Preparing your Sophos Enterprise Environment
Most corporates have got fairly well defined and enforced anti virus policies - for Windows. Since Macs are becoming more and more common place on the corporate network you need to make sure that they do not become an infection point. This article will go through what is necessary to add support for Mac OS X machines to your existing Sophos deployment.
Adding the subscription to a Update Manager
This will download and configure the Sophos binaries that will be deployed to the Max machines.
- From the Sophos Enterprise Console
- Click Update managers
- Next to Software Subscriptions click the add button
- Provide a friendly name for the suvscription
- Under platforms check Mac OS X
- Select the "Recommended" version
- Select the desired update manager
- Right Click - Edit configuration
- Select the Subscriptions tab
- Add the new Mac OSX subscription
- Select the Distibution tab
Check that there is at least one share listed for the new subscription. Keep a note of this location as this is where you will initiate your installation from.
Once this is done you will need to wait for the binary files to be downloaded before you can deploy. This is a good time to carry on configuring the management settings.
Since the policies that you want to apply to Mac machines will be significantly different to PCs I would recommend setting up a dedicated AntiVirus and HIPS policy
From the Sophos Enterprise Console
Create a new updating policy
- Check that the primary server is the same as you configured above
- From the Subscriptions Tab select the new subscription created above
- On the Schedule tab change the interval for checking for updates.
Create a new Anti-Virus and HIPS policy
- These are by default configured for Windows. so there are a few places you will want to edit the defaults
- Configure the on Access scanning as required
- The main item to change is in the Scan for section
- Ensure you check "Macintosh Viruses"
- I also always change the Check files on and Cleanup settings
- Remember that Mac exclusions are in a separate tab
Create a Group and Assign the Policies
Create a new group for the Mac machines
- Right click and "View edit group policy details
- Select the two policies you created earlier
Your environment should now be setup to manage your Mac machines once they have been installed and come online.
Installing the Sophos Client
Copy the files locally to start the install. (The process below is my quick and easy version)
- Open Safari and in the address bar put the address of your distribution point you took note of earlier
- eg. sbm://sophos03/SophosUpdate/CIDs/S008
- Copy the ESCOSX folder to the local machine
- Open the folder and execute the Sophos Antivirus.mpkg
- Step through the wizard
Next up you will want to confirm that the machine is showing up in the management console.
To establish what the machine's netbois name is
Go to System Preferences - Networks - Advanced - WINS
Managing the Mac OS X devices
Like Windows devices once the machine is up and running it will start communicating with the server. From the Sophos Enterprise console expand group
- Select Unassigned
- You should now see the Mac machine listed there
- You can confirm by checking the Netbios name and also by looking at the other filed in the Computer Details tab
- Drag the MAc to your Mac group your created earlier
When the settings are being applied to the Sophos client you will see a notification appear
Adding support for Max OS X devices is relatively straight forward. Managing them is the same as managing a Windows PC. Support for this can be added with minimal training. It is an absolute no brainer for me - if you already have a Sophos environement for Windows use it for Mac. As the client base of Apple continues to grow so does the attractive ness of the platform for malware writers. The fact that these devices are poorly protected makes the target even bigger on their backs.