Sophos Endpoint Security and Control release notes

Version numbers

Sophos Anti-Virus 9.0.0.9055
Threat detection engine 3.00.0
Threat data 4.46, October 2009
Sophos Client Firewall 2.0.0
Sophos AutoUpdate 2.5.1

New in this version

Note: Some of the features mentioned in these release notes are only available on managed computers or if you have an Endpoint Security and Control license.
  • Support for new and upcoming platforms

    Sophos Endpoint Security and Control supports the new and upcoming platforms Windows 7, Windows Server 2008 R2, and Windows Server 2008 Server Core.

  • Unified interface

    Sophos Endpoint Security and Control provides a single system tray icon and user interface for anti-virus, client firewall, and other security options.

  • Device control

    Sophos Endpoint Security and Control manages the connection of unauthorized storage devices and network interfaces.

    Note: This feature must be configured from Sophos Enterprise Console.
  • Data control

    Sophos Endpoint Security and Control scans for sensitive data being transferred to removable storage devices or uploaded to monitored applications (for example, web browsers and instant messaging clients).

    Note: This feature must be configured from Sophos Enterprise Console.
  • Firewall location awareness

    Sophos Client Firewall can be configured for two different types of location.

  • Allow traffic by default

    To make rule creation simpler, Sophos Client Firewall can be deployed with a policy to allow all unknown traffic and create events.

  • Hidden process detection

    An additional configuration option has been added to Sophos Client Firewall to modify the state of hidden processes detection.

Known problems

The list below includes problems known at the time of release. For an up-to-date list, including problems found after release, see http://www.sophos.com/support/knowledgebase/article/63214.html.

Standalone installer

  • (CR 26760) Sophos Client Firewall installation unexpectedly fails if run from an .msi file on Vista with User Access Control enabled.

Sophos Anti-Virus

  • (DEF 18144, DEF 16510) There are known issues for web content scanning with some browser extensions (for example, with Google Gears and RealPlayer 11 Download and Record). You should disable these browser extensions. For information on how to do this, see http://www.sophos.com/support/knowledgebase/article/36142.html.
  • (DEF 20694) When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer.

Sophos Device Control

  • (DEF 39454) On Windows Vista, if a non-administrator user inserts a device that would be blocked by Sophos Device Control, they may be asked to enter administrator credentials. The user will not be allowed access to the device, whether they enter credentials or not. However, if they do not enter administrator credentials, an alert is not sent to the management console.

Sophos Client Firewall

  • (QUE 32813) Sophos Client Firewall reports Internet Explorer 8 as a hidden process.
  • (CR 27434) When rules in the configuration editor are changed, packets of traffic that should not be affected by the modified rules may briefly be blocked while the rules are updating. This will occur only very briefly, but may be noticeable if alerts are being sent to the management console.
  • (CR 27073) IPv6 addresses/interfaces in the log of traffic are not logged in IPv6 format.
  • (CR 26950) It is not possible to navigate using the TAB key after adding and deleting an application in the upper area of the Processes tab.
  • (CR 26248) When the log is displayed in a view that auto-refreshes (such as Allowed connections), the view stops refreshing if the service is under a heavy load. After changing to a different view and then back again, auto-refreshing works normally.
  • (CR 25569) Although rules blocking IPv6 traffic block traffic that approaches or leaves the machine, they do not block loopback IPv6 traffic.

Additional information

  • Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.
  • Shared Windows components

    When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:

    Sophos software Shared Windows component
    Name Filenames Versions Date of inclusion with Sophos software
    Sophos Anti-Virus Microsoft XML Core Services msxml4.dll 4.20.9818.0 March 2007
    Sophos AutoUpdate Windows Installer msi.dll 2.0.2600.2 November 2003
    msiexec.exe 2.0.2600.2 November 2003
    msihnd.dll 2.0.2600.2 November 2003
    msimain.sdb N/a November 2003
    msimsg.dll 2.0.2600.2 November 2003
    msisip.dll 2.0.2600.2 November 2003
    msls31.dll 3.10.337.0 November 2003
    mspatcha.dll 5.1.2600.0 November 2003
    riched20.dll 5.30.23.1200 November 2003
    sdbapiU.dll 1.0.0.1 November 2003
    shfolder.dll 5.0.2919.20 November 2003
    usp10.dll 1.325.2180.1 November 2003
    Sophos Client Firewall Microsoft XML Core Services msxml4.dll 4.10.9404.0 April 2008
    msxml4a.dll 4.10.9404.0 April 2008
    msxml4r.dll 4.10.9404.0 April 2008
    Sophos Network Access Control Agent Microsoft CRT msvcrt.dll 6.0.8797.0 April 2008
    Microsoft Visual C++ CRT (x86) msvcm80.dll 8.0.50727.762 April 2008
    msvcp80.dll 8.0.50727.762 April 2008
    msvcr80.dll 8.0.50727.762 April 2008
    Microsoft XML Core Services msxml4.dll 4.10.9404.0 April 2008
    msxml4a.dll 4.10.9404.0 April 2008
    msxml4r.dll 4.10.9404.0 April 2008

Technical support

For technical support, visit http://www.sophos.com/support.

If you contact technical support, provide as much information as possible, including the following:

  • Sophos software version number(s)
  • Operating system(s) and patch level(s)
  • The exact text of any error messages

Copyright

Copyright © 2009 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Plc and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

The Sophos software that is described in this document includes or may include some software programs that are licensed (or sublicensed) to the user under the Common Public License (CPL), which, among other rights, permits the user to have access to the source code. The CPL requires for any software licensed under the terms of the CPL, which is distributed in object code form, that the source code for such software also be made available to the users of the object code form. For any such software covered under the CPL, the source code is available via mail order by submitting a request to Sophos; via email to support@sophos.com or via the web at http://www.sophos.com/support/queries/enterprise.html. A copy of the license agreement for any such included software can be found at http://opensource.org/licenses/cpl1.0.php