Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
This FAQ article provides information on Sophos Central Server Lockdown.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Central Admin
No, Server Lockdown is not suitable for all server environments as it will prevent certain actions taking place. For example, if you host scripts on the server that are regularly updated, or host an application used by other computers where data is regularly modified/updated.
It is recommended that you test Server Lockdown in your environment to confirm suitability
A prerequisite of Server Lockdown is:
If the server already has the Sophos Agent installed:
If the server has no Sophos Agent installed:
The following operating systems are supported by Server Lockdown:
Before continuing with this step the recommendation is to define the policy required on the server. See the What Policies can be set for Server Lockdown? for further information.
Once the policy has been configured, navigate to Server Protection > Servers and either:
A Lock Down message will appear on screen:
Note: If performing Windows updates before locking a server, refer to Steps required if performing a Windows Update prior to locking a server in Sophos Central Server Lockdown - Known issues.
Select Begin Lockdown to continue with the installation and Lockdown process. During installation, you will see different status messages such as:
Once the process completes, the following status will be reported:
Yes, when opening the Sophos Endpoint interface, click on About and the Lockdown status is display next to the version of Lockdown:
There are two configurable Policies for server lockdown as shown below:
While changes can be made whilst a server is running through the lockdown procedure, the recommendation is to delay the installation of any software or the running of any new executables until the server is Locked. Not doing this will result in the software/executables being blocked the next time they are run.
To remove Server Lockdown run through the following steps:
Note: Removing Sophos Lockdown from the server requires a reboot in order to fully remove the product. Whilst this does not require immediate action failure to do this will prevent subsequent installations of the Sophos Server Lockdown product. A generic Update failed alert may also appear in Sophos Cloud until the reboot takes place.
New evaluations of Sophos Cloud will automatically receive an evaluation Server Protection license in order to trial Server Protection and Server Lockdown. This can be seen under Licensing and will be in addition to any other licenses.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.