Sophos Endpoint Security and Control: components and services
This article describes the components that make up Endpoint Security and Control, and the services which it uses. Some of these are located on the server, some on the client computers, and some on both.
Components
- Enterprise Console
- EM Library
- MSDE database ("SOPHOS")
- Remote Management System
- Sophos Certificate Manager
- Sophos
Anti-Virus - Sophos AutoUpdate
Server components
The following components are located on the server:
- Enterprise Console
This is the main management console. Use this to specify policies, including updating, scanning, and anti-virus management on client computers. For more information, see Endpoint Security and Control: administration consoles. - EM Library
This component downloads updates from the Sophos databank and deploys them to local and/or remote Central Installation Directories (CIDs). For more information, see EM Library: overview. - MSDE/SQL database ("SOPHOS")
This stores all the information that the Enterprise Console requires. This includes alerts, configuration options, the status of SophosAnti-Virus , and computer lists. If it is removed, all computer information will be lost from the console. - Remote Management System (RMS)
This provides the communications channel between the server and the client computers, enabling them to be centrally managed. - Sophos Certificate Manager
This issues 'certificates' to communications established by the Remote Management System. These certificates provide confirmation to network computers that the instructions they receive are genuine.
Client computer components
The following components are located on the client computers. These will also be present on the server if it is protected with Sophos
- Sophos
Anti-Virus
This component scans files for viruses, suspicious files and behaviors, spyware, adware, and unauthorized software. Sophos Anti-Virus provides all the detection, disinfection and reporting features on the workstations. - Sophos AutoUpdate
This keeps SophosAnti-Virus and the Remote Management System up to date. It does this by downloading updates from either a CID maintained by EM Library, or the Sophos webCID. - Remote Management System (RMS)
See above. RMS on client computers reads the information on the certificates issued by the server. - Sophos Client Firewall (if licensed)
This component stops zero-day threats and prevents intrusion by hackers. Note: The client firewall is not installed on servers. For more information, see Sophos Client Firewall: overview.
Services
A number of services are used on both the server and on client computers. The following lists the services, together with the filename of each, and their dependencies.
Server services
The following services run on the server. However, some of these will only be present on the server if it is protected with Sophos
- Sophos Agent
This manages the SophosAnti-Virus service on the client computers. The Sophos Agent sends and receives messages to the Sophos Management Service via the Remote Management System.
Filename: ManagementAgentNT.exe - Sophos Certification Manager
This service issues client computers with certificates. Certificates are used to digitally sign messages to assert that messages sent between Sophos Message Routers are genuine. When a client computer becomes managed, it requests a certificate from the Sophos Certification Manager.
Filename: CertificationManagerServiceNT.exe
Dependencies: none - Sophos EMLibUpdate Agent
This allows EM Library to communicate with the Sophos Management Service to ascertain when the last update took place.
Filename: EMLibUpdateAgentNT.exe
Dependencies: none - Sophos Enterprise Manager Scheduler
This service schedules when EM Library will perform downloads. It calls Dllloader.exe when a download is due, which in turn brings about the update.
Filename: schdsrvc.exe.
Dependencies: RPC service - Sophos Management Service
This service manages the status of the system, sending information via the Remote Management System. Network computers send information about themselves to the Sophos Management Service which records it in the database.
The Sophos Management Service also sends information to network computers, instructing them (for example) to update, install or change their configuration.
Filename: MgntSvc.exe
Dependencies: RPC service - Sophos Message Router
This service provides communication between various components. Its main purpose is to send and receive information between the server and managed computers. It also queues messages if the network goes down. Sophos Message Router is also used by client computers.
Filename: RouterNT.exe
Dependencies: none - SQLAgent$SOPHOS
This service controls the MSDE database where all the data is stored.
Filename: sqlagent.EXE -i SOPHOS
Dependencies: none
Client computer services
- Sophos Agent
Sophos Agent provides the interface between SophosAnti-Virus (SAV) and the local message router. It sends SAV messages to the server and receives SAV configurations from the server through the Remote Management System.
Filename: ManagementAgentNT.exe - Sophos
Anti-Virus (SAV)
This service starts and runs anti-virus software components, including the on-access scanner.
Filename: SavService.exe
Dependencies: RPC service - Sophos
Anti-Virus Status reporter
On a Windows XP Service Pack 2 (SP2) computer, this service reports to the Windows Security Center (WSC) giving it information about SophosAnti-Virus . On computers without the WSC, the service runs but does nothing.
Filename: SAVAdminService.exe
Dependencies: none - Sophos AutoUpdate Service
This service monitors a Central Installation Directory and updates SophosAnti-Virus whenever the CID has changed. This service downloads all updates.
Filename: ALsvc.exe
Dependencies: RPC service - Sophos Message Router
This service provides communication between various components. Its main purpose is to send and receive information between the server and managed computers. It also queues messages if the network goes down.
Filename: RouterNT.exe
Dependencies: none
If you need more information or guidance, then please contact technical support.
- Article ID: 13029
- Created: 29 Apr 2005
- Last updated: 31 Mar 2008
