Sophos Anti-Virus for Windows 2000 or later release notes

Version numbers

Component Version
Sophos Anti-Virus 7.6.9
Threat detection engine 2.88.0
Threat data 4.43, July 2009

New in this version


  • This version includes a fix for the following problem:

    (DEF 38380) If you install Sophos Anti-Virus on Windows Vista 64 bit, it is not registered with Windows Security Center.

  • Sophos AutoUpdate version 2.2.9

    (DEF 23751) This version of AutoUpdate includes a fix for a problem on Windows 2008 Server. Previously, if you made certain configuration changes, they had no effect.

  • The threat detection engine and threat data have been updated.

Known problems


  • (DEF 18144 and DEF 16510) Web page scanning is not compatible with Google Gears add-ons or the RealPlayer version 11 Download and Record add-on. You must disable these add-ons as explained in Sophos support knowledgebase article 36142.

  • (DEF 17535) In Sophos Enterprise Console version 3.0, device control error messages display error numbers rather than error messages. For a full list of the error numbers and their meaning, see Sophos support knowledgebase article 35958.

    This problem is fixed in Enterprise Console 3.1.

  • (DEF 20165) If a policy is applied that specifies that CD-ROM/DVD drives are to be blocked, certain virtual CD emulators are blocked as well. For more information, see Sophos support knowledgebase article 36801.
  • (DEF 19251) Blocked Bluetooth devices might generate multiple alerts on the workstation and Sophos Enterprise Console. For more information, see Sophos support knowledgebase article 35927.
  • (DEF 17697) On Windows 2000/XP/2003, Sophos Anti-Virus logs invalid device names and filenames for devices that have a name that is longer than 254 characters.
  • (CR 28114) When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer.
  • (CR 27792) Controlled applications that are installed on the computer can appear in Quarantine manager regardless of whether they have been run by a user. This is caused by Windows Explorer performing a file-open action on the application when it displays lists of files.
  • (CR 26836) Desktop messages that report detection or blocking of threats or suspicious behavior can close without user interaction.
  • (CR 22440) The Sophos Anti-Virus system tray icon may not be displayed. In this case, the ability to display desktop messages may be lost until the icon is redisplayed, although Sophos Anti-Virus does continue to detect threats. To redisplay the icon, on the taskbar, click Start, point to Programs, point to Startup, and then click AutoUpdate Monitor.
  • (CR 25838) Files that trigger suspicious file, suspicious behavior, or buffer overflow detections appear on all Authorization manager tabs, instead of just the relevant tab.
  • (CR 25629) If there has been a previous Windows installation, the Scan my computer progress dialog box can display 99% completed for a long time.
  • (CR 24675) If the Detect but allow to run check box is selected in the Enterprise Console application control policy, the Sophos Anti-Virus log may display multiple entries for a single detected application.
  • (CR 26129) When scanning offline storage folders using a right-click scan, with on-access scanning enabled, some threats are not reported to the user.

Additional information


  • (WKI 19039) Sophos Anti-Virus does not block removable storage devices that are used as system drives. Blocking of such devices typically destabilizes the operating system.

  • Shared Windows components

    When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:

    Sophos software Shared Windows component
    Name Filenames Versions Date of inclusion with Sophos software
    Sophos Anti-Virus Microsoft XML Core Services msxml4.dll 4.20.9818.0 March 2007
    Sophos AutoUpdate Windows Installer msi.dll 2.0.2600.2 November 2003
    msiexec.exe 2.0.2600.2 November 2003
    msihnd.dll 2.0.2600.2 November 2003
    msimain.sdb N/a November 2003
    msimsg.dll 2.0.2600.2 November 2003
    msisip.dll 2.0.2600.2 November 2003
    msls31.dll 3.10.337.0 November 2003
    mspatcha.dll 5.1.2600.0 November 2003
    riched20.dll 5.30.23.1200 November 2003
    sdbapiU.dll 1.0.0.1 November 2003
    shfolder.dll 5.0.2919.20 November 2003
    usp10.dll 1.325.2180.1 November 2003
    Sophos Client Firewall Microsoft XML Core Services msxml4.dll 4.10.9404.0 April 2008
    msxml4a.dll 4.10.9404.0 April 2008
    msxml4r.dll 4.10.9404.0 April 2008
    Sophos Network Access Control Agent Microsoft CRT msvcrt.dll 6.0.8797.0 April 2008
    Microsoft Visual C++ CRT (x86) msvcm80.dll 8.0.50727.762 April 2008
    msvcp80.dll 8.0.50727.762 April 2008
    msvcr80.dll 8.0.50727.762 April 2008
    Microsoft XML Core Services msxml4.dll 4.10.9404.0 April 2008
    msxml4a.dll 4.10.9404.0 April 2008
    msxml4r.dll 4.10.9404.0 April 2008

Information from previous versions

7.6.8


  • (SUG 12782) If you install Sophos Anti-Virus on Windows Vista, it is registered with Windows Security Center. This means that from Security Center you can force an update of Sophos Anti-Virus, or enable on-access scanning.
  • (SUG 30832) The threat detection engine can now whitelist key Windows executables. This means an improvement in scanning and computer startup times.

  • This version includes a fix for the following problem:

    (DEF 31822) If you start Internet Explorer version 8, Sophos Anti-Virus does not scan the browser’s home page.

7.6.7


  • This version includes a fix for the following problem:

    (SUG 31194) Sophos Anti-Virus does not offer you the option to clean up multi-component threats that are detected on access. This is the case even if it is possible to perform clean up and if a full computer scan is not needed.

7.6.6


  • This version includes fixes for the following problems:

    (DEF 14436, DEF 26058) If you print files while Sophos buffer overflow detection is turned on, printing is slow.

    (DEF 26720) If an application loads the DLL keylib32.dll while Sophos buffer overflow detection is turned on, the application crashes.

    (DEF 31233) If you configure the on-access scanner to clean up threats automatically and delete items that cannot be cleaned up, and a threat is detected by using an identity that contains cleanup data, items remain in Quarantine manager after the detection.

    (DEF 28931) In certain situations, Sophos Anti-Virus reports that cleanup has failed when it has succeeded.

  • (SUG 31552) This version includes improved logging of cleanup. Sophos Anti-Virus now logs all items that are removed during cleanup.
  • Sophos Remote Management System no longer uses Microsoft XML Core Services.

Technical support

For technical support, visit http://www.sophos.com/support.

If you contact technical support, provide as much information as possible, including the following:


  • Sophos software version number(s)
  • Operating system(s) and patch level(s)
  • The exact text of any error messages

Copyright

Copyright © 2007–2009 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.