The Sophos Messenger application enables Sophos to message administrators of Enterprise Console, Sophos Enterprise Manager and Control Center with important information.
Known to apply to the following Sophos product(s) and version(s)
Sophos Enterprise Manager
Sophos Control Center
What does Sophos Messenger do?
Sophos Messenger allows direct communication with the users of Enterprise Console, Control Center and Enterprise Manager via the use of pop-up messages on the Sophos management server. Messages are displayed for all members of the Microsoft Windows ‘Sophos Console Administrators’ security group, where certain conditions of the message are met. As an example, Sophos may choose to message specific users that we are retiring a certain product.
Note: These messages will only be displayed on management server computer and will not be displayed on computers running a remote console.
Why is it required?
To improve communication with Sophos administrators, ensuring users are made aware of important information relating to Sophos products in a timely manner. This communication channel is for important life-cycle information or for scenarios where we need to message the Sophos administrator as a matter of urgency. It will not be used for marketing purposes.
How does it work?
Sophos Update Manager (SUM) has the ability, through the use of a supplemental package, to deliver and execute a custom executable (UpdatePatch.exe). Sophos Messenger will use this mechanism to copy to the computer a number of files, including an executable (Sophos.Messenger.exe), a config file (Sophos.Messenger.exe.config), an XML file (Sophos.Messenger.xml) and a dat file (scf.dat). These files will reside in and be executed from the following folder:
The XML file will contain the messages shown to the user (translated as required) and the conditions that need to be met for the message to be displayed. Possible conditions of the message being displayed include: type and version of the console, language, operating system, components installed and the message expiry time-stamp.
As UpdatePatch.exe is launched by SUM under the local system context, this gives the application the ability, on initial execution, to run the Sophos.Messenger.exe process in each logged on interactive session. To ensure that the message is displayed to users who are not currently logged in, a reference will also be added to the following registry key to ensure all ‘Sophos Console Administrators’ see the message the next time they log on to the computer.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ STRING SophosMessenger
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ STRING SophosMessenger
Once the message(s) has been displayed and acknowledged, the message(s) will not be re-displayed.
When the message is displayed/acknowledged an HTTP request to Sophos will be generated. This mechanism enables us to be sure that users have seen and acknowledged the messages and the communication channel is working.
Note: As mentioned above, this is not a tool that will be used heavily, however there is the ability to disable the execution via the registry on a per user and/or computer basis. We strongly discourage suppression of these infrequent messages as they are targeted messages with important information:
- To disable for all users on a computer create the following registry key:
Disable and set a value of 1.
- To disable for a given user create the registry key:
HKCU\Software\[wow6432node]\Sophos\Sophos messenger\ DWORD
Disable and set a value of 1.
What to do?
After considering the message it may be that no action is required and it is information only.
For example, in order to communicate to all console users that may be running Sophos Anti-Virus 9.5, it is necessary to generate the alert on all versions of Enterprise Console. If the message is not relevant to you please Acknowledge the message to prevent it being re-displayed.