"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Issue On machines installed with the SafeGuard Device Encryption Client and activated Power-On Authentication (POA), upon rebooting the machine, Wake on LAN (WoL) stops at the Power On Authentication (POA) and does not continue booting to the Operating System.
Known to apply to the following Sophos product(s) and version(s) SafeGuard Management Center / Local Policy EditorSafeGuard Device Encryption
Following changes need to be performed in the SafeGuard Secure Wake on LAN policy to configure and setup SafeGuard Secure Wake On LAN:
The 'Secure Wake On LAN' policy enables the client to prepare for software roll-outs in which the necessary parameters (such as temporary deactivation of POA and a time interval for WOL) can be imported directly into, and analyzed by, the client. The roll-out team can design a scheduling script using the commands provided, to guarantee maximum client protection despite deactivated POA. Please note: Deactivating the POA, even for a limited number of boot processes, reduces the level of security for your system. Example: The Software roll-out team notifies the SafeGuard Enterprise Security Officer (SO) about a planned roll-out for the 25th September 2010 between 03:00 and 06:00 am. 2 reboots are required.
The local software roll-out agent must be able to log on to Windows.
The security officer sets the time interval to 12 o'clock midday on the day before the software roll-out, to allow the scheduling script SGMCMDIntn.exe to be started promptly, and WoL starts no later than the 25th September at 3:00 am.
Starting 24th Sept.2010, 12:15 am,
Starting 26th Sept.2010, 09.00 am
The software roll-out script is dated 25.09.2010, 03:00. WOL can be explicitly deactivated again at the end of the script using SGMCMDIntn.exe -WOLstop.
All clients that log in before the 24th of September 2010 and which connect to the roll-out servers, will receive the new policy and the scheduling commands.
Any client on which the schedule triggers the command SGMCMDIntn -WOLstart between 24th Sept. 2010,12:00 midday and 25th Sept. 2010, 06:00 am falls within the WOL time interval and therefore Wake on LAN will be activated.
This defines the number of reboots while Power-on Authentication is switched off for WoL. This setting temporarily overrides the “Enable Power-on Authentication” setting until the automatic logons reach the preset number. Power-on Authentication is then reactivated. For example:
Hint: For Wake On LAN, Sophos always recommends allowing three more reboots than necessary to overcome any unforeseen problems.
This determines whether Windows logon is permitted during a Wake On LAN, e.g. for a software update. This setting is analyzed by the POA.
Date and time can either be selected or input for the start and end of the Wake On LAN (WOL).
Date format: MM/DD/YYYY Time format: HH:MM
The following input combinations are possible:
WOL start: The starting point for the WOL in the scheduling script must be within the time interval set in the policy. If no interval is defined, WOL is not locally activated on the SGN Client. WOL stop: This command is carried out irrespective of the final point set for the WOL.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.