"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The command-line utility ExportConfig.exe enables you to retrieve policies from the Console and save them as XML configuration files. These XML configuration files can be used to centrally configure unmanaged computers, or to implement features not available from the console.
This article explains how to use the utility to extract/export the existing console policies and then advises what you must do to re-apply the exported policies to a distribution point (CID) so the endpoint computers can implement the new configuration.
Note: The user account you run the ExportConfig.exe utility as must be a member of the Sophos Console Administrators Windows security group. Check that you are a member of this group before attempting the instructions below.
Known to apply from the following Sophos product(s) and version(s) ExportConfigEnterprise Console 5.0.0
C:\Program Files\Sophos\Enterprise Console\
C:\Program Files (x86)\Sophos\Enterprise Console\
To show the usage options type: exportconfig.exe
The usage options shown are:
Usage: Command line: ExportConfig.exe -type <AU, SAV, SCF, NTP, ExploitPrevention, SAC, DATC, DEVC, TP or LEGAU> [-policy <policy>] [-output <filePath>] [-backwardsCompatable] Where policy is the name of the policy or not specified for Default. Please note that for NTP policies only the default policy can be exported. -backwardsCompatable : Use a format backwards compatable with SAV 5
The table below lists each policy type and its short name which can be used after the -type parameter.
1Can only be exported from SEC 5.4.1 and only exports the Default policy. Is contained within the Anti-Virus and HIPS policy settings. 2It is not possible to export these policy types. 3Can only be exported from SEC 5.5.0. Cannot be applied until the SUM 1.6.2 release.
The naming of the output file is important. The table below shows what each policy's output file must be called.
Note: The output file names are case sensitive.
The table below show some examples of common usage.
exportconfig.exe -type au -output C:\sauconf.xml
exportconfig.exe -type sav -output C:\savconf.xml
exportconfig.exe -type sav -policy "my av policy" -output C:\savconf.xml
exportconfig.exe -type datc -policy HRDataControlPolicy -output C:\savconfdatac.xml
If the policy is successfully exported you will seen the following shown on screen: Policy successfully exported.
Policy successfully exported.
Policy named "Default" does not exist in database.
Policy named "mypolicy" does not exist in database.
Error: Invalid command line at:
Error: Type must be AU, SAV, SCF, NTP, SAV, DEVC, DATC or LEGAU.
In order for an endpoint computer to copy down and implement the configuration in the exported policy you must:
You must copy the output configuration file to the correct sub-folder in the distribution point. Use the table below to see which policy file needs to be copy to which folder.
Note: The main (parent) folder of the sub-folders is: \\SERVER\SophosUpdate\CIDs\[serial number]\
The special utility called ConfigCID.exe has been made available so that a distribution point (or CID - Central Installation Directory) can be programmed to recognize new configuration files. For more information in using ConfigCID.exe see article 13112.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.