
          Sophos Anti-Virus for Windows NT Release Notes
          ----------------------------------------------

                  Version 3.14, October 1998


 All SWEEP versions have been updated with new virus information.
 A list of new viruses is included in What's New on the CD or the 
 READNEWS.TXT file on the SWEEP for DOS Installation (Disk 1).

 Modifications from version 3.13
 -------------------------------

 1. This version detects 485 more viruses than 3.13

 Additional information
 ----------------------

 1. InterCheck Client
 --------------------

 This version of the InterCheck Client supports 'on-the-fly' 
 disinfection - though this is disabled by default. This behaviour 
 can be modified via the "Action" page of the InterCheck Client 
 configuration dialog. The InterCheck Client will only disinfect a 
 file once. If after one such disinfection a file is still found to 
 be infected then access to it will be refused.

 All documents reported as having been disinfected should be 
 reviewed to ensure that the virus made no changes to the content. 

 2. Centralised Installation
 ---------------------------

 The installation program provides an option to install a copy of 
 the installation disks on a file server. SWEEP for Windows NT can 
 then be installed quickly and easily by executing the setup 
 program from the file server. Furthermore, on computers where 
 SWEEP for Windows NT has been installed in this manner, the update 
 process will be invoked automatically whenever the file server 
 installation is upgraded.

 3. Disinfecting files
 ---------------------

 SWEEP for Windows NT allows administrators to disinfect files to 
 which they do not have write access. This feature is available 
 only for scheduled sweeps of local drives. The SWEEP service must 
 be running using the 'system' account or if an alternative account 
 is being used then the account must be assigned the "Back up files 
 and directories" right together with the "Restore files and 
 directories" right.

 4. Administration Security
 --------------------------

 An administrator can choose to set the immediate job 
 configuration details which ALL non admin users MUST use. This 
 can be done via the new "security" option found on the options 
 menu when the GUI is run by a member of the administrator group 
 on the local machine.

 Choosing to use this feature disables non-administrators access 
 to the immediate job configuration data. Non-administrator 
 users will only be able to start and stop immediate jobs and 
 choose which of their own files they may SWEEP.
	
 The token %USER% is supported.
 For example, if the adminstrator wishes to copy all infected 
 files to a central directory and keep individual users files 
 separate then they can set the following path type in the 
 action section of the administrator
   config:-
       \\<SERVER_NAME>\<SHARE_NAME>\<PATH>\%USER%

   This will give a directory structure like:
       \\<SERVER_NAME>\<SHARE_NAME>\<PATH>\<UserName1>\v.000
       \\<SERVER_NAME>\<SHARE_NAME>\<PATH>\<UserName1>\form.000
       \\<SERVER_NAME>\<SHARE_NAME>\<PATH>\<UserName2>\mydoc.000
       \\<SERVER_NAME>\<SHARE_NAME>\<PATH>\<UserName3>\v.000
       \\<SERVER_NAME>\<SHARE_NAME>\<PATH>\<UserName3>\v.001
       \\<SERVER_NAME>\<SHARE_NAME>\<PATH>\<UserName3>\v.002

 The same token can be used in the reports directory to make 
 individual report file names or to place users report files in 
 separate sub-directories.

 The administrator defined config details are stored in the 
 services' HKEY_USERS section of the registry (under 
 .DEFAULT\Software\Sophos\SWEEPNT if the service is logged in 
 as LocalSystem and under the services own user key otherwise).
 The .DEFAULT\Software\Sophos\SWEEPNT hive can be deployed to 
 remote machines using swdeploy (available from Sophos).

 NB If you wish to select "Scheduled access to network 
    resources" please ensure that the account used is one 
    specific to SWEEP. Using an administrator account which may 
    be accessed by an interactive user may cause the 
    administrator defined configuration to be corrupted.

 Troubleshooting
 ---------------

 1. Errors accessing shared CD ROM drives from remote computers
 --------------------------------------------------------------

 After installing SWEEP for Windows NT you may encounter 
 difficulties accessing a second shared CD ROM drive from remote 
 computers. This is a restriction imposed by the default NT server 
 configuration. The following registry entry is required to solve 
 the problem.

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\
   Parameters\IrpStackSize

 Type: REG_DWORD             Data: 0x6  

 Please use REGEDT32 to modify or create this entry in the registry. 
 You will need to restart the system before the change will take 
 effect. If you still experience problems a larger value can be 
 selected (maximum 12).

 2. Auto-upgrade service
 -----------------------

 To function correctly the auto-upgrade service MUST be installed 
 as the LocalSystem account and have "Allow Service to Interact 
 with Desktop" selected.

 3. Sweep service application error
 ----------------------------------

 Occasionally SWEEP may encounter files whose structure can lead 
 to the service appearing to "hang" or clients losing their 
 connections. This problem is related to checking of some types 
 of non-template Word documents. The following registry entry 
 will disable the checking of non-template documents.

 HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SweepNT\Advanced\NITB
 Type: REG_DWORD             Data: 0x0  

 If problems persist set the following entry to turn off SWEEP's 
 ability to check VBA3 documents (e.g. Excel files)
 HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SweepNT\Advanced\VBA3
 Type: REG_DWORD             Data: 0x0  

 Please use REGEDT32 to modify or create these entries in the 
 registry. You will need to restart the service before the change 
 will take effect.

 4. Novell Application Launcher
 ------------------------------

 NAL Version 2.01 and Windows NT v4. - when a user logs out and a 
 new user logs back in NAL appears not to be clearing itself from 
 memory. When the new user logs in the NAL launcher pops up and is 
 blank.

 Solution - Exclude the file $special.net, within Options\Exclusion 
 list on the Sweep for Windows NT GUI.

 5. Intercheck Logging
 ---------------------

 For InterCheck Logging to work correctly the SWEEP for Windows NT 
 Network Service must use an account that is able to see the InterCheck 
 Server share. This may not be the case if the auto-upgrade option was 
 not selected during installation.

 If InterCheck Logging fails to work correctly a suitable account may be 
 selected as follows:
 *	Go to Control Panel->Services.
 *	Select the SWEEP for Windows NT Network Service.
 *	Click the Startup... button.
 *	Under Log on  As:  select the field This Account.
 *	Choose a DOMAIN\User  with access to the desired InterCheck Server share.
 *	Fill in the password fields.
 *	Click OK to confirm the change.
 *	Stop and then Start the service.

 Compatibility issues
 --------------------

 1. NT 4.0 service pack 2
 ------------------------

 Important: Do not use this software with NT 4 service pack 2 
 unless you have installed the Microsoft hot fix KRNL40I.EXE.

 2. Banyan VINES Support
 -----------------------

 Please note that InterCheck will not check files on remote Banyan 
 VINES drives unless the Banyan VINES network support was started 
 at boot time.

 3. PathWorks Version 4 Server
 -----------------------------

 NT clients which use a Pathworks 4 server for the central 
 installation directory may repeatedly auto upgrade.

 This problem only occurs on Pathworks 4 and not on the more recent
 Pathworks versions.

 4. IntraNetWare Client32 v4.11 connected to a Novell 4.x server
 ---------------------------------------------------------------

 SWEEP for Windows NT may fail to auto-upgrade when the customer is 
 using IntraNetWare Client32 v4.11 centrally installed from a 
 Novell 4.x server.

 The failure is due to changes Novell have made to the NT security 
 model when using their client software. Previously (v4.10) a 
 service inherited the rights of the currently logged on user. This 
 is no longer true. As a result services such as the 'SWEEP for 
 Windows NT Network' service may not be able to access the central 
 installation area and are therefore prevented from auto-updating.

 At the moment, while the security model is in a state of flux, all 
 Sophos can suggest is that you stay with or roll-back to Client32 
 v4.10. If necessary you should contact Novell direct for further 
 information.



                               ----------------


             Sophos Plc, The Pentagon, Abingdon, OX14 3YP, England
                      Tel 01235 559933 o Fax 01235 559935


   Sophos Plc, 2, Place de la Defense, BP240, 92053 Paris la Defense, France
                    Tel 01 46 92 24 42 o Fax 01 46 92 24 00


          Sophos GmbH, Am Hahnenbusch 21, D-55268 Nieder-Olm, Germany
                      Tel 06136 91193 o Fax 06136 911940


              Sophos Inc, 18 Commerce Way, Woburn, MA 01801, USA
                      Tel 781 932 0222 o Fax 781 932 0251


                         Sales email sales@sophos.com
                  Technical support email support@sophos.com
                          Web http://www.sophos.com/
