This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos and Terminal Services

We are running a terminal server with operating system Windows 2008 R2 and that uses Sophos Endpoint Security and Control version 9.5. This terminal sever is used in a lab to allow up to 30 people to RDP into the server.  We have received reports that during specified times of the day all of the remote desktop users will lose internet connection. It is still possible to establish an RDP connection and access our shared files on the terminal server which would indicate that they are still connected through the network. After some investigating, we have reason to believe one of the functions of Sophos may be blocking internet access for the remote desktop users.  The event viewer on the terminal server reports Savservice.exe errors during the time Internet explorer is unavailable to browse.  It appears Sophos is scanning IE during the time of the internet outage, once Sophos is complete internet browsing is restored. Have you received any reports on this or know any information we could use to correct this problem?  We are hoping perhaps modifying the setting on Sophos would eliminate this problem.

Thanks in advance!

:20621


This thread was automatically locked due to age.
Parents
  • I have been facing a Similar Issue. However I do not have the SEC Server and Client Details. Nor the OS details.

    But whenever multiple users login to the terminal server, they are not able to access the Internet through the Terminal Server.

    Currently we have kept the AV Scanning off, on the Terminal Server, to allow remote users to access the Internet, which I firmly believe is not a good practise.

  • Hi,

    Do you need to disable on-access to restore the computer to a working state or would it be sufficient to disable the web protection features?  The default of which is to mirror the on-access state.  I suspect disabling on-access is essentially disabling web protection.

    What do you have under

    Configure - Anti-Virus - Web Protection?  

    Also, do you have web control enabled?

    If one of these 3 features are enabled then you will have a loaded LSP in the Winsock catalog.  If you disable all 3 and start the Sophos Web Intelligence Update service, the LSP will be removed from Winsock.

    Regards,

    Jak

  • Dear Jak,

    Thanks for your reply.

    At the moment the end customer is disabling Endpoint on the Terminal Server and that's how the internet works on the Terminal Server, with multiple users connected simultaneously to the server.

    We have not tried by disabling web protection? .. Need to try that.  I will also check the Web Control....if it is enabled.

    I will check with the end customer and get back to you on this.

    Thanks for the help.

    Regards,

    Mr. Samson Pacharne

  • Please find the below details of the Sophos SEC Server and the Terminal Server specifications .

    Sophos SEC Server Details.

    Machine Type : Hyper V

    Machine OS: Windows 2008 R2 Standard

    RAM (Memory) : 16 GB

    Architecture: x64

    Sophos Server SEC Enterprise Console Version : 5.3.0

     

    Terminial Server Details

    Machine Type : Hyper V

    Machine OS: Windows Server 2012 R2 Standard

    RAM (Memory) :  40GB

    Architecture: x64

    Sophos Client Software Version :  10.6 

    Currently we have disabled the entire endpoint client software on the terminal server.

    I will check the same today by disabling the Web Protection and Web Control functionality and inform you accordingly.

    Regards,

    Mr. Samson Pacharne.

  • Hello,

    Today we have disabled the Web Protection and Web Control, now let us monitor the same, if any users are facing any issue.

    Regards,

    Mr. Samson Pacharne

  • What were your results?  I'm looking at Sophos as a possible AV solution for my clients, and many of them have RDS servers, so I'm trying to find something I know will work in that multi user terminal environment without being disabled. 

    Thanks

    John

  • Dear John Dean

    I am really sorry for the delayed response, and I want to thank your for the solution.

    Your solution worked well and the issue has been resolved.

    Cheers!!!!!!

    Regards,

    Mr. Samson Pacharne

Reply Children
No Data