User Manual Supplement - Sophos
Sophos AV Interface Software Development Kit - User Manual Supplement
SAVI SDK Supplement Document version: 1.0 Document date: November 2016
SAVI SDK Contents 1 2 3 About this supplement . 4 1.1 Revision history . 4 1.2 Contents of this supplement . 4 SAVI configuration options . 5 2.1 Overview . 5 2.2 Using SAVI configuration options . 5 2.3 Current SAVI configuration options. 7 SAVI return codes . 22 3.1 Fatal Return Values. 22 3.2 Serious return values . 24 3.3 Normal return values. 26 3.4 Callback return codes . 28 4 SAVI storage IDs . 30 5 Data types . 36 Technical support . 37 Legal notices . 38 Page 3
SAVI SDK 1 About this supplement This SDK manual supplement complements the SAVI SDK Manual and should be read in conjunction with that. It describes aspects of SAVI which tend to change more frequently than the information in the Manual. These are typically the result of ongoing development of the SAVI library, Sophos Threat Engine and Threat Data, for example the list of configuration options. 1.1 Revision history Version Date Summary 1.0 Nov. 2016 Initial version based on ‘SAVI DTK’ enhanced with newer features. 1.2 Contents of this supplement A list of SAVI Configuration options including option data types, default values, and scope. Also notes on what the option controls and where necessary guidance on how to use it. SAVI return codes and their meanings. The list of ‘Storage IDs’ which can be returned by SAVI while scanning an item. These typically correspond to a file type, e.g. Windows Portable Executable file. Builds of the SAVI library that are currently supported: target platforms, versions, compiler details, word sizes, CPU architectures. Stream properties and scan context items (?). For full information about implementing SAVI, see the SAV Interface Software Development Kit User Manual, which is also included in the SAVI SDK. These are also available on the OEM Integration Resources webpage of the Sophos website. Page 4
SAVI SDK 2 SAVI configuration options 2.1 Overview This section contains a brief overview of SAVI configuration, along with a list of the current SAVI configuration options. SAVI configuration options control: The file types handled by SAVI The behaviour of SAVI as it scans files They are also used for other general configuration purposes. Full information about how to use the member functions of the SAVI interfaces and enumerators is available in the SAV Interface Software Development Kit user manual. Note: The list of virus engine configuration options grows as more features and support for new file types are added to SAVI. 2.2 Using SAVI configuration options 2.2.1 SAVI configuration options - general information Each SAVI configuration option has a unique name that is used to control the value of the associated SAVI feature (e.g. to turn on or off the handling of ZIP archives). SAVI configuration option names are case insensitive and don't contain spaces. Names are passed to SAVI as an LPCOLESTR data type. Depending on the platform, this either maps to a pointer to a wide character string (16 bit, Unicode), or a char/multibyte string (8 bit). In the event of a mismatch in character encoding between SAVI and the client application, the client must carry out any necessary conversions. Numeric values passed into SAVI as strings are in decimal, not hexadecimal. Each SAVI configuration option also has a unique type, one of the SOPHOS TYPE . codes listed in the header file savitype.h, under "Configuration option types". Currently-used configuration option types are listed in SAVI configuration option data types. Values are passed in and out of SAVI as strings. This enables a number of different data types to be passed through a single API. Client applications must, where appropriate, convert numeric values to and from strings using appropriate conventions for the configuration option type. As with SAVI option names, the value string is an LPCOLESTR data type, and can therefore point to 8 or 16 bit data. When changing a SAVI configuration option, both the name and the type must be passed through the SAVI API. 2.2.2 Option classes Most SAVI options simply affect a single SAVI object and can be modified, read back and reset to defaults. Some options have additional classification which may affect this. The classes described below are not mutually exclusive i.e. a particular option may fall into more than one of the following classes. Page 5
SAVI SDK 2.2.2.1 Global options Most SAVI configuration options are ‘local’ and apply just to the SAVI object receiving the call to SetConfigValue(). However, there is a set of options which are shared by all SAVI objects running in a process. If one of these options is changed then it will affect all SAVI objects, not just the one being called. These options relate to aspects of SAVI which are also shared between the SAVI objects running in a process, in particular the threat data. SAVI client applications should be aware that changing a global option will affect other SAVI objects running in that process and may have secondary effects. For example, changing the threat data location will cause threat data to be reloaded the next time it’s needed. This can have an impact on client performance as scanning on other SAVI objects will be blocked during data load. A similar issue can occur if one of these options is changed followed a little later by a call to SetConfigDefaults. Depending on the timing of calls to SweepFile, this can result in multiple data reloads. It should also be noted that, as a shared resource, care may be needed when changing these options on multiple SAVI object and/or threads. The majority of supported SAVI platforms have built-in thread synchronisation which will prevent conflicts here, but the designer of the client application needs to be aware of possible interactions between threads when using these options. 2.2.2.2 Hidden options Some options are not reported via the GetConfigEnumerator() API. This will result in them not being reported in user interfaces which display a list of supported options read in this way. However, the options themselves can be modified and/or read as long as the option name and data type is known. This information on hidden options is mostly defined in the savitype.h header. 2.2.2.3 Immutable options Some options must be set before SAVI object initialisation. Once SAVI has been initialised then the option can no longer be modified. Global and immutable options are highlighted in blue, with further details in the ‘Description’ column. 2.2.3 Option data types SAVI configuration option data types are listed under "Configuration option types" in the header file savitype.h, but not all of them are currently in use. The following is a list of currently-used data types along with the abbreviation used in option definitions. SOPHOS TYPE U16 U16 SOPHOS TYPE U32 U32 Page 6 Unsigned 16-bit value. Passed to and from SAVI as a string representing the decimal value of the configuration option. Unsigned 32-bit value. Passed to and from SAVI as a string representing the decimal value of the configuration option. Many on/off settings are configured as SOPHOS TYPE U32, and are controlled by being set to 1 or 0 respectively.
SAVI SDK SOPHOS TYPE OPTION GROUP A numeric value that may be 0, 1 or 2. Passed to and from SAVI as a string representing the value of the GRP configuration option. See ‘SAVI group configuration options’ below for more information. SOPHOS TYPE STRING STR This setting type represents a string, and so can be passed to and from SAVI directly, without needing any translation. Note: When calling SetConfigValue() for a setting of this type, SAVI takes a copy of the string, so the client may safely free the string buffer after the call. 2.3 Current SAVI configuration options This section lists the current SAVI configuration options along with information about meaning and usage. The ‘Definition’ columns list the name of the option, the data type and the default value. Notes: 2.3.1 Not all settings are supported on all platforms. The list is not comprehensive and will be added to as time goes by. Client code must be designed with this in mind. Many but not all option names are defined by symbols in savitype.h. SAVI group configuration options Many configuration options have similar characteristics and can therefore be grouped, for example, into those that handle similar types of files. Group configuration options enable you to switch all the individual options in a group on or off with a single call to SetConfigValue(). This simplifies client code, which would otherwise have to make numerous calls to SetConfigValue(). It also means new configuration options that fall into a particular group are automatically controlled by the group configuration option, so you do not necessarily need to update SAVI client code to deal with new configuration options. Group configuration options take one of three values: “0” represents off. “1” represents on. Any other string represents invalid. invalid is not an error state. SAVI returns invalid if GetConfigValue() is called for one of the group configuration options (along with the informational return value SOPHOS SAVI INFO OPT GRP INVAL RTN). This is because the state of a number of options cannot be represented by a single value. If an invalid value is passed using SetConfigValue() then none of the configuration options in the group will be altered. Some individual options fall under the control of more than one group configuration option. When configuring SAVI, first set the value of the group configuration option, then set the value of individual options. For example, if all archive formats except UUE are required, set GrpArchiveUnpack to on, then UueDecompression to off. Page 7
SAVI SDK Note: Use of group configuration options is optional. SAVI can be configured just as well using individual options. Group options are available as a shortcut and to offer a degree of future-proofing in areas of SAVI configuration where precise control of every option is not critical. The following is a list of the currently defined group configuration options. They are all U32 and do not have a default value. ‘Abbr.’ is the abbreviation used in ‘Grp.’ columns in subsequent configuration option lists. Name Description Abbr. GrpArchiveUnpack All archive and compressed archive file formats (e.g. ZIP, UUE, etc). A GrpSelfExtract File formats that contain an executable stub that automatically decompresses the body of the file. S GrpExecutable Executable files. E GrpInternet File formats commonly in use on the Internet. I GrpMSOffice Office suite file formats from Microsoft and other supported vendors. O GrpMisc File formats that do not fall into any of the above categories. Deprecated. M GrpDisinfect Enables or disables disinfection of all files for which disinfection is supported. D GrpClean All “clean” file formats. C GrpWebArchive Compression formats commonly used in HTTP and supported by web browsers. W GrpWebEncoding HTML encoding schemes commonly used in web pages. N GrpSuper Any option that is part of a group is also included in this group. Strongly deprecated – there are likely to be unanticipated option modifications if a client app uses this group. It can be assumed that any option that belongs to a group is also in GrpSuper. 2.3.2 File type options These options control handling of different types of file. Definition Description Grp Access, U32, off Enables scanning of databases saved in Microsoft Access (MDB) format. O Page 8
SAVI SDK Definition Description Grp ActiveMimeHandling, U32, on Enables the detection of macro viruses within Microsoft Office documents saved in ActiveMime document format. I AppleSingle, U32, on Enables scanning of Macintosh files saved as a single file in situations where support for Macintosh dual forks is not possible (e.g. MIME files). AI Base64, U32, off Enables scanning of files encoded using the BASE64 scheme in situations where this is not flagged by, for example, a MIME header line. MI N Dmg, U32, off Enables scanning of disk file images in Apple DMG format. Note - Scanning of DMG files also requires the appropriate file system plugin (e.g. Hfs , see Hfs option) to be enabled. DynamicDecompression, Controls the ability to scan inside supported types of U32, on dynamically compressed executables. This type of file appears to be a normal executable. The main part of the program is compressed and extracted into memory at runtime. Sophos recommends this option should be turned on. S Elf, U32, on Controls the module that interprets ELF binary files. This format is used for many Linux and FreeBSD executable files. E Epoc Enables scanning of Symbian format mobile device executables. Retired in Engine ver 3.64. Hfs, U32, off Enables support for the Apple HFS file system as often encountered in DMG files (see also Dmg option). Http, U32, off Enables the scanning of HTTP streams. I Html, U32, on Controls the module that optimises scanning in HTML files. I ITSS, U32, off Enables scanning of Microsoft Compressed Help files (.chm, .hxs). A W Java, U32, on Enables scanning of Java class files. EI MachO, U32, on Enables scanning of Mach-O executables (used on Mac OS X). Note that “O” is the letter, not a zero. E Mbox, U32, off Enables scanning of Unix 'mbox' format mail stores. I Mime, U32, off Enables decoding and scanning inside a MIME encoded message block. IN Msi, U32, off Enable scanning of MS Installer files. This needs other options, such as MSCabinet, to be set to be effective, depending on the file content. Page 9
SAVI SDK Definition Description Grp Odoc, U32, on Enables support for ""Open Document"" format, (generally consisting of XML within a zip archive). This includes both StarOffice/OpenOffice and Microsoft OpenXML formats (see Sdoc and Oxml options). O Office2001Handling, U32, on Controls the ability of the engine to understand Microsoft Office 2001 files. This version of Office was only released on the Macintosh platform. O OleDataMsoHandling, U32, on Enables scanning of files saved in HTML format from Microsoft Office. O OleRawHandling, U32, on Enables scanning of other OLE types (e.g. messages saved in Microsoft Outlook). IO OleScriptHandling, U32, on Enables scanning of Access macros. O Ole2Handling, U32, on Enables the intelligent scanning of OLE2 (Microsoft Office) format documents. Sophos recommends that this option should be turned on. O OutlookExpress, U32, off Enables scanning of files contained within Outlook Express mailboxes. NB: to scan email attachments, also set the Mime option. I Oxml, U32, on Enable scanning of Microsoft Open XML documents (use in conjunction with Odoc option). O PalmPilotHandling, U32, on Enables the scanning of Palm Pilot format files (.prc). M Pdf, U32, on Controls the PDF file interpretation module. M PEHandling, U32, on Enables the intelligent scanning of Win32/PE format files. This is the standard format for Windows executable binaries such as .exe and .dll. E ProjectHandling, U32, on Enables the scanning of VBA macros in Microsoft Project. O Rtf, U32, on Enables scanning for objects that may be embedded inside Rich Text Format files. O M Sdoc, U32, on Enable scanning of StarOffice /OpenOffice documents (use in conjunction with Odoc option). O Sis Enable scanning of 'SIS' (Symbian Installation System) files as used on some mobile devices. Retired ver 3.64. Page 10
SAVI SDK Definition Description Grp Vbe, U32, on Enables the scanning of encoded VBScript files. I VisioFileHandling, U32, on Enables scanning of macros inside Microsoft Visio files. O WordB, U32, on Enables scanning of WordBasic. O Xml, U32, off Enables scanning of XML files. Note - scanning of files saved in XML format by Microsoft Office 11 is enabled using the XmlOdoc option. XmlOdoc, U32, on Enables detection of Open Document files (and subsequent processing) without requiring the XML plugin (Xml option) to be enabled first. O Note. Options that are marked as “Retired” will be accepted and appear to function normally but the capability has been removed from the engine. 2.3.3 Archive handling A subset of file types which represent various kinds of archive, both compressed and uncompressed. Definition Description Grp ArjDecompression, U32, off Enables decompression of Arj archives. A ASPack, U32, off Enables scanning inside ASPack self-extracting executable archives. S Bzip2, U32, off Enables decompression of BZip2 archives. A CmzDecompression, U32, off Enables decompression of Cmz archives. A Fsg, U32, on Enables scanning inside FSG self-extracting executable archives. S GzipDecompression, U32, off Enables decompression of Gzipped archives. M W HqxDecompression, U32, off Controls the ability to extract files from BinHex archives. A ISCabinet, U32, off Enables decompression of Cabinet files created using the InstallShield compression format (e.g. sys1.cab). A Lha, U32, off Enables decompression of Lha archives. A Page 11
SAVI SDK Definition Description Grp MbinDecompression, Controls the ability to look inside MacBinary archives. U32, off A MSCabinet, U32, off Enables decompression of Microsoft Cabinet files (cab). (Partial files at the beginning and end of multi-part cabinet files will not be fully scanned). A MSCompress, U32, off Controls the ability to scan inside files compressed with the Microsoft compression utility. A PECompact, U32, on Enables scanning inside PECompact self-extracting executable archives. S RarDecompression, U32, off Enables decompression of RAR archives. A Rpm, U32, off Enables the scanning of distribution archives in RedHat Package Manager format. NB: to scan .rpm files, set the GZipDecompression and UnixArchive options as well. A Saveset, U32, off Enable scanning of VMS 'saveset' archives SfxArchives, U32, on Enables the virus engine to search in supported types of selfextracting archive. Stuffit, U32, off Enables detection and reporting of some types of Stuffit archives. Szip, U32, off Enable Seven Zip support. A TarDecompression, U32, off Enables scanning inside Unix tar archives. A UnixArchive, U32, off Enables scanning inside Unix archive types (ar, cpio). A Upx, U32, on Enables scanning inside UPX-compressed self-extracting executable archives. S UueDecompression, U32, off Enables the virus engine to decode UUEncoded files. The UUEncode portion must start within the first 4k of the document. A ZipDecompression, U32, off Enables scanning inside Zip archives. A W Page 12 AS
SAVI SDK 2.3.4 Clean file types Definition Description Grp CleanBmp, CleanGif, CleanJpeg, CleanPng, CleanRiff, CleanTiff, CleanMp3, CleanMpeg Certain file formats (e.g. .bmp bitmap files) cannot contain viruses. These options enable files of the corresponding types to be positively identified and scanning of them to be stopped. This results in more efficient scanning of these file types. C U32, on 2.3.5 File-specific handling Options which give more detailed control of how certain file types are handled by the Threat Engine. Definition Grp Description ConcatenatedArchives, Extends processing of multiple archive files which have been U32, off concatenated together so that they are all processed, even if they are separated by some junk data. NB can increase scan times slightly. DecompressVBA5, U32, on Decompresses the text part of a VBA5 project before scanning. This area is often corrupted, but can help positive identification of some viruses. O ExcelFormulaHandling, U32, on Enables scanning of Excel formulas for known formula viruses. Formulas occupy cells on the worksheet and should not be confused with macros. O FullPdf, U32, off Enables every part of a PDF file to be scanned, not just the embedded file streams. This takes longer. IgnoreTemplateBit, U32, on Microsoft Office documents that contain executable macros will usually have a single bit in the file header set to 1 to indicate the presence of executable code. Under normal circumstances macros contained in a file that does not have this bit set are not able to execute. If this option is turned off, the Virus Engine will scan only files with this template bit set to 1. Sophos recommends that you keep this option turned on. ISCabinetFull, U32, off Increases detection reliability in old format InstallShield files, but with a slight performance overhead. LoopBackEnabled, Controls SAVI's ability to scan inside certain types of container file (e.g. FAT container files or disk image files such M Page 13
SAVI SDK Grp Definition Description U32, off as are found in CD boot sectors or on OpenVMS). MimeEmbedded, U32, on To enable scanning of email embedded inside another email rather than an attachment. MimeEmbedLimit, U16, 25 Maximum number of embedded file streams that can be extracted from a MIME file. MimeEmbedLines, U16, 500 The maximum number of lines MIME source to scan looking for embedded objects (inline BASE64). MimeRescan, U32, 2 Enable the Virus Engine to rescan a MIME encoded object as a single object after scanning the individual message parts. The default value of 2 means 'automatic' i.e. the Virus Engine will decide when to temporarily enable the option while scanning MIME. NamespaceSupport, U32, (default: see description) Controls handling of Macintosh (resource data fork) files and archives (on platforms where these are supported). Settings are SOPHOS MAC FILES (enable scanning for Mac viruses), SOPHOS DOS AND MAC FILES (also scan data fork) or SOPHOS DOS FILES (disable Mac file scanning). Note - (1) default value is platform dependent. (2) Enabling data fork scanning carries a slight performance overhead and so is only recommended on platforms where OS8/OS9 viruses may be encountered. OF95DecryptHandling, U32, on Password-protected Office 95 documents are encrypted with a very simple algorithm. Enabling this option causes the virus engine to break this encryption to search for viruses. O PowerPointEmbedded Handling, U32, on Enables the scanning of files embedded within Microsoft PowerPoint presentations. O PowerPointMacro Handling, U32 on Enables the scanning of macros in PowerPoint presentations. O SrpStreamHandling, U32, on Deals with another type of data within Office documents. O StrictPdf, U32, off Causes SAVI to report .FORMAT NOT SUPPORTED if the Virus Engine encounters data in a PDF file encoded with an unrecognised 'custom filter'. Default is to scan the stream without decoding it. StrongPdf, U32, off Causes SAVI to report. CORRUPT if it encounters sections within a PDF file which cannot be interpreted by the Threat Engine. Page 14
SAVI SDK Definition Description Grp TnefAttachment Handling, U32, off Enables decoding of files encoded with the Microsoft TNEF format, used by some mail client applications. I TnefEmbedHandling, U32, off Enables scanning of TNEF files embedded within another mail file. The Microsoft TNEF format is used by some mail client applications. UTF16, U32, on Enables scanning of web pages created using UTF16 (Unicode) character encoding. I VBA3Handling, U32, on Enable the scanning of versions of Microsoft Visual Basic for Applications embedded in supported file types, like Office and Visio documents. O VBA5Handling, U32, on Enable the scanning of versions of Microsoft Visual Basic for Applications embedded in supported file types, like Office and Visio documents. O Vba5Dir Option currently unimplemented O VbaOnly, U32, off Enable scanning of files containing only Visual Basic for Applications (e.g. PowerPoint PPA files). O VbaTable, U32, on Enables scanning of Word document table streams. Vba5p, U32, on Enables detection of macros in p-code (compiled Visual Basic) as well as in Visual Basic source code. O VbFiltering, U32, off Enables canonicalisation of Visual Basic code. This increases the detection efficiency of the other Visual Basic for Applications (VBA) plugins. I VisioEmbedHandling, U32, off Enable scanning of files embedded inside Microsoft Visio documents. O ZipUseChd, U32, on Improves reliability of scanning of Zip files created in a nonstandard way (local file directory invalid). 2.3.6 Threat data and updating Definition Description AllowPartialVirusData U32, off By default, errors in loading virus data are treated as fatal and scanning is not allowed. Setting this option to 1 means such errors are treated as warnings, and scanning using a partial virus data set is possible. IdeDir, STR, default is The passed string defines the full path name of the directory Page 15
SAVI SDK Definition Description platform-specific in which SAVI should search for IDE files. The name must not have a trailing separator character. VirusDataDir, STR, default is platform-specific The passed string defines the full path name of the directory in which the main virus data file is located. The name should not have a trailing directory separator character. VirusDataName, STR, “vdl” The passed string defines the name of the virus data file. This name should not include a directory component (this is defined by the VirusDataDir setting) or a file extension. For example, if the main virus data file name is vdl.dat then this string should be passed as “vdl”. BlockOnUpdate, U32, on Controls whether the Sweep and Disinfection functions will block, or not, during an update. If non-blocking is selected, an error, SOPHOS SAVI ERROR WOULDBLOCK is returned to the client. (Win32 only). VirusDataIntegrityChecking, Enables advanced verification of Threat Data. U32, off 2.3.7 Detection and cleanup control Definition Description ApplicationControl, U32 off Enable reporting of clean applications using names prefixed with ‘Appc/’. Note: these are reported using the same mechanisms as for threats and it is essential that a client application enabling this option must check for Appc reports to prevent reporting clean applications as threats. BehaviourMalware, Enable generic detection of malware based on Sophos U32, on Behavioural Genotype Detection. Note- detection of malware will be significantly reduced if this option is turned off. DelVBA5Project, U32, on Causes the entire project containing any viral macros to be removed during disinfection. EarlySxlLookup, U32, off SXL Live Protection lookups are triggered by threat data run on a stream derived from what was passed to the Sweep*() function. Setting this option causes a lookup at a much earlier stage in the scan. The response can then influence the progress of the scan. Note: SXL lookups must be enabled in order to use this feature. Page 16 Grp
SAVI SDK Definition Description Grp Emulation, U32, on Enables the 16-bit x86 emulation engine, which assists in the detection of polymorphic executable file viruses. Sophos recommends this option should be turned on. E ExecFileDisinfectio n, U32, on Some executable file viruses can be removed from files fairly safely. This option enables that process. Sophos recommends that infected executables are replaced from the original installation disks as soon as possible. D ExtensiveScan, U32, off Normal scanning behaviour is to only switch to ""extensive"" scan mode when initial file analysis indicates that this is necessary (e.g. strangely formed EXE header). This option overrides the tests and performs a full ""extensive"" scan on every file. Note - Enabling this option will result in scans taking longer and could generate an occasional false positive report of a threat. Sophos recommends that this option is only enabled when performing an in-depth analysis of suspicious files. FullMacroSweep, U32, off Enables a fallback mechanism that has been deployed in the past when new file structures are encountered. Sophos recommends that you keep this option turned off. FullSweep, U32, off Enables full sweeping, which performs extensive fixed pattern matching as well as the standard intelligent virus search. Turning on this option may have severe performance implications. OpenMacRf, U32, on Enables detection and opening of Mac resource forks in all file types scanned. PeEmulator, U32, on Enables the 32 bit executable emulator. This is required to support some advanced virus detection modes in 32 bit executable files. E ScrapObjectHandli ng, U21, on Enables the handling of scrap objects that are used in the transfer of data between certain applicati
option type. As with SAVI option names, the value string is an LPCOLESTR data type, and can therefore point to 8 or 16 bit data. When changing a SAVI configuration option, both the name and the type must be passed through the SAVI API. 2.2.2 Option classes Most SAVI options simply affect a single SAVI object and can be modified, read back and
HTTPS Sophos UTM Manager IP Address 192.168.2.200 Sophos UTM (UTM01) Port 4433 Ext. IP Address 65.227.28.232 WebAdmin Port 4444 Port 4433 InternetInte Sophos UTM (UTM03) Sophos UTM (UTM04) Sophos UTM (UTM02) Sophos UTM (UTM06) Sophos UTM (UTM07) Sophos UTM (UTM05) Sophos UTM (UTM08) Customer/Of ce 1 Customer/Of ce 2 Port 4422 Gateway Manager
This section describes the Sophos products required for managed endpoint security: Sophos Enterprise Console Sophos Update Manager Sophos Endpoint Security and Control 2.1 Sophos Enterprise Console Sophos Enterprise Console is an administration tool that deploys and manages Sophos endpoint software using groups and policies.
Sophos Server Protection Sophos Email Protection EMC NetApp Sophos for Network Storage ストレージサーバー 外部用サーバー SafeGuard Sophos Anti-Virus for vShield - VDI Windows Mac Linux Windows クライアント 支店 / 支社 2 Sophos RED Sophos Wi-Fi Ac
Sep 21, 2018 · Sophos Anti-Virus for NetApp Storage Systems 4 Before you install Sophos Anti-Virus for NetApp Storage Systems Before installing Sophos Anti-Virus for NetApp Storage Systems, you need to do the following: Install Sophos Endpoint Security and Control (antivirus component only
EventTracker: Integrating Sophos UTM 11 Figure 11 . Verify Sophos UTM Alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Alerts. 3. In the Search field, type ' Sophos UTM ', and then click the Go button. Alert Management page will display all the imported Sophos UTM alerts. Figure 12 . 4.
This guide is intended to help you install and get up and running with Sophos iView v2. Reports for Device Type iView v2 provides reports for following device types: - Sophos Firewall OS - Sophos UTM 9 - CyberoamOS Licensing Sophos iView licenses are available in multiple tiers based on storage requirements and support terms
Sophos XG Firewall v 15.01.0 – Release Notes Sophos XG Firewall Web Interface Reference and Admin Guide v17 For Sophos Customers Document Date: October 2017
Sophos Central Admin 2 Activate Your License When you buy a new license, you need to activate it. You do this in Sophos Central (unless a Sophos Partner handles license activation for you).
