The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The Sophos Messenger application enables Sophos to message administrators of Enterprise Console, Sophos Enterprise Manager and Control Center with important information.
Applies to the following Sophos product(s) and version(s) Enterprise ConsoleSophos Control CenterSophos Enterprise Manager
Sophos Messenger allows direct communication with the users of Enterprise Console, Control Center and Enterprise Manager via the use of pop-up messages on the Sophos management server. Messages are displayed for all members of the Microsoft Windows ‘Sophos Console Administrators’ security group, where certain conditions of the message are met. As an example, Sophos may choose to message specific users that we are retiring a certain product.
Note: These messages will only be displayed on management server computer and will not be displayed on computers running a remote console.
To improve communication with Sophos administrators, ensuring users are made aware of important information relating to Sophos products in a timely manner. This communication channel is for important life-cycle information or for scenarios where we need to message the Sophos administrator as a matter of urgency. It will not be used for marketing purposes.
After considering the message it may be that no action is required and it is information only. Commonly a message links to a knowledgebase article with more information.
For example, in order to communicate to all console users that may be running Sophos Anti-Virus 9.5, it is necessary to generate the alert on all versions of Enterprise Console. If the message is not relevant you can acknowledge the message to prevent it being re-displayed.
If you have a question on a message displayed feel free to post a question on our SophosTalk community.
Sophos Update Manager (SUM) has the ability, through the use of a supplemental package, to deliver and execute a custom executable (UpdatePatch.exe). Sophos Messenger will use this mechanism to copy to the computer a number of files, including an executable (Sophos.Messenger.exe), a config file (Sophos.Messenger.exe.config), an XML file (Sophos.Messenger.xml) and a dat file (scf.dat). These files will reside in and be executed from the following folder:
The XML file will contain the messages shown to the user (translated as required) and the conditions that need to be met for the message to be displayed. Possible conditions of the message being displayed include: type and version of the console, language, operating system, components installed and the message expiry time-stamp.
As UpdatePatch.exe is launched by SUM under the local system context, this gives the application the ability, on initial execution, to run the Sophos.Messenger.exe process in each logged on interactive session. To ensure that the message is displayed to users who are not currently logged in, a reference will also be added to the following registry key to ensure all ‘Sophos Console Administrators’ see the message the next time they log on to the computer.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ STRING SophosMessenger
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ STRING SophosMessenger
Once the message(s) has been displayed and acknowledged, the message(s) will not be re-displayed.
When the message is displayed/acknowledged an HTTP request to Sophos will be generated. This mechanism enables us to be sure that users have seen and acknowledged the messages and the communication channel is working.
Note: As mentioned above, this is not a tool that will be used heavily, however there is the ability to disable the execution via the registry on a per user and/or computer basis. We strongly discourage suppression of these infrequent messages as they are targeted messages with important information:
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.