Sophos Endpoint Security and Control: components and services

This article describes the components that make up Endpoint Security and Control, and the services which it uses. Some of these are located on the server, some on the client computers, and some on both.

Components

• Enterprise Console
• Management Server
• SQL database ("SOPHOS")
• Remote Management System
• Endpoint Security and Control

Server components

The following components are located on one or more servers:

• Enterprise Console
  This is the main management console. Use this to download software and updates to your threat detection data, specify policies, including updating, scanning, and anti-virus management on client computers. For more information, see Endpoint Security and Control: administration consoles.
  
  
• Management Server
  The Management Server is the main application, which coordinates database updates, software updates and messaging throughout the system. By default, the Management Server is installed on the same server as Enterprise Console; however it can be installed on its own with Enterprise Console installed on any computer capable of connecting to the Management Server. This installation of Enterprise Console is called a 'remote console'.
  
  
• SQL database ("SOPHOS")
  This stores all the information that the Enterprise Console requires. This includes alerts, configuration options, the status of Sophos Anti-Virus, and computer lists. If it is removed, all computer information will be lost from the console.
  
  
• Remote Management System (RMS)
  This provides the communications channel between the server and the client computers, enabling them to be centrally managed.
  
  

Client computer components

The following components are located on the client computers. These will also be present on the server if it is protected with Sophos Endpoint Security and Control.

• Endpoint Security and Control
  This component scans files for viruses, suspicious files and behaviors, spyware, adware, and unauthorized software. Sophos Anti-Virus provides all the detection, disinfection and reporting features on the workstations.
  
  
• Sophos AutoUpdate
  This keeps Sophos Anti-Virus and the Remote Management System up to date. It does this by downloading updates from either a CID maintained by EM Library, or the Sophos webCID.
  
  
• Remote Management System (RMS)
  See above. RMS on client computers reads the information on the certificates issued by the server.
  
  
• Sophos Client Firewall (if licensed)
  This component stops zero-day threats and prevents intrusion by hackers. Note: The client firewall is not installed on servers. For more information, see Sophos Client Firewall: overview.

Services

A number of services are used on both the server and on client computers. The following lists the services, together with the filename of each, and their dependencies.

Server services

The following services run on the server. However, some of these will only be present on the server if it is protected with Sophos Anti-Virus:

• Sophos Agent
  This manages the Sophos Anti-Virus service on the client computers. The Sophos Agent sends and receives messages to the Sophos Management Service via the Remote Management System.
  Filename: ManagementAgentNT.exe
  
  
• Sophos Certification Manager
  This service issues client computers with certificates. Certificates are used to digitally sign messages to assert that messages sent between Sophos Message Routers are genuine. When a client computer becomes managed, it requests a certificate from the Sophos Certification Manager.
  Filename: CertificationManagerServiceNT.exe
  Dependencies: none
  
  
• Sophos Management Service
  This service manages the status of the system, sending information via the Remote Management System. Network computers send information about themselves to the Sophos Management Service which records it in the database.
  The Sophos Management Service also sends information to network computers, instructing them (for example) to update, install or change their configuration.
  Filename: MgntSvc.exe
  Dependencies: RPC service
  
  
• Sophos Message Router
  This service provides communication between various components. Its main purpose is to send and receive information between the server and managed computers. It also queues messages if the network goes down. Sophos Message Router is also used by client computers.
  Filename: RouterNT.exe
  Dependencies: none
  
  
• SQLAgent$SOPHOS
  This service controls the SQL database where all the data is stored.
  Filename: sqlagent.EXE -i SOPHOS
  Dependencies: none

Client computer services
The following services run on the client computer:

• Sophos Agent
  Sophos Agent provides the interface between Sophos Anti-Virus (SAV) and the local message router. It sends SAV messages to the server and receives SAV configurations from the server through the Remote Management System.
  Filename: ManagementAgentNT.exe 
  
  
• Sophos Anti-Virus (SAV)
  This service starts and runs anti-virus software components, including the on-access scanner.
  Filename: SavService.exe
  Dependencies: RPC service
  
  
• Sophos Anti-Virus Status reporter
  On a Windows XP Service Pack 2 (SP2) computer, this service reports to the Windows Security Center (WSC) giving it information about Sophos Anti-Virus. On computers without the WSC, the service runs but does nothing.
  Filename: SAVAdminService.exe
  Dependencies: none
  
  
• Sophos AutoUpdate Service
  This service monitors a Central Installation Directory and updates Sophos Anti-Virus whenever the CID has changed. This service downloads all updates.
  Filename: ALsvc.exe
  Dependencies: RPC service
  
  
• Sophos Message Router
  This service provides communication between various components. Its main purpose is to send and receive information between the server and managed computers. It also queues messages if the network goes down.
  Filename: RouterNT.exe
  Dependencies: none