Sophos Endpoint Security and Control 10.2.8 release notes

Version numbers

Sophos Anti-Virus (SAV) 10.2.8
Threat detection engine 3.43.0
Threat data 4.90, June 2013
Sophos Client Firewall (SCF) 2.9.3
Sophos AutoUpdate (SAU) 2.9.0
Note:
  • Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.
  • Sophos Client Firewall is not supported and cannot be installed on Windows 8.
  • Automatic deployment of Endpoint Security and Control to Windows 8 and Windows Server 2012 from Enterprise Console requires Enterprise Console 5.1 or later. If you are using Enterprise Console 5.0 or earlier, you can install the software by running the installer from a bootstrap location that contains a software subscription for version 10.2. For more information on manual installation, see http://www.sophos.com/en-us/support/knowledgebase/12386.aspx.

What's new

This section lists new features and updates included in the last four monthly releases of Sophos Endpoint Security and Control 10.2.

To view the list of issues fixed in these releases, go to Fixed and known issues.

New in this release

  • Sophos Anti-Virus

    The threat data have been updated.

New in 10.2.7, May 2013

  • Competitor Removal Tool

    Symantec Endpoint Protection 11.0.7101.1056 (both 32-bit and 64-bit versions) has been added to the Sophos Competitor Removal Tool integrated with Sophos Endpoint Security and Control (iCRT).
    Note: If you have Symantec Endpoint Protection or another security suite installed on Windows 8 or Windows Server, please refer to http://www.sophos.com/en-us/support/knowledgebase/117835.aspx for information on how to configure the Competitor Removal Tool.
  • Sophos Anti-Virus

    The threat detection engine and threat data have been updated.

New in 10.2.7, April 2013

  • Competitor Removal Tool

    The Sophos Competitor Removal Tool integrated with Sophos Endpoint Security and Control (iCRT) can now detect the following software:
    • Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition, 32-bit version (in addition to the 64-bit version which was added previously)
    • ESET NOD32 version 5.0.2126, both 32-bit and 64-bit
  • Device Control

    IronKey Enterprise D250 4GB flash drive has been added to the list of secure removable storage devices.
  • Sophos Anti-Virus

    The threat detection engine and threat data have been updated.

New in 10.2.6, March 2013

  • Competitor Removal Tool

    The Sophos Competitor Removal Tool integrated with Sophos Endpoint Security and Control (iCRT) can now detect the following software:
    • AVAST Endpoint Protection Suite 7.0
      Note: The Competitor Removal Tool can detect AVAST Endpoint Protection Suite 7.0 but cannot uninstall it. The software will need to be uninstalled by using other means, for example, from Control Panel.
    • Microsoft Security Essentials 4.1
  • Sophos Anti-Virus

    The threat detection engine and threat data have been updated.

Fixed and known issues

This section lists issues fixed in the last four monthly releases of Sophos Endpoint Security and Control 10.2 and known issues in this release.

Go to known issues

Fixed issues

Competitor Removal Tool

Issue ID Description Found in Fixed in
DEF87257 The Sophos Competitor Removal Tool integrated with Sophos Endpoint Security and Control (iCRT) cannot uninstall the anti-virus software ESET NOD32 (x64) 4.0.474.0. iCRT 2.10.1 10.2.7, April 2013

Device Control

Issue ID Description Found in Fixed in
DEF83773 Sophos Device Control generates multiple alerts in Enterprise Console for a single device every time it is plugged in. 10.2.7, April 2013

Sophos Anti-Virus

Issue ID Description Found in Fixed in
DEF89597 The Sophos Anti-Virus driver installation fails if the RunOnce system registry key is missing. 10.2.7 10.2.8, June 2013
DEF87023 Real Player streaming plugin fails to load over an RTSP connection when Download Scanning is enabled. 10.0.10 10.2.8, June 2013
DEF87596 Sophos Anti-Virus doesn't detect threats in all files when certain local security restrictions are set on an endpoint, for example, when access to a file containing a threat is denied to everyone. 10.2.0 10.2.7, April 2013
DEF84231 When Sophos Web Intelligence (SWI) is enabled, some endpoints fail to access the SonicWALL firewall authentication page in Internet Explorer. 10.0 10.2.7, April 2013
DEF81372 Web sites fail to load correctly on some endpoints when Sophos Web Intelligence (SWI) is enabled and an endpoint is connected to the internet through the IPFire firewall. 10.0 10.2.7, April 2013

Sophos Client Firewall

Issue ID Description Found in Fixed in
DEF87118 In an environment with Check Point VPN and Sophos Client Firewall, intermittent issues occur with location awareness, where the location fails to change to "both" and remains set to "secondary". SCF 2.9.1 10.2.8, June 2013
DEF83937 During upgrade from Sophos Client Firewall 2.5 to Sophos Client Firewall 2.9, the Sophos Client Firewall 2.5 driver is not disabled, resulting in a loss of network connectivity on network computers. SCF 2.9 10.2.8, June 2013
SUG79550 The firewall installer process should be modified to roll back the installation should any part of the firewall installation be detected to fail, as an incomplete installation can in some cases affect TCP/IP communication on the target PC. SCF 2.9.0 10.2.8, June 2013
DEF78179 Messaging between the Sophos Client Firewall processes should have tighter security. 10.0 10.2.8, June 2013
DEF73491 Location awareness issue in combination with Device Control. When a laptop with Sophos Client Firewall and Device Control option Block bridged enabled is undocked and switches from an Ethernet connection to a wireless connection, the firewall location remains set to "primary" until the laptop is docked, connected to an Ethernet network, and the wireless adapter is disabled. Then the location switches to "secondary" location. DNS timeouts occur in the trace logs. 10.0 10.2.8, June 2013

Known issues

Competitor Removal Tool

Issue ID Description Found in
DEF87203 The Sophos Competitor Removal Tool does not restore the registry keys for VBScript, WScript and Java when removing McAfee Security as a Service 5.4. Workaround: Remove the software using Add/Remove Programs in Control Panel before installing Sophos Endpoint Security and Control. iCRT 2.10.1
DEF84842 The Sophos Competitor Removal Tool fails to remove Norton Internet Security 2010 (version 17.x). Workaround: Remove the software using Add/Remove Programs in Control Panel before installing Sophos Endpoint Security and Control. 10.2.0

Data Control

Issue ID Description Found in
DEF79180 Files that breach a data control rule can still be transferred to a Windows 8 storage pool. 10.2.0

Installation

Issue ID Description Found in
DEF84838 It is not possible to protect Windows 8 or Windows Server 2012 computers that are in a workgroup from Sophos Enterprise Console 5.1 or later running on Windows Server 2008 or later.

For more information and instructions on how to enable deployment, see http://www.sophos.com/en-us/support/knowledgebase/118354.aspx.

10.2.0

Sophos Anti-Virus

Issue ID Description Found in
DEF88664 SAVProxy.exe fails on a Citrix XenApp server (fixed in version 10.3.0). 9.7.7
DEF85118 If you use the Internet Explorer 10 Windows 8 Modern UI application to access a malicious HTTPS website, Sophos Anti-Virus displays a balloon notification instead of a toast. This means that you do not see the notification until you view the desktop. 10.2.0
DEF84420 If you use a browser's Windows 8 Modern UI application to access a malicious website, and you click the toast that Sophos Anti-Virus displays, the browser is minimized and the desktop is displayed instead. To switch back to the browser, press Alt+Tab. 10.2.0
DEF83463 Although Sophos Anti-Virus can now scan files that are locked during an on-demand scan, it cannot perform cleanup successfully. 10.2.0
DEF79726 If you use the Internet Explorer 10 Windows 8 Modern UI application, Sophos web protection does not stop you from accessing malicious websites. 10.2.0
DEF79482 iSCSI mount points cannot be excluded from on-access scanning. 9.7.7
- Sophos web protection and web control use a Layered Service Provider (LSP) to intercept network traffic. If web protection or web control is turned on while an incompatible third-party LSP is running, system instability can occur. Therefore, if a third-party LSP that is known to be incompatible is already installed on the computer, the Sophos LSP is not installed. For more information, see http://www.sophos.com/en-us/support/knowledgebase/116241.aspx. 10.0

Sophos AutoUpdate

Issue ID Description Found in
WKI64768 AutoUpdate does not support updating through proxies that use WDigest authentication. However, AutoUpdate does support normal digest authentication. For more information, see http://www.sophos.com/en-us/support/knowledgebase/112633.aspx. SAU 2.5.8

Web Control

Issue ID Description Found in
DEF79725 If you use the Internet Explorer 10 Windows 8 Modern UI application, Sophos web control does not stop you accessing websites that conflict with the Inappropriate Website Control policy categories. 10.2.0

Additional information

  • Support for Windows 8 and Windows Server 2012
    • On Windows 8, Endpoint Security and Control uses toast notifications instead of balloon notifications to display messages on screen.
    • On Windows 8, if you specify a user-defined message to be displayed in desktop messages, it is not displayed in toasts. For more information, see http://www.sophos.com/en-us/support/knowledgebase/118233.aspx.
    • On Windows 8, if Sophos Anti-Virus cleans up a threat that affects a Windows Store app, it marks the app as tampered with. This causes Windows to offer the user the ability to re-download and re-install the app.
    • Rootkit scanning is not supported on REFS file systems on Windows Server 2012. If the user attempts a rootkit scan on this file system, a message will be logged in the SAV log telling them that rootkit scanning is not supported.
  • Application Control

    When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer.

  • Device Control

    Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.

  • Sophos Client Firewall
    • Sophos Client Firewall does not support the "mobile broadband" driver model in Windows version 7.
    • When you install Sophos Client Firewall, all network adapters are temporarily disconnected. This results in network connections being unavailable for up to 20 seconds and the disconnection of networked applications such as Microsoft Remote Desktop.
    • When the log is displayed in a view that auto-refreshes (such as Allowed connections), the view stops refreshing if the service is under a heavy load. After changing to a different view and then back again, auto-refreshing works normally.
  • Unsupported scenarios
    • Endpoint Security and Control standalone installations do not support Windows Server Core.
    • Endpoint Security and Control managed and standalone installations do not support Windows Server Core Hyper-V.
    • On Windows 2000 systems running Internet Explorer 5 or 6, Web protection allows access to blocked sites via Windows Explorer.
  • Shared Windows components

    When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:

    Sophos software Shared Windows component
    Name Filenames Versions Date of inclusion with Sophos software
    Sophos Anti-Virus Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
    msxml4r.dll 4.30.2100.0 September 2009
    ATL Library ATL80.dll 8.0.50727.4053 June 2007
    Microsoft Visual C/C++ Runtime Libraries msvcm80.dll 8.0.50727.4053 June 2007
    msvcp80.dll 8.0.50727.4053 June 2007
    msvcr80.dll 8.0.50727.4053 June 2007
    Sophos AutoUpdate Windows Installer msi.dll 2.0.2600.2 November 2003
    msiexec.exe 2.0.2600.2 November 2003
    msihnd.dll 2.0.2600.2 November 2003
    msimain.sdb N/a November 2003
    msimsg.dll 2.0.2600.2 November 2003
    msisip.dll 2.0.2600.2 November 2003
    msls31.dll 3.10.337.0 November 2003
    mspatcha.dll 5.1.2600.0 November 2003
    riched20.dll 5.30.23.1200 November 2003
    sdbapiU.dll 1.0.0.1 November 2003
    shfolder.dll 5.0.2919.20 November 2003
    usp10.dll 1.325.2180.1 November 2003
    Sophos Client Firewall Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
    msxml4r.dll 4.30.2100.0 September 2009
    Microsoft Visual C/C++ Runtime Libraries msvcm80.dll 8.0.50727.4053 March 2010
    msvcp80.dll 8.0.50727.4053 March 2010
    msvcr80.dll 8.0.50727.4053 March 2010

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2011–2013 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.