Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 27 replies
  • Answers 3 answers
  • Subscribers 7 subscribers
  • Views 44540 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.5.1

QC

Hello all,

seems that SEC 5.5.1 is in the works already (though naturally I can't say when exactly later this year will be).

Christian



This thread was automatically locked due to age.
  • 0 in reply to Big_Buck

    Hello Paul Jr,

    first of all, do you need TLS 1.2? It's not q requirement for SEC.
    11.0.6216.27 is, as far as I can see in the MS article, the minimum for SQL Server 2012 SP3 GDR - SP4 isn't mentioned so I assume it "does" TLS 1.2 and it's the version packaged with the installer. Perhaps CheckDBConnection with the -l switch gives some hint.

    If you don't need TLS 1.2 just continue with the installation.

    Christian

  • 0

    Hello all,

    thought the upgrade (from 5.5.0) would be simple enough to do it even on a Friday (it's was shortly before 10am so it didn't fall under the no changes on Friday afternoon rule).
    Second time in a row it failed miserably (but only on one of the servers) [:)]. This time with a 1923 for the Management Service - can't say (and didn't care) why, perhaps a missing restart (real programmers don't follow the advice of some piece of software, do they?). After the restart and a second attempt it failed immediately - Database 5.5.1, Console 5.5.0, Server not installed. Similar fix as last time (uninstall Console), install completed. Then - Management Service failed to start due to failed database upgrade. Manual upgrade - bingo!
    Done with both servers and the remote consoles - still some time before noon.

    Christian

  • 0 in reply to QC

    Hello

    Only things I really need are a wife, a Labrador dog, a fishing rod, and a dual sport motorcycle.  Computers are just un-productive pain-in-the-ass stuff I'm forced to live with.  Security are composed of the elites of the pain-in-the-ass stuff and originated by the laziness and carelessness of those almost criminal minds who created computer sciences.  In an accountable world, those criminals - Google, Facebook, Microsoft, Equifax, and all - would be jailed for destroying our private lifes, among other things.

    TLS 1.3 is a draft since early 2018.  Google implemented it a year ago.

    TLS 1.2 is mostly security and bugs fix to TLS 1.0.  It was released in august 2008.  I repeat.  August 2008. Ten years ago.

    TLS 1.0 was release in 1999.  At that point, you might as well ride in a Ford model T.

    A lot of very bad things happened on the internet since 2008.  Don't you thing that complying to a standard that's already archaic is a minimum one can do in an effort to protect his business ?  We should expect our End-Point protection to be efficient against recent malware with technologies that old ?  How could it be Sophos are so late to respond to latest technology trend ? Up to last year they were still on SMBv1 on their WEB gateway.

  • 0 in reply to QC

    Sweaaaaaaat !!! :) Like you said, It's Friday morning :)

    As usual ...

  • 0 in reply to Big_Buck

    Hello ,

    As usual
    been there before? Can't remember what's supposed to happen after yo click Next, too long ago [;)].
    Seriously, I think I just leave it alone, doing something else checking in later to asses the progress and success or failure (this thing maybe doesn't like to be watched). It should record its progress in %ProgramData%\Sophos\Management Installer\Sophos_bootstrapper.... and potential MSI logs should also be there. There might be a prompt waiting hidden by some window. Clicking on the "correct" taskbar icon might bring it to front.

    Christian

  • 0 in reply to QC

    Some feedback.

    I am logged as Domain Admin. After a very long time I had this on the install screen:

     

    The command "CheckDBConnection -l" yields this :

    C:\sec_551\ServerInstaller\CheckDBConnection>CheckDBConnection -l
    Sophos Connectivity Verifier
    5.5.1.955
    Copyright 2000-2018 Sophos Limited. All rights reserved.
    Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
    TestDatabaseConnectionWithConnectionString 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;'
    NewConnStr 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;;'
    TestDatabaseConnectionWithConnectionString 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;Encrypt=yes;'
    NewConnStr 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;Encrypt=yes;;'
    (/) Operating system is ready to use TLS 1.2
    (/) Installed .NET Framework supports TLS 1.2
    Connection to the SQL Server established
    (x) SQL Server instance does not support TLS 1.2
    (x) SQL Server TCP/IP protocol detection failed
    (/) There is a certificate installed that can be used with SQL Server
    (/) SQL Server Native Client library supports TLS 1.2
    Encrypted connection to the SQL Server cannot be established
    Windows Server 2012 R2 - Standard Server - 6.3.9600.0 - 6 -
    SOPHOS - 11.0.7462.6 - SP4-GDR -
    Corindon WSUS
    Client Library information:
    sm - SQLNCLI11 - 11.0.7462
    tcp - SQLNCLI11 - 11.0.7462
    np - SQLNCLI11 - 11.0.7462
    tcp - SQLNCLI11 - 11.0.7462.6
    C:\sec_551\ServerInstaller\CheckDBConnection>

    I still have both errors:

    (x) SQL Server instance does not support TLS 1.2
    (x) SQL Server TCP/IP protocol detection failed.

    Both of these errors are wrong.

    It was soooo easy to upgrade and maintain Symantec SEC.  Why I have done that ultra stupid decision to migrate to something else ?

  • 0 in reply to Big_Buck

    Registery keys:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
    "DisabledByDefault"=dword:00000001
    "Enabled"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    "Enabled"=dword:ffffffff
    "DisabledByDefault"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
    "Enabled"=dword:ffffffff
    "DisabledByDefault"=dword:00000000

  • 0 in reply to Big_Buck

    I assume you have seen the KBA's for the individual checks, for example:

    You don't have sufficient database rights
    https://community.sophos.com/kb/en-us/124245



Unfiltered HTML