit the Domain Group Policy ->Computer Config->Windows Settings ->Security Settings->System Services.  Ensure that:

Remote Registry: Automatic
Computer browser: Automatic

3) Allow traffic on the workstations…. Computer Config > Administrative Templates > network > Network Connections > Windows Firewall > Domain Profile

8192:TCP:<SERVERIP>:ENABLED:Sophos8192
8193:TCP:<SERVERIP>:ENABLED:Sophos8193
8194:TCP:<SERVERIP>:ENABLED:Sophos8294

You should then be able to assign the machines to groups within the Enterprise Console

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>