Sophos

Online support

Product maintenance

Contact support

Support services

Download Free hard drive encryption - Download a trial of SafeGuard Easy

Enterprise Console: using ExportConfig.exe to create XML configuration files

The command-line utility ExportConfig.exe enables you to retrieve policies from Enterprise Console and save them as XML configuration files. These XML configuration files can be used to centrally configure unmanaged computers, or to implement features not available from the console.

On a server running Enterprise Console 3.x
ExportConfig.exe is available in the TOOLS folder on the Sophos Anti-Virus Network Install CD, or in the unpacked TOOLS folder (for example) C:\sec31\Tools\. You must place ExportConfig.exe in C:\Program Files\Sophos\Enterprise Console before performing the procedure below.

What to do

NOTE: policy names are case sensitive.

  1. Check that you are logged on as a member of the Sophos Console Administrators group. (By default, the user who installed Enterprise Console is in this group.)
  2. Run a command prompt and move to the following directory:
    C:\Program Files\Sophos\Enterprise Console.
  3. Type exportconfig.exe to start the tool.
  4. Specify the type of policy you want to retrieve:
    • An updating policy is indicated by the parameter '-type AU'
    • An anti-virus and HIPS policy is indicated by the parameter '-type SAV'
    • A firewall policy is indicated by the parameter '-type SCF'
    • An application control policy is indicated by the parameter '-type SAC'
    • A data control policy is indicated by the parameter '-type DATC'
    • A device control policy is indicated by the parameter '-type DEVC'
    • A legacy updating policy is indicated by the parameter '-type LEGAU'
  5. By default, you export your default policy. To retrieve a named policy use the '-policy' parameter, followed by the policy name. (Do not use this parameter for a default policy.)
  6. Also specify the location of the XML file to save the policy in. Use the '-output' parameter followed by the location and filename.

    If your policy name has a space in it, you must enclose it in inverted commas. For example, if your policy name is 'A Policy', you must use "A Policy".

    • The updating policy file should be called 'sauconf.xml'
    • The anti-virus and HIPS policy file should be called 'savconf.xml'
    • The firewall policy file should be called 'scfconf.xml'
    • The application control policy file should be called 'sacconf.xml'
    • The data control policy file should be called 'sdatcconf.xml'
    • The device control policy file should be called 'sdevcconf.xml'
    • A legacy updating policy file should be called 'sauconf.xml'.

    Examples:
    exportconfig -type AU -policy "A Policy" -output c:\temp\sauconf.xml
    exportconfig -type SAV -output c:\temp\savconf.xml
    exportconfig -type SAC -policy "Another Policy" -output c:\savconfappc.xml


    The example commands will export a named updating policy called 'A Policy', the default anti-virus policy, and an application control policy called 'Another Policy'.

  7. Place the xml files in the appropriate directories

When you have generated the XML files, place them in the following directories for the appropriate operating system(s) and product versions. The updating directories are listed below:

On...Endpoint Security and Control 8
(Sophos Anti-Virus)
Endpoint Security and Control 8
(Sophos Anti-Virus with Sophos Client Firewall)
Endpoint Security and Control 9
Windows 2000+\\SERVER\InterChk\ESXP\\SERVER\Interchk\SAVSCFXP\\SERVER\SophosUpdate\CIDs\[serial number]\
Windows NT\\SERVER\InterChk\ESNTn/an/a
Windows 95/98

\\SERVER\InterChk\ES9X

n/a

n/a

  • Put savconf.xml in the savxp folder
  • Put sauconf.xml in the sau folder
  • Put scfconf.xml in the scf folder
  • Put sacconf.xml in the savxp folder
  • Put sdatcconf.xml in the savxp folder
  • Put sdevcconf.xml in the savxp folder
  • Put legacy updating.xml in the sau folder

Next step

Now you must use ConfigCID.exe to ensure that networked computers update with the new configuration.

If you need more information or guidance, then please contact technical support.

  • Protect sensitive data from unauthorized use
  • Encrypt data, hard drives and removable media
  • Work uninterrupted with encryption on demand