If the Domain Controller is running Windows Server 2003, it is strongly advised that the Group Policy Management tool is installed.



Similar documents
How to Configure Sophos Anti-Virus for Home Systems

Sophos Anti-Virus for NetApp Storage Systems startup guide

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Sophos for Microsoft SharePoint startup guide

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Sophos Anti-Virus for Mac OS X Help

Sophos Anti-virus Basic Level Handout

Sophos Anti-Virus for Mac OS X: Home Edition Help

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Sophos Endpoint Security and Control standalone startup guide

Sophos Anti-Virus for Windows, version 7 user manual. For Windows 2000 and later

Sophos Enterprise Console Help

Sophos Anti-Virus for Mac OS X Help

K7 Business Lite User Manual

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

SARANGSoft WinBackup Business v2.5 Client Installation Guide

ACTIVE DIRECTORY DEPLOYMENT

System Administrator Guide

Lab A: Deploying and Managing Software by Using Group Policy Answer Key

In this note, you will learn the basic applications of McAfee VirusScan Enterprise (hereafter McAfee ). Six topics will be covered as below:

Best Practices for Deploying Behavior Monitoring and Device Control

Release Notes for Websense Security v7.2

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Comodo ONE Software Version 1.8

Best Practice Configurations for OfficeScan 10.0

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Managed Antivirus Quick Start Guide

How To Install Outlook Addin On A 32 Bit Computer

Sophos Anti-Virus for Mac OS X network startup guide

NETWRIX CHANGE NOTIFIER

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

ENABLE LOGON/LOGOFF AUDITING

Configuring the Samsung SDS CellWe EMM cloud connector

escan SBS 2008 Installation Guide

Sophos PUA Manual. To check now for PUAs, scan your computer. It will start as soon as you click on Scan My Computer. This may take a few minutes.

avast! Small Office Administration Console Small Office Administration Console User Guide

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Best Practice Configurations for OfficeScan (OSCE) 10.6

Using Internet or Windows Explorer to Upload Your Site

Create, Link, or Edit a GPO with Active Directory Users and Computers

Connection and Printer Setup Guide

Kaseya Server Instal ation User Guide June 6, 2008

Implementing Endpoint Protection in System Center 2012 R2 Configuration Manager

Trend Micro OfficeScan Best Practice Guide for Malware

Sophos Endpoint Security and Control Help. Product version: 11

Sophos Anti-Virus for Mac OS X Help. For networked and single computers running Mac OS X version 10.4 or later

How to Install Windows 7 software

Sophos Anti-Virus for Mac OS X network startup guide. For networked Macs running Mac OS X

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Sophos for Microsoft SharePoint Help

Network Connect Installation and Usage Guide

Lab - Configure a Windows Vista Firewall

USING SSL/TLS WITH TERMINAL EMULATION

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

PartnerConnect software. Installation guide

Deep Freeze and Microsoft System Center Configuration Manager 2012 Integration

Quickstart Guide. First Edition, Published September Remote Administrator / NOD32 Antivirus 4 Business Edition

Sophos Computer Security Scan startup guide

Comodo MyDLP Software Version 2.0. Endpoint Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Windows Server Update Services 3.0 SP2 Step By Step Guide

Installation Guide Command WorkStation 5.5 with Fiery Extended Applications 4.1

Bulk Downloader. Call Recording: Bulk Downloader

The FlexiSchools Online Order Management System Installation Guide

Virtual Office Remote Installation Guide

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Outpost Network Security

Lab - Configure a Windows 7 Firewall

Remote Access - Mac OS X

Trend Micro TM Worry-Free Business Security Services Integration with LabTech

How to integrate Verax NMS & APM with Verax Service Desk

Changing Your Cameleon Server IP

Configure SPLM 2012 on Windows 7 Laptop

User Management Tool 1.6

Fax and SMS Quickguide

User Guide Online Backup

FMAudit Local Agent Deployment Expectation Settings to Prepare Your Client IT Departments

Troubleshooting Guide

Sophos Endpoint Security and Control Windows Embedded test guide. Product version: 10

Install the Production Treasury Root Certificate (Vista / Win 7)

Web-Access Security Solution

Practice Fusion API Client Installation Guide for Windows

Setting Up Peak Performance Group Policies

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Sophos Endpoint Security and Control Help

1. Installation Overview

Wavecrest Certificate

EventTracker: Support to Non English Systems

Sophos Enterprise Console policy setup guide. Product version: 5.2

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

SMALL BUSINESS EDITION. Sophos Control Center startup guide

In this lab you will explore the Windows XP Firewall and configure some advanced settings.

FlexSim LAN License Server

DESKTOP CLIENT CONFIGURATION GUIDE BUSINESS

Transcription:

BGfL Proxy Servers Slow Internet Following a number of calls to the Link2ICT Service desk reporting slow Internet, Investigations were carried out by the BGfL team who identified that slow internet performance may be a result of Policy Central and a higher than normal number of virus alerts. In order to reduce the activity on the proxy servers, schools are advised to apply the configuration changes to Policy Central and Sophos Enterprise. The BGfL team have also installed additional proxy servers. Once schools have started to implement the instructions below, we should see a large improvement in Internet performance. 1. Policy Central Proxy Server by-pass Exception Schools should add an exception within Internet Options. The most effective method of applying this exception is via Group Policy, although many schools will already have this in place. Group Policy Management tool If the Domain Controller is running Windows Server 2003, it is strongly advised that the Group Policy Management tool is installed. This can be downloaded from the following URL: http://www.microsoft.com/downloads/details.aspx?familyid=0a6d4c24-8cbd-4b35-9272- DD3CBFC81887&displaylang=en Applying the Proxy Bypass Exception Click Start > Programs > Administrative Tools > Group Policy Management Expand the DOMAINS folder and beneath that click + to expand the School Domain. Right Click Default Domain Policy then click Edit, to open the Group Policy Object Editor. Click + next to User Configuration then Windows Settings then Internet Explorer Maintenance Click the Connection folder then in the Right Pane double click Proxy Settings. Derek Potter08/05/2009 page 1 of 6

Within the Proxy Settings dialogue box there should be settings for the proxy already populated i.e. eduproxy.bgfl.org on port 80 Add this if it does not already exist. Click on the window to the right, beneath the Exceptions window There may already be exceptions within the box, such as eportal settings Please leave these settings and add: 10.* <domain>.bham.sch.uk (replacing the domain with the schools internet domain name. pceconsole.bham.org.uk Use a semi-colon between entries i.e. 10.122.33.*;10.* To check that the workstation(s) are accepting the settings, open a Command Prompt by selecting Start > Run type CMD and press Enter Type GPUPDATE /FORCE and Press Enter - Accept an appropriate response of either log off or reboot. Note: if you have selected reboot, please ensure that no users are on the network when this option is selected. Check the settings within Control Panel > Internet Options > Connections > LAN Settings Derek Potter08/05/2009 page 2 of 6

2. Authorising Policy Central within Sophos Anti-Virus Overview of problem The presence of Policy Central (PCE) client software on a computer where Sophos Anti-Virus software is installed, will trigger an alert from the HIPS feature of Sophos Anti-Virus that denies PCE client executables the ability to start. A window similar to this will be displayed on the client desktop HIPS (Host Intrusion Prevention Program) is specifically designed to examine the behaviour of files and processes running on the computer to identify any potential threats from malware or similar types of programs. The nature of PCE client software is such that it is often identified as this form of software and so is summarily blocked from working. More details on the HIPS feature of Sophos are available from www.sophos.co.uk. The solution to this problem is to configure Sophos HIPS to allow the executables that relate to PCE client software to run. Sophos will then ignore these files if they are detected and PCE client can function normally. Using Sophos Enterprise Console to Authorise Policy Central In establishments where Sophos Anti-Virus is managed by Sophos Enterprise Manager, the Sophos Enterprise Console Anti-Virus and HIPS policy can be used to deploy the Authorisation to all Sophos Anti-Virus clients. Both the Default and the Servers policy will need to be amended. Right-click the applicable Anti-Virus and HIPS policy (e.g. Default) Choose 'view/edit policy' from the menu. Derek Potter08/05/2009 page 3 of 6

Click the On-Access Scanning button. Click the Windows Exceptions tab. Click Add Enter C:\WINDOWS\System32\PCENT\PCClient.exe Repeat for the following files: Click the Messaging button Click the Email alerting tab Un-tick Suspicious Behaviour detection Un-tick Suspicious File detection Derek Potter08/05/2009 page 4 of 6

Click the Authorisation button Click the Suspicious behaviour tab Look for the following files in the Known Applications box on the left hand side: PCClient.exe If these files are present, click on these files to highlight them and click the Add button to move them to the Authorised Applications box on the right hand side. Click the Extensions and Exclusions button against the Scheduled Scanning Click the Exclusions tab Click Add Enter C:\WINDOWS\System32\PCENT\PCClient.exe Repeat for the following files: Repeat for the Servers policy In Sophos Enterprise Console, ensure that all computers on the network are protected, managed and assigned to appropriate groups in Sophos Enterprise Console. Click on each group in Sophos Enterprise Console and select all computers using Ctrl A Right click on the selected computers and select Comply With.. and then All Group Policies Ensure all computers say Same as policy under the Anti-Virus and HIPS policy and Updating policy. Derek Potter08/05/2009 page 5 of 6

Using Authorization Manager on Standalone computers In an un-managed Sophos environment, this is performed from the 'Authorization Manager' dialog accessed from within the local Sophos Anti-Virus Console. Open Sophos Anti-Virus by right clicking on the blue Sophos Shield in the Windows Task bar Select Configure Sophos Anti-Virus Click on the Authorisation link Click the Suspicious behaviour tab Look for the following files in the Known Applications box on the left hand side: PCClient.exe If these files are present, click on these files to highlight them and click the Add button to move them to the Authorised Applications box on the right hand side. Note: If these files have not already been detected, they can be manually added using the New Entry button to navigate to the files and add them. 3. Virus Alerts Link2ICT will be reviewing the number of alerts received. Where it has been identified that there are a large number of alerts, schools will be notified with a request that they act to eradicate the virus from the school network. If you have any questions, queries or require assistance with the instructions above, please contact the Link2ICT Service Desk on 0121 303 5100 or email servicedesk@link2ict.org Derek Potter08/05/2009 page 6 of 6