Scribd
Upload
12 views

S15 - Sophos Central Endpoint and Server v3.0 - Técnico Módulo 1 - Introduction To Troubleshooting Sophos Central

Uploaded by

Marmolejo Cordoba Misael
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
12 views

S15 - Sophos Central Endpoint and Server v3.0 - Técnico Módulo 1 - Introduction To Troubleshooting Sophos Central

Uploaded by

Marmolejo Cordoba Misael
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 33

S15 - Sophos Central Endpoint and Server v3.

0 – Técnico
Módulo 1 - Introduction to Troubleshooting Sophos Central
On Windows, the client log files are in the Program Data folder. Many of the logs
are located by
component in the Program Data\Sophos directory; however Intercept X logs are in
Program Data\HitmanPro.Alert\Logs\.
The Stage 2 Installer installs all the required components in the order shown.
Which components are installed will depend on which products were selected and
whether it is being installed onto an endpoint or server.
The Competitor Removal Tool (CRT) is run by the Sophos Anti-Virus installer,
because this component cannot be installed alongside other antivirus products
without risking system instability. If another product is detected it will be removed,
and if removal fails, the installation of that component will be aborted.
If making a change to the gateway or proxy for all computers is not possible,
another solution is to
deploy an Update Cache and Message Relay on the site. If internet access over
TCP port 443 is granted for a server, then all other clients can install and update
through that server.
Firewalls need to be configured to allow TCP 8191 to communicate with the
Update Cache and TCP 8190 for the Message Relay.
To use the Update Cache and Message Relay, pass the option to the Windows
installer with -- messagerelays=<server>:8190.
It’s worth noting that CRT is only able to perform standard uninstalls for detected
products that it covers, it will not be able to remove any additional add-on features
the software may have.
You can uninstall Windows Defender Anti-Virus completely on a Windows 2016
Server with the Remove Roles and Features Wizard. A reboot is necessary as this
will unload all of the drivers for Defender. The Powershell command shown in the
slide can also be used to uninstall Windows Defender.
Following the reboot you can re-run ‘FLTMC’ to confirm that Defender has been
removed.
The ‘FLTMC’ command can potentially help when troubleshooting a performance
issue as you can view all filter drivers and identify if any other 3rd party Anti-Virus
filter drivers are still loaded.
So what do you do if the CRT doesn’t detect, or cannot remove the security
software you are using?
There are three options:
• You can raise a support request to have the software added to the CRT – this is
the recommended option, although it can take some time
• Create a custom CRT catalog that contains the information needed to detect and
remove the software
• Remove the software using a script or a vendor supplied tool

You might also like