As part of the Sophos Endpoint Protection 10 release there have been changes to the number of available licenses according to the level of protection required. The following details the information provided and changes required in Enterprise Console when there is a license change that will affect endpoint machines.
Known to apply to the following Sophos product(s) and version(s)
Enterprise Console 5.0.0
What will happen
When the license changes, one or more of the following alerts will be displayed against the Computer name in the Update managers view, with the complete message appearing in the Update Manager Details dialog box:
Software license has changed
80040426 - Sophos product license has changed from '{FromLicense}' to '{ToLicense}'. Some product features may have changed.
Software is not available.
80040421 - Software subscription 'Recommended' contained version 10.0 Recommended of platform Windows 2000 and above. This version is not available, either because the product has been retired or your license has changed. Your subscription has been automatically updated.
Both alerts will need to be acknowledged. To do this:
- Right-click on the Computer name and select Acknowledge Alerts...
- Select the alerts to acknowledge
- Click on Acknowledge.
Other errors:
Error 0000006b
may also be seen under certain circumstances as described below.
What to do
When a license is changed the features available to an endpoint also change. These feature changes will then need applying to the endpoints. The following is a list of the available licenses that will affect the features applied to an endpoint. Choose the license you are moving from to view the required procedures needed both at the Enterprise Console and the endpoint when moving to the new license:
- Endpoint Protection - Basic
Features - Anti-virus, Firewall and Device Control - Sophos Anti-Virus
Features - Anti-virus and Application Control - Endpoint Protection - Advanced
Features - Anti-virus, Firewall, Device Control, Data Control, Compliance Control and Application Control - Endpoint Protection - Advanced with Patch assessment
Features - Anti-virus, Firewall, Compliance Control, Patch, Data Control, Device Control, Application Control - Endpoint Protection - Advanced with Web Control
Features - Anti-virus, Firewall, Compliance Control, Data Control, Device Control, Application Control and Web Control - Endpoint Protection - Advanced with Web Control and Patch assessment
Features - Anti-virus, Firewall, Compliance Control, Patch, Data Control, Device Control, Application Control, Web Control
1. Endpoint Protection - Basic
Scenario 1a - Moving from Endpoint Protection - Basic to Sophos Anti-Virus
| Configuration changes | Action Required | Details |
| Change of distribution share | No | Existing sharename \\SERVER\SophosUpdate\CIDs\[serial number]\SAVSCFXP\ will be replaced by \\SERVER\SophosUpdate\CIDs\[serial number]\ESXP\. |
| Change of Updating policy | No | Any policy using the existing distribution share will automatically change to the new distribution share. |
| Manual feature removal | Yes* | Firewall will need removing from any endpoint that has it installed. Any non-Default Firewall policy can then be deleted. |
| Automatic feature addition | Yes | Application Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Application control policy. |
| Automatic feature removal | Yes | Device Control will be automatically removed from the endpoint. Any non-Default Device control policy can be deleted. |
* NOTE: Until the feature is uninstalled on the endpoint a download error code 0000006b will be displayed in Enterprise Console.
Scenario 1b - Moving from Endpoint Protection - Basic to Endpoint Protection - Advanced
| Configuration changes | Action Required | Details |
| Manual feature addition | Yes | Any endpoints requiring Compliance Control (Network Access Control) installing will need to be re-protected with a configured NAC policy. |
| Automatic feature addition | Yes | Data Control and Application Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Data control and Application control policy. |
Scenario 1c - Moving from Endpoint Protection - Basic to Endpoint Protection - Advanced with Patch assessment
| Configuration changes | Action Required | Details |
| Manual feature addition | Yes | Any endpoints requiring Compliance Control (Network Access Control) or Patch installing will need to be re-protected and configured with a NAC or Patch policy. |
| Automatic feature addition | Yes | Data Control and Application Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Data control and Application Control policy. |
Scenario 1d - Moving from Endpoint Protection - Basic to Endpoint Protection - Advanced with Web Control
| Configuration changes | Action Required | Details |
| Manual feature addition | Yes | Any endpoints requiring Compliance Control (Network Access Control) installing will need to be re-protected with a configured NAC policy. |
| Automatic feature addition | Yes | Data Control, Application Control and Web Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Data control, Application control and Web control policy. |
Scenario 1e - Moving from Endpoint Protection - Basic to Endpoint Protection - Advanced with Web Control and Patch assessment
| Configuration changes | Action Required | Details |
| Manual feature addition | Yes | Any endpoints requiring Compliance Control (Network Access Control) or Patch installing will need to be re-protected and configured with a NAC or Patch policy. |
| Automatic feature addition | Yes | Data Control, Application Control and Web Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Data control, Application control and Web control policy. |
2. Sophos Anti-Virus
Scenario 2a - Moving from Sophos Anti-Virus to Endpoint Protection - Basic
| Configuration changes | Action Required | Details |
| Change of distribution share | No | Existing sharename \\SERVER\SophosUpdate\CIDs\[serial number]\ESXP\ will be replaced by \\SERVER\SophosUpdate\CIDs\[serial number]\SAVSCFXP\. |
| Change of Update policy | No | Any policy using the existing distribution share will automatically change to the new distribution share. |
| Manual feature addition | Yes | Any endpoints requiring the Firewall installing will need to be re-protected with a configured Firewall policy. |
| Automatic feature addition | Yes | Device Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Device control policy. |
| Automatic feature removal | Yes | Application Control will be automatically removed from the endpoint. Any non-default Application control policy can be deleted. |
Scenario 2b - Moving from Sophos Anti-Virus to Endpoint Protection - Advanced
| Configuration changes | Action Required | Details |
| Change of distribution share | No | Existing sharename \\SERVER\SophosUpdate\CIDs\[serial number]\ESXP\ will be replaced by \\SERVER\SophosUpdate\CIDs\[serial number]\SAVSCFXP\. |
| Change of Update policy | No | Any policy using the existing distribution share will automatically change to the new distribution share. |
| Manual feature addition | Yes | Any endpoints requiring the Firewall or Compliance Control (Network Access Control) installing will need to be re-protected and configured with a Firewall or NAC policy. |
| Automatic feature addition | Yes | Device Control and Data Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Device control and Data control policy. |
Scenario 2c - Moving from Sophos Anti-Virus to Endpoint Protection - Advanced with Patch assessment
| Configuration changes | Action Required | Details |
| Change of distribution share | No | Existing sharename \\SERVER\SophosUpdate\CIDs\[serial number]\ESXP\ will be replaced by \\SERVER\SophosUpdate\CIDs\[serial number]\SAVSCFXP\. |
| Change of Update policy | No | Any policy using the existing distribution share will automatically change to the new distribution share. |
| Manual feature addition | Yes | Any endpoints requiring the Firewall, Compliance Control (Network Access Control) or Patch installing will need to be re-protected and configured with a Firewall, NAC or Patch policy. |
| Automatic feature addition | Yes | Device Control and Data Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Device control and Data control policy. |
Scenario 2d - Moving from Sophos Anti-Virus to Endpoint Protection - Advanced with Web Control
| Configuration changes | Action Required | Details |
| Change of distribution share | No | Existing sharename \\SERVER\SophosUpdate\CIDs\[serial number]\ESXP\ will be replaced by \\SERVER\SophosUpdate\CIDs\[serial number]\SAVSCFXP\. |
| Change of Update policy | No | Any policy using the existing distribution share will automatically change to the new distribution share. |
| Manual feature addition | Yes | Any endpoints requiring the Firewall or Compliance Control (Network Access Control) installing will need to be re-protected and configured with a Firewall or NAC policy. |
| Automatic feature addition | Yes | Device Control , Data Control and Web Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Device control, Data control and Web control policy. |
Scenario 2e - Moving from Sophos Anti-Virus to Endpoint Protection - Advanced with Web Control and Patch assessment
| Configuration changes | Action Required | Details |
| Change of distribution share | No | Existing sharename \\SERVER\SophosUpdate\CIDs\[serial number]\ESXP\ will be replaced by \\SERVER\SophosUpdate\CIDs\[serial number]\SAVSCFXP\. |
| Change of Update policy | No | Any policy using the existing distribution share will automatically change to the new distribution share. |
| Manual feature addition | Yes | Any endpoints requiring the Firewall, Compliance Control (Network Access Control) or Patch installing will need to be re-protected and configured with a Firewall, NAC or Patch policy. |
| Automatic feature addition | Yes | Device Control , Data Control and Web Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Device control, Data control and Web control policy. |
3. Endpoint Protection - Advanced
Scenario 3a - Moving from Endpoint Protection - Advanced to Endpoint Protection - Basic
| Configuration changes | Action Required | Details |
| Manual feature removal | Yes* | Compliance Control (Network Access Control) will need removing from any endpoint that has it installed. |
| Automatic feature removal | Yes | Data Control and Application Control will be automatically removed from the endpoint. Any non-Default Data control and Application control policy can then be deleted.. |
* NOTE: Until the feature is uninstalled on the endpoint it will continue to update without failure. However, the following condiditions can generate a download error code 0000006b against the endpoint in Enterprise Console:
- If the distribution share is deleted and recreated
- If the endpoint is configured to update from a new distribution share
- The local AutoUpdate cache is deleted on the endpoint
Scenario 3b - Moving from Endpoint Protection - Advanced to Sophos Anti-Virus
| Configuration changes | Action Required | Details |
| Change of distribution share | No | Existing sharename \\SERVER\SophosUpdate\CIDs\[serial number]\SAVSCFXP\ will be replaced by \\SERVER\SophosUpdate\CIDs\[serial number]\ESXP\. |
| Change of Update policy | No | Any policy using the existing distribution share will automatically change to the new distribution share. |
| Manual feature removal | Yes* | Firewall and Compliance Control (Network Access Control) will need removing from any endpoint that has it installed. Any non-Default Firewall policy can then be deleted. |
| Automatic feature removal | Yes | Device Control and Data Control will be automatically removed from the endpoint. Any non-Default Device control and Data control policy can then be deleted.. |
* NOTE: Until the features are uninstalled on the endpoint a download error code 0000006b will be displayed in Enterprise Console.
Scenario 3c - Moving from Endpoint Protection - Advanced to Endpoint Protection - Advanced with Patch assessment
| Configuration changes | Action Required | Details |
| Manual feature addition | Yes | Any endpoints requiring Patch installing will need to be re-protected with a configured Patch policy. |
Scenario 3d - Moving from Endpoint Protection - Advanced to Endpoint Protection - Advanced with Web Control
| Configuration changes | Action Required | Details |
| Automatic feature addition | Yes | Web Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Web control policy. |
Scenario 3e - Moving from Endpoint Protection - Advanced to Endpoint Protection - Advanced with Web Control and Patch assessment
| Configuration changes | Action Required | Details |
| Manual feature addition | Yes | Any endpoints requiring Patch installing will need to be re-protected with a configured Patch policy. |
| Automatic feature addition | Yes | Web Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Web control policy. |
4. Endpoint Protection - Advanced with Patch assessment
Scenario 4a - Moving from Endpoint Protection - Advanced with Patch assessment to Endpoint Protection - Basic
| Configuration changes | Action Required | Details |
| Manual feature removal | Yes* | Compliance Control (Network Access Control) and Patch will need removing from any endpoint that has it installed. Any non-Default Patch policy can then be deleted. |
| Automatic feature removal | Yes | Data Control and Application Control will be automatically removed from the endpoint. Any non-Default Data control and Application control policy can then be deleted. |
* NOTE: Until the features are uninstalled on the endpoint it will continue to update without failure. However, the following condiditions can generate a download error code 0000006b against the endpoint in Enterprise Console:
- If the distribution share is deleted and recreated
- If the endpoint is configured to update from a new distribution share
- The local AutoUpdate cache is deleted on the endpoint
Scenario 4b - Moving from Endpoint Protection - Advanced with Patch assessment to Sophos Anti-Virus
| Configuration changes | Action Required | Details |
| Change of distribution share | No | Existing sharename \\SERVER\SophosUpdate\CIDs\[serial number]\SAVSCFXP\ will be replaced by \\SERVER\SophosUpdate\CIDs\[serial number]\ESXP\. |
| Change of Updating policy | No | Any policy using the existing distribution share will automatically change to the new distribution share. |
| Manual feature removal | Yes* | Firewall, Compliance Control (Network Access Control) and Patch will need removing from any endpoint that has it installed. Any non-Default Firewall or Patch policy can then be deleted. |
| Automatic feature removal | Yes | Data Control and Device Control will be automatically removed from the endpoint. Any non-Default Data control and Device control policy can then be deleted. |
* NOTE: Until the features are uninstalled on the endpoint a download error code 0000006b will be displayed in Enterprise Console.
Scenario 4c - Moving from Endpoint Protection - Advanced with Patch assessment to Endpoint Protection - Advanced
| Configuration changes | Action Required | Details |
| Manual feature removal | Yes* | Patch will need removing from any endpoint that has it installed. Any non-Default Patch policy can then be deleted. |
* NOTE: Until the feature is uninstalled on the endpoint it will continue to update without failure. However, the following condiditions can generate a download error code 0000006b against the endpoint in Enterprise Console:
- If the distribution share is deleted and recreated.
- If the endpoint is configured to update from a new distribution share.
- The local AutoUpdate cache is deleted on the endpoint.
Scenario 4d - Moving from Endpoint Protection - Advanced with Patch assessment to Endpoint Protection - Advanced with Web Control
| Configuration changes | Action Required | Details |
| Manual feature removal | Yes* | Patch will need removing from any endpoint that has it installed. Any non-Default Patch policy can then be deleted. |
| Automatic feature addition | Yes | Web Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Web control policy. |
* NOTE: Until the feature is uninstalled on the endpoint it will continue to update without failure. However, the following condiditions can generate a download error code 0000006b against the endpoint in Enterprise Console:
- If the distribution share is deleted and recreated
- If the endpoint is configured to update from a new distribution share
- The local AutoUpdate cache is deleted on the endpoint
Scenario 4e - Moving from Endpoint Protection - Advanced with Patch assessment to Endpoint Protection - Advanced with Web Control and Patch assessment
| Configuration changes | Action Required | Details |
| Automatic feature addition | Yes | Web Control will be automatically enabled on the endpoint but will need to be configured and enabled in the Web control policy. |
5. Endpoint Protection - Advanced with Web Control
Scenario 5a - Moving from Endpoint Protection - Advanced with Web Control to Endpoint Protection - Basic
| Configuration changes | Action Required | Details |
| Manual feature removal | Yes* | Compliance Control (Network Access Control) will need removing from any endpoint that has it installed. |
| Automatic feature removal | Yes | Data Control, Application Control and Web Control will be automatically removed from the endpoint. Any non-Default Data control, Application control and Web control policy can then be deleted. |
* NOTE: Until the feature is uninstalled on the endpoint it will continue to update without failure. However, the following condiditions can generate a download error code 0000006b against the endpoint in Enterprise Console:
- If the distribution share is deleted and recreated
- If the endpoint is configured to update from a new distribution share
- The local AutoUpdate cache is deleted on the endpoint
Scenario 5b - Moving from Endpoint Protection - Advanced with Web Control to Sophos Anti-Virus
| Configuration changes | Action Required | Details |
| Change of distribution share | No | Existing sharename \\SERVER\SophosUpdate\CIDs\[serial number]\SAVSCFXP\ will be replaced by \\SERVER\SophosUpdate\CIDs\[serial number]\ESXP\. |
| Change of Updating policy | No | Any policy using the existing distribution share will automatically change to the new distribution share. |
| Manual feature removal | Yes* | Firewall and Compliance Control (Network Access Control) will need removing from any endpoint that has it installed. Any non-Default Firewall policy can then be deleted. |
| Automatic feature removal | Yes | Data Control, Device Control and Web Control will be automatically removed from the endpoint. Any non-Default Data control, Device control and Web control policy can then be deleted. |
* NOTE: Until the features are uninstalled on the endpoint a download error code 0000006b will be displayed in Enterprise Console.
Scenario 5c - Moving from Endpoint Protection - Advanced with Web Control to Endpoint Protection - Advanced
| Configuration changes | Action Required | Details |
| Automatic feature removal | Yes | Web Control will be automatically removed from the endpoint. Any non-Default Web control policy can then be deleted. |
Scenario 5d - Moving from Endpoint Protection - Advanced with Web Control to Endpoint Protection - Advanced with Patch assessment
| Configuration changes | Action Required | Details |
| Manual feature addition | Yes | Any endpoints requiring Patch installing will need to be re-protected with a configured Patch policy. |
| Automatic feature removal | Yes | Web Control will be automatically removed from the endpoint. Any non-Default Web control policy can then be deleted. |
Scenario 5e - Moving from Endpoint Protection - Advanced with Web Control to Endpoint Protection - Advanced with Web Control and Patch assessment
| Configuration changes | Action Required | Details |
| Manual feature addition | Yes | Any endpoints requiring Patch installing will need to be re-protected with a configured Patch policy. |
6. Endpoint Protection - Advanced with Web Control and Patch assessment
Scenario 6a - Moving from Endpoint Protection - Advanced with Web Control and Patch assessment to Endpoint Protection - Basic
| Configuration changes | Action Required | Details |
| Manual feature removal | Yes* | Compliance Control (Network Access Control) and Patch will need removing from any endpoint that has it installed. Any non-Default Patch policy can then be deleted. |
| Automatic feature removal | Yes | Data Control, Application Control and Web Control will be automatically removed from the endpoint. Any non-Default Data control, Application control and Web control policy can then be deleted. |
* NOTE: Until the features are uninstalled on the endpoint it will continue to update without failure. However, the following condiditions can generate a download error code 0000006b against the endpoint in Enterprise Console:
- If the distribution share is deleted and recreated
- If the endpoint is configured to update from a new distribution share
- The local AutoUpdate cache is deleted on the endpoint
Scenario 6b - Moving from Endpoint Protection - Advanced with Web Control and Patch assessment to Sophos Anti-Virus
| Configuration changes | Action Required | Details |
| Change of distribution share | No | Existing sharename \\SERVER\SophosUpdate\CIDs\[serial number]\SAVSCFXP\ will be replaced by \\SERVER\SophosUpdate\CIDs\[serial number]\ESXP\. |
| Change of Updating policy | No | Any policy using the existing distribution share will automatically change to the new distribution share. |
| Manual feature removal | Yes* | Firewall, Compliance Control (Network Access Control) and Patch will need removing from any endpoint that has it installed. Any non-Default Firewall and Patch policy can then be deleted. |
| Automatic feature removal | Yes | Data Control, Device Control and Web Control will be automatically removed from the endpoint. Any non-Default Data control, Device control and Web control policy can then be deleted. |
* NOTE: Until the features are uninstalled on the endpoint a download error code 0000006b will be displayed in Enterprise Console.
Scenario 6c - Moving from Endpoint Protection - Advanced with Web Control and Patch assessment to Endpoint Protection - Advanced
| Configuration changes | Action Required | Details |
| Manual feature removal | Yes* | Patch will need removing from any endpoint that has it installed. Any non-Default Patch policy can then be deleted. |
| Automatic feature removal | Yes | Web Control will be automatically removed from the endpoint. Any non-Default Web control policy can then be deleted. |
* NOTE: Until the feature is uninstalled on the endpoint it will continue to update without failure. However, the following condiditions can generate a download error code 0000006b against the endpoint in Enterprise Console:
- If the distribution share is deleted and recreated
- If the endpoint is configured to update from a new distribution share
- The local AutoUpdate cache is deleted on the endpoint
Scenario 6d - Moving from Endpoint Protection - Advanced with Web Control and Patch assessment to Endpoint Protection - Advanced with Patch assessment
| Configuration changes | Action Required | Details |
| Automatic feature removal | Yes | Web Control will be automatically removed from the endpoint. Any non-Default Web control policy can then be deleted. |
Scenario 6e - Moving from Endpoint Protection - Advanced with Web Control and Patch assessment to Endpoint Protection - Advanced with Web Control
| Configuration changes | Action Required | Details |
| Manual feature removal | Yes* | Patch will need removing from any endpoint that has it installed. Any non-Default Patch policy can then be deleted. |
* NOTE: Until the feature is uninstalled on the endpoint it will continue to update without failure. However, the following condiditions can generate a download error code 0000006b against the endpoint in Enterprise Console:
- If the distribution share is deleted and recreated
- If the endpoint is configured to update from a new distribution share
- The local AutoUpdate cache is deleted on the endpoint