"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
When using 'Find by IP range' to search for new computers in Enterprise Console, a Windows username and password are used for the Windows network search. As with the other searches, the remote computer may not be discovered if connection fails because of a lack of a username and a password. A maximum range of 65536 addresses can be searched at any one time. Please note that the scan cannot be stopped after it has been started.
Applies to the following Sophos product(s) and version(s) Enterprise Console
The 'SNMP community' is used for SNMP queries. This is the equivalent of a password used to connect to the SNMP service. If the SNMP Community field is blank, it will default to 'public'. In most cases 'public' should work, but if the computers are configured to use a different community, then that string should be entered here. If the community is incorrect, then SNMP will fail to retrieve information about the computer.
IP discovery uses a variety of techniques for detecting computers on the network. These are:
By default, IP discovery will use ICMP, SNMP and Windows networking. The following table compares the different protocols.
Different networks have different configurations, and so may require different discovery settings. IP discovery can be configured using the Windows registry. Please read the warning about editing the registry.
The registry value: HKLM\Software\Sophos\EE\ManagementTools\IPScanSettings is a DWORD that configures the IP search. This registry value is normally absent, but creating the value and restarting the Sophos Management Service will override the default settings.
NOTE: For Windows 2008 R2 Server the correct registry hive is: HKLM\Software\WOW6432Node\Sophos\EE\Management Tools
The flags that can be set are shown in the following table.
As an example, to use only the last 4 discovery methods in the table above the registry value would need to be 216 in decimal or D8 in hexadecimal. Worked out as follows: 0x08 (hex) = 8 (dec) 0x10 (hex) = 16 (dec) 0x40 (hex) = 64 (dec) 0x80 (hex) = 128 (dec) 8+16+64+128 = 216 (dec) or D8 (hex)
Related articles Summary of port configurations in Sophos applications
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.