+ Post New Thread
Results 1 to 9 of 9
Windows Thread, Sophos Anti Virus Service And Ghost in Technical; We use Sophos as our Anti-Virus solutions and Symantec Ghost 7.5 to image the stations. When the station image has ...
  1. #1

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,897
    Thank Post
    351
    Thanked 1,289 Times in 881 Posts
    Blog Entries
    4
    Rep Power
    1128

    Sophos Anti Virus Service And Ghost

    We use Sophos as our Anti-Virus solutions and Symantec Ghost 7.5 to image the stations. When the station image has been completed and the new image is sent to the station I invariably have to go to each station in turn to modify the Sophos Anti-Virus service logon properties (see attached picture) It is always set to logon with 'This account' (NT AUTHORITY\LocalService) no natter how I prepare the image. This works fine on the virus detection side of thing as far as I can tell, but gives problems when the station is reporting back to Sophos Console. When I adjust this setting to logon with 'Local System account' the issue is resolved.

    Sophos details: Sophos Enterprise Console Version: 2.0.0.1447
    Sophos Anti-Virus version: 6.0.5

    Windows details: Windows XP Pro SP2: All security patches upto date.

    How can I prepare the images so that I do not have to go through this song and dance evey time I re-image?
    Attached Images Attached Images

  2. #2
    limbo's Avatar
    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    460
    Thank Post
    2
    Thanked 41 Times in 36 Posts
    Rep Power
    25

    Re: Sophos Anti Virus Service And Ghost

    Could you instead create the image without Sophos and then set it to install when it is first booted up? This way if ever they make a major change to the software (like the one earlier in the year) then it will not effect the ghost image.

    We do not use Ghost anymore to set up our machines, but even when we did Sophos was always an "afterwards" install just to make certain it was up to date.

    We push it out through GP so that any PC that connects to the domain has no choice but to install it no matter where the OS got installed.

  3. #3

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,897
    Thank Post
    351
    Thanked 1,289 Times in 881 Posts
    Blog Entries
    4
    Rep Power
    1128

    Re: Sophos Anti Virus Service And Ghost

    Quote Originally Posted by limbo
    Could you instead create the image without Sophos and then set it to install when it is first booted up?
    Yes this is a possibility, and one I think I may have to go with. But not yet, as we are in the middle of some major network changes and I don't want to add more complications to a job which is already badly screwed. As I said in the original post Sophos works well enough, I think, it's just reporting I am worried about, So I will limp on am I am for now.

  4. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,611
    Thank Post
    647
    Thanked 1,616 Times in 1,446 Posts
    Rep Power
    421

    Re: Sophos Anti Virus Service And Ghost

    Is allocating it via a gpo better than pushing it out with the sophos console?

    I suppose it would be because no matter when a pc was rebuilt then it would always install the sophos msi.

    Use the sophos em library to keep the interchk share up to date and use gpo to install the software from that share.

    Ben

  5. #5
    limbo's Avatar
    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    460
    Thank Post
    2
    Thanked 41 Times in 36 Posts
    Rep Power
    25

    Re: Sophos Anti Virus Service And Ghost

    we find the GPO better because it needs no intervention - when we reinstall a PC (which is pretty rare these days) or put a new one on the network (90 this half term and counting) you see it install just before the login box comes up so you know it is done.

    What we actaully do is install just sophos update at this point, and then that does the rest.

    Then a once a week check on the sophos console to make sure everything is working to double check.

  6. #6

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,611
    Thank Post
    1,496
    Thanked 1,051 Times in 920 Posts
    Rep Power
    303

    Re: Sophos Anti Virus Service And Ghost

    Sophos's KB has some info on Ghosting / Imaging machines iwth Sohpos. Each machine is issues with a GUID from RMS on the Sophos Server, each machine you ghost, even when SID changing still has that same GUID, so the console sees all your machines as identical machines and goes OMG AAARGH!!!!! Basically its 2 reg keys to delete and a couple of files if I remember correctly from when I used to do it that way. I now just deploy straight from the console, much easier.

  7. #7

    Join Date
    Jul 2005
    Location
    North Wales
    Posts
    54
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Sophos Anti Virus Service And Ghost

    the batch file I use to fire off sysprep includes these lines to cure the duplicate sophos GUID problem (it then goes on to copy the c:\sysprep folder depending on which mini-setup I want it to run when it reboots)

    Code:
    net stop "Sophos Anti-Virus"
    net stop "Sophos Anti-virus Status Reporter"
    net stop "Sophos Message Router"
    net stop "Sophos Agent"
    net stop "Sophos AutoUpdate Agent"
    net stop "Sophos AutoUpdate Service"
    
    reg delete "HKLM\Software\Sophos\ALC Agent\Private" /v pkc /f
    reg delete "HKLM\Software\Sophos\ALC Agent\Private" /v pkp /f
    reg delete "HKLM\Software\Sophos\Messaging System\Router\Private" /v pkc /f
    reg delete "HKLM\Software\Sophos\Messaging System\Router\Private" /v pkp /f
    reg delete "hklm\Software\Sophos\Remote Management System\ManagementAgent\Private" /v pkc /f
    reg delete "hklm\Software\Sophos\Remote Management System\ManagementAgent\Private" /v pkp /f
    del "c:\Program Files\Sophos\Sophos Anti-Virus\cidsync.upd"

  8. #8

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    292
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Hi Folks,

    It appears that we are getting the same issue with our Ghost Images and Sophos not talking to the Remote Server correctly (i.e. Seeing all the stations as the same machine!)

    Do you know if I can use the batch file that "Lord_Edam" has provided on computers AFTER they have all been sysprep'ed and working. I.E. can I run it from a GPO as a Startup or Login script on the computers all will this cause further problems once the machines are connected to the domain.

    If so, are there any other methods of fixing this problem VIA a script/GPO to all our machines that have been imaged without having to go to each machine and re-install SOPHOS.

    Thanks

    Matt

  9. #9

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    292
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    I tried it out anyway and it seems to be working OK. set it up as a computer startup script, but just added at the end of the script some NET START commands to kick the services back in again!

    Cheers

    Matt

SHARE:
+ Post New Thread

Similar Threads

  1. What Anti Virus do you use on your home pc's?
    By tosca925 in forum General Chat
    Replies: 52
    Last Post: 5th June 2008, 05:11 PM
  2. eTrust anti-virus
    By localzuk in forum Windows
    Replies: 2
    Last Post: 2nd March 2007, 10:45 AM
  3. Anti-spyware, virus, etc... ??
    By contink in forum How do you do....it?
    Replies: 2
    Last Post: 14th August 2006, 10:54 PM
  4. Pen Drive Anti-Virus
    By RobC in forum Windows
    Replies: 24
    Last Post: 18th November 2005, 08:43 AM
  5. Anti-Virus Software
    By Mango_RW in forum Windows
    Replies: 21
    Last Post: 22nd June 2005, 11:11 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •