Using Ranger with Sophos Anti-Virus

Question

How do I install Ranger to work with the Sophos Anti Virus software

Symptoms

Ranger security may disrupt the normal functioning of the Sophos anti virus software due to the location from which the Sophos software runs.

Resolution

Instructions

Ensure that Ranger's path limitations do not include the "c:windowstemp" directory, as the Sophos program ICSupp95.exe runs from this location.

Usually, path limitations are configured to stop users running application executable files from certain locations.

The default list includes:

a:
h:
c:windowstemp
c:winnttemp

- the floppy
- the users home drive
- the Windows temporary directory which is used for running applications downloaded from the web or email attachments


This list ensures that in a typical "secure" configuration users cannot run their own programs, but can use the floppy and their home drive to store, copy and work with files.

Sophos' update method

The auto-update feature of Sophos is a DOS program. Generally DOS programs are restricted on Ranger systems via system policies to stop users accessing low level DOS commands.

It may be necessary to disable Sophos' auto-update since groups with strict security generally have DOS restricted via the standard "Disable MSDOS" registry setting and/or an application check that closes down any DOS windows.

The registry setting is usually configured either with Microsoft System Policy Editor or from within RangerAdmin via the Windows.adm imported into Ranger Profiles.

The DOS application check is configured via the Security section of RangerAdmin.



Removing the "MSDOS" entry from the right-hand list will stop DOS windows being detected and closed down by Ranger.


If MSDOS is enabled via policies and not banned as an application it may still be possible to configure some degree of security against users running their own unauthorised DOS sessions:


Use title checks with exceptions to detect windows with "MSDOS prompt", "command.com" or "cmd.com" as illegal text anywhere in the title, but with text such as "Update" as an exception.


This will close down all DOS windows except those with the text "Update" in the title. This will need specific configuration depending on the exact programs and text in the Window title.

Testing

N/A