Sophos Messenger FAQ

  • Article ID: 119053
  • Rating:
  • 36 customers rated this article 4.4 out of 6
  • Updated: 09 May 2016


This article provides information on Sophos Messenger, an application that enables Sophos to message administrators of Enterprise Console, Sophos Enterprise Manager and Control Center with important information.

Applies to the following Sophos product(s) and version(s)
Sophos Enterprise Manager
Sophos Control Center
Enterprise Console

Sophos Messenger FAQ

What is Sophos Messenger?

Sophos Messenger allows direct communication with the users of Enterprise Console, Control Center and Enterprise Manager via pop-up messages on the Sophos management server. Messages are displayed for all members of the Microsoft Windows Sophos Console Administrators security group, where certain conditions of the message are met. For example, Sophos may choose to message specific users that we are retiring a product because it directly affects them. 

Note: These messages will only be displayed on the management server computer and will not be displayed on computers running a remote console.

Why is it required?

Sophos Messenger is used to improve communication with Sophos administrators and ensuring that users are quickly and easily notified of important information relating to Sophos products. This method of communication is for important information on product retirement or for scenarios where we need to message the Sophos administrator about an important issue. It is not used for marketing purposes.

What should I do when I see a message?

Read the message to determine what to do and if it is relevant to your systems. It may be that no action is required and it is only information on an important issue, and those messages often link to a knowledge base article with more information.

For example, to communicate to all Enterprise Console users that may be running Sophos Antivirus 9.5, it is necessary to generate the alert on all versions of Enterprise Console. If the message is not relevant, you can click Acknowledge to prevent it being re-displayed.

If you have a question about a displayed message, feel free to post a question on our Sophos Community.

How does Sophos Messenger work?

Sophos Update Manager (SUM) has the ability, through the use of a supplemental package, to deliver and execute a custom executable (UpdatePatch.exe). Sophos Messenger will use this ability to copy a number of files, including an executable (Sophos.Messenger.exe), a config file (Sophos.Messenger.exe.config), an XML file (Sophos.Messenger.xml) and a .dat file (scf.dat) over to the computer. These files will reside in and be executed from: 

  • 32-bit systems: C:\ProgramFiles\Sophos\SophosMessenger\ 
  • 64-bit systems: C:\ProgramFiles (x86)\Sophos\SophosMessenger\

The XML file will contain the messages shown to the user (translated as required) and the conditions that need to be met for the message to be displayed. The required conditions of a message will depend on:

  • the type and version of the Enterprise Console
  • the language
  • the operating system
  • the installed components
  • the message expiry time-stamp

As UpdatePatch.exe is launched by SUM under the local system context, this gives the application the ability (on the initial execution) to run the Sophos.Messenger.exe process in each interactive session that is logged in. To ensure that the message is displayed to users who are not currently logged in, a reference will be added to the registry key to ensure all members of the Sophos Console Administrators security group see the message the next time they log on. The reference will be added to:

  • 32-bit systems: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ STRING/REG_SZ SophosMessenger
  • 64-bit systems: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ STRING/REG_SZ SophosMessenger

Once the message has been displayed and acknowledged, the message will not be displayed again.

When the message is displayed/acknowledged, an HTTP request to Sophos will be generated. This mechanism enables us to be sure that users have seen/acknowledged the messages and that the communication channel is working as intended.

How do I disable these messages?

As mentioned above, this is not a tool that will be used heavily. However, there is the ability to disable the execution via the registry for a user and/or computer. We strongly discourage suppression of these infrequent messages as they are targeted messages with important information.

To disable Sophos Messenger for all users on a computer:

  • Click Start, type regedit.exe and then click regedit.exe to open Registry Editor.
  • In Registry Editor, go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Sophos\Messaging System\ and create a DWORD Value. Name it Disable.
  • Double click Disable and under Value data, enter 1.

To disable for the current user:

  • Click Start, type regedit.exe and then click regedit.exe to open Registry Editor.
  • In Registry Editor, go to HKEY_CURRENT_USER\SOFTWARE\Wow6432node\Sophos\Messaging System\ and create a DWORD Value. Name it Disable.
  • Double click Disable and under Value data, enter 1.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent