This page does not apply to SBC 1000/2000Cloud link units featuring the Microsoft® Cloud Connector Edition application and Intel® Xeon® CPUs, because Microsoft defines alternative procedures to protect against malware.
Ribbon recommends the deployment of an approved third party anti-malware solution to SBC 1000/2000 ASMs with SBA (Applications Solutions Modules running the Skype for Business/Lync 2013 Survivable Branch Appliance application) units as an added measure of security to inspect and “cleanse” devices of viruses and ransomware, such as the 2017 WannaCry https://en.wikipedia.org/wiki/WannaCry_ransomware_attack and Petya attacks.
Ribbon approves the following Antivirus and Ransomware protection software for any SBC 1000 or SBC 2000unit with an Applications Solutions Module shipped with a Microsoft® Skype for Business/Lync Survivable Branch Appliance (SBA) application.
- Sophos® Server Protection for Virtualization, Windows and Linux
- Sophos Endpoint Exploit Prevention
Note that these are Sophos marketing titles. Depending on the country and partner/reseller, the orderable product names may differ. For example, one partner website shows the product names as Sophos Server Protection for Windows, Linux and vShield.
Sophos antimalware software contains a Management Interface (Console+Server+Update Manager) that runs in a separate Windows Server and Antivirus (Agent) software that runs in the ASM/SBA.
We recommend running the Management Interface and Antivirus separately to conserve CPU processing in ASM/SBA.
- Ribbon requires a separate off-board server (distinct and separate from the SBC 1000/2000ASM) to be the execution platform of the Sophos Management Interface. This deployment model provides the following benefits:
- A single management interface can manage multiple SBC 1000/2000's with the SBA.
- The Sophos Agent minimizes the extra processing load on the SBC 1000/2000's ASM.
The deployment of the Sophos management interface on the SBC 1000/2000ASM is not supported
- Server is reachable to the ASM node, and ready to manage the antivirus installation.
- This document assumes installation on the ASM/SBA running on Windows Server 2008 R2 and Windows Server 2012 R2.
Name Version Supported Sophos AutoUpdate 5.7.220 Sophos Limited Sophos Remote Management System 4.1.0 Sophos Limited Sophos Anti-Virus 10.7.2.49 Sophos Limited HitmanPro.Alert 3 (managed by Sophos) 126.96.36.1993 Sophos CryptoGuard 188.8.131.52 Sophos Limited Sophos System Protection 1.3.1 Sophos Limited Sophos Endpoint Defense 184.108.40.2065 Sophos Limited
Installing the Approved Sophos Anti-Malware Solution to Protect SBC 1000/2000 With SBAs
You do not need to configure or modify the ASM in order to install Sophos.
Here are the key steps performed when installing:
|Task||Installation Instructions Covered in Sophos|
Installation Instructions unique to the Ribbon SBAs
Download the Enterprise Console installer
Check the system requirements
Create the accounts you need
Prepare for installation
Install the Enterprise Console
Download security software
Create computer groups
Set up security policies
Search for computers
Prepare to protect computers
Check the health of your network
|Activate Exploit Prevention|
|Protect the ASM|
Installation Instructions Unique to the RibbonSBAs
The following are the steps to protect the SBC Edge device with an SBA-targeted ASM:
- Activating Exploit Prevention.
Protecting the ASM.
Adding Exclusions (AntiVirus File/Folder Scan Exclusion List)
Create the antivirus and Host Intrusion Prevention System (HIPS) policy with the file and folder exclusions recommended by Microsoft SBA deployments.
- C:\Program Files\Microsoft Lync Server 2010\
- C:\Program Files\Microsoft Lync Server 2013\
C:\Program Files\Skype for Business Server 2015\
C:\Program Files\Common Files\Microsoft Lync Server 2010\
C:\Program Files\Common Files\Microsoft Lync Server 2013\
C:\Program Files\Common Files\Skype for Business Server 2015\
C:\Program Files\Microsoft SQL Server\MSSQL11.LYNCLOCAL\MSSQL\Binn\SQLServr.exe
C:\Program Files\Microsoft SQL Server\MSSQL12.LYNCLOCAL\MSSQL\Binn\SQLServr.exe
C:\Program Files\Microsoft SQL Server\MSSQL11.RTCLOCAL\MSSQL\Binn\SQLServr.exe
C:\Program Files\Microsoft SQL Server\MSSQL12.RTCLOCAL\MSSQL\Binn\SQLServr.exe
Note that the preceding list of items can be saved in a file using a third party simple text editor and imported into exclusions.
Activating Exploit Prevention
Enter the Exploit Prevention credentials and activate it by performing the following steps:
Open the console and click View and then Update Managers.
In the Update managers pane, click the appropriate computer name and then View/Edit Configuration.
Click Sources > Edit. When the Source Details dialog box opens, apply the credentials and then click OK.
In the Sophos Enterprise Console - Protect Computers Wizard, select Exploit Prevention, Sophos Clean and then click Next.
Protecting the ASM
Create a group.
Add the ASM node into the group.
Note: Make sure to choose the Exclusion policy for the group and select Exploit prevent only.
This will install the Agent software with Exploit Prevention and also apply the exclusions.
|3||To verify the installation, log on to the ASM node by establishing a Remote Desktop Connection.|
|4||Find and open the installed Sophos program and then navigate to Configure antivirus > On-access scanning > Exclusion to verify the exclusions you added in Adding Exclusions (AntiVirus File/Folder Scan Exclusion List).|
|5||Confirm that the Exploit prevention is active on the Agent by viewing its listing on View Product Information.|
Sophos Anti-Malware Operation Modes