Sophos Anti-Virus for Windows NT Release Notes ---------------------------------------------- Version 3.13, September 1998 All SWEEP versions have been updated with new virus information. A list of new viruses is included in What's New on the CD or the READNEWS.TXT file on the SWEEP for DOS Installation (Disk 1). Modifications from version 3.12 ------------------------------- 1. This version detects 381 more viruses than 3.12 2. The title bar has been changed to display the product name 'Sophos Anti-Virus - SWEEP'. The About dialogue will continue to show the application name 'SWEEP for Windows NT'. Additional information ---------------------- 1. InterCheck Client -------------------- This version of the InterCheck Client supports 'on-the-fly' disinfection - though this is disabled by default. This behaviour can be modified via the "Action" page of the InterCheck Client configuration dialog. The InterCheck Client will only disinfect a file once. If after one such disinfection a file is still found to be infected then access to it will be refused. All documents reported as having been disinfected should be reviewed to ensure that the virus made no changes to the content. 2. Centralised Installation --------------------------- The installation program provides an option to install a copy of the installation disks on a file server. SWEEP for Windows NT can then be installed quickly and easily by executing the setup program from the file server. Furthermore, on computers where SWEEP for Windows NT has been installed in this manner, the update process will be invoked automatically whenever the file server installation is upgraded. 3. Disinfecting files --------------------- SWEEP for Windows NT allows administrators to disinfect files to which they do not have write access. This feature is available only for scheduled sweeps of local drives. The SWEEP service must be running using the 'system' account or if an alternative account is being used then the account must be assigned the "Back up files and directories" right together with the "Restore files and directories" right. 4. Administration Security -------------------------- An administrator can choose to set the immediate job configuration details which ALL non admin users MUST use. This can be done via the new "security" option found on the options menu when the GUI is run by a member of the administrator group on the local machine. Choosing to use this feature disables non-administrators access to the immediate job configuration data. Non-administrator users will only be able to start and stop immediate jobs and choose which of their own files they may SWEEP. The token %USER% is supported. For example, if the adminstrator wishes to copy all infected files to a central directory and keep individual users files separate then they can set the following path type in the action section of the administrator config:- \\\\\%USER% This will give a directory structure like: \\\\\\v.000 \\\\\\form.000 \\\\\\mydoc.000 \\\\\\v.000 \\\\\\v.001 \\\\\\v.002 The same token can be used in the reports directory to make individual report file names or to place users report files in separate sub-directories. The administrator defined config details are stored in the services' HKEY_USERS section of the registry (under .DEFAULT\Software\Sophos\SWEEPNT if the service is logged in as LocalSystem and under the services own user key otherwise). The .DEFAULT\Software\Sophos\SWEEPNT hive can be deployed to remote machines using swdeploy (available from Sophos). NB If you wish to select "Scheduled access to network resources" please ensure that the account used is one specific to SWEEP. Using an administrator account which may be accessed by an interactive user may cause the administrator defined configuration to be corrupted. Troubleshooting --------------- 1. Errors accessing shared CD ROM drives from remote computers -------------------------------------------------------------- After installing SWEEP for Windows NT you may encounter difficulties accessing a second shared CD ROM drive from remote computers. This is a restriction imposed by the default NT server configuration. The following registry entry is required to solve the problem. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ Parameters\IrpStackSize Type: REG_DWORD Data: 0x6 Please use REGEDT32 to modify or create this entry in the registry. You will need to restart the system before the change will take effect. If you still experience problems a larger value can be selected (maximum 12). 2. Auto-upgrade service ----------------------- To function correctly the auto-upgrade service MUST be installed as the LocalSystem account and have "Allow Service to Interact with Desktop" selected. 3. Sweep service application error ---------------------------------- Occasionally SWEEP may encounter files whose structure can lead to the service appearing to "hang" or clients losing their connections. This problem is related to checking of some types of non-template Word documents. The following registry entry will disable the checking of non-template documents. HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SweepNT\Advanced\NITB Type: REG_DWORD Data: 0x0 If problems persist set the following entry to turn off SWEEP's ability to check VBA3 documents (e.g. Excel files) HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SweepNT\Advanced\VBA3 Type: REG_DWORD Data: 0x0 Please use REGEDT32 to modify or create these entries in the registry. You will need to restart the service before the change will take effect. 4. Novell Application Launcher ------------------------------ NAL Version 2.01 and Windows NT v4. - when a user logs out and a new user logs back in NAL appears not to be clearing itself from memory. When the new user logs in the NAL launcher pops up and is blank. Solution - Exclude the file $special.net, within Options\Exclusion list on the Sweep for Windows NT GUI. 5. Intercheck Logging --------------------- For InterCheck Logging to work correctly the SWEEP for Windows NT Network Service must use an account that is able to see the InterCheck Server share. This may not be the case if the auto-upgrade option was not selected during installation. If InterCheck Logging fails to work correctly a suitable account may be selected as follows: * Go to Control Panel->Services. * Select the SWEEP for Windows NT Network Service. * Click the Startup... button. * Under Log on As: select the field This Account. * Choose a DOMAIN\User with access to the desired InterCheck Server share. * Fill in the password fields. * Click OK to confirm the change. * Stop and then Start the service. Compatibility issues -------------------- 1. NT 4.0 service pack 2 ------------------------ Important: Do not use this software with NT 4 service pack 2 unless you have installed the Microsoft hot fix KRNL40I.EXE. 2. Banyan VINES Support ----------------------- Please note that InterCheck will not check files on remote Banyan VINES drives unless the Banyan VINES network support was started at boot time. 3. PathWorks Version 4 Server ----------------------------- NT clients which use a Pathworks 4 server for the central installation directory may repeatedly auto upgrade. This problem only occurs on Pathworks 4 and not on the more recent Pathworks versions. 4. IntraNetWare Client32 v4.11 connected to a Novell 4.x server --------------------------------------------------------------- SWEEP for Windows NT may fail to auto-upgrade when the customer is using IntraNetWare Client32 v4.11 centrally installed from a Novell 4.x server. The failure is due to changes Novell have made to the NT security model when using their client software. Previously (v4.10) a service inherited the rights of the currently logged on user. This is no longer true. As a result services such as the 'SWEEP for Windows NT Network' service may not be able to access the central installation area and are therefore prevented from auto-updating. At the moment, while the security model is in a state of flux, all Sophos can suggest is that you stay with or roll-back to Client32 v4.10. If necessary you should contact Novell direct for further information. ---------------- Sophos Plc, The Pentagon, Abingdon, OX14 3YP, England Tel 01235 559933 o Fax 01235 559935 Sophos Plc, 2, Place de la Defense, BP240, 92053 Paris la Defense, France Tel 01 46 92 24 42 o Fax 01 46 92 24 00 Sophos GmbH, Am Hahnenbusch 21, D-55268 Nieder-Olm, Germany Tel 06136 91193 o Fax 06136 911940 Sophos Inc, 18 Commerce Way, Woburn, MA 01801, USA Tel 781 932 0222 o Fax 781 932 0251 Sales email sales@sophos.com Technical support email support@sophos.com Web http://www.sophos.com/