Sophos Endpoint Security and Control release notes

Maintenance phase

Endpoint Security and Control version 9.5 is now in its Maintenance phase. Although we still support it, and update the threat detection engine and threat data monthly, feature development has ended. To check the Retirement date, go to http://www.sophos.com/en-us/support/retirements.aspx.

You can upgrade to version 10.

Version numbers

Sophos Anti-Virus 9.5.7
Sophos Client Firewall 2.5.0
Sophos AutoUpdate 2.5.13

To identify the threat detection engine version and the threat data version:

  1. Open Endpoint Security and Control.
  2. In the left-hand pane, under Help and information, click View product information.
  3. Under Anti-virus and HIPS, click Software.
Note: Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.

New in this release

  • The threat detection engine and threat data have been updated.

Fixed issues

  • (DEF85900) The Address Space Layout Randomization (ASLR) flag /DYNAMICBASE is not set on Sophos binaries, in particular those loaded in non-Sophos processes.
  • (DEF85524) Cross site scripting (XSS) vulnerability when Sophos Browser Helper Object (BHO) blocks malicious web content.

Known issues

The list below includes issues known at the time of release. For an up-to-date list, including issues found after release, see http://www.sophos.com/en-us/support/knowledgebase/110579.aspx.

Standalone installer

  • (CR26760) Sophos Client Firewall installation unexpectedly fails if run from a Windows Installer (.msi) package on Vista with User Access Control enabled.

Sophos Anti-Virus

  • Web protection uses an LSP (Layered Service Provider) to facilitate URL lookups. When Web protection is enabled alongside an incompatible LSP, system instability can occur. When a known incompatible LSP is already installed on the computer, the Sophos LSP is not installed. For more information, see http://www.sophos.com/en-us/support/knowledgebase/111203.aspx.

  • (DEF59971) Web protection generates log messages with obscure reference IDs, for example: "Blocked web request to "www.example.com" for user PC123\Tim. 'Mal/HTMLGen-A' has been found at this website, reference ID 19." There is currently no accessible key for these ID numbers.
  • (DEF57112) On-access scanning is disabled when you downgrade from Sophos Endpoint Security and Control 9.5, if the following apply:
    • You have previously had Sophos Anti-Virus 6 or earlier installed on the computer.
    • You have upgraded to SESC 9.5.
    • You try to downgrade to SESC 9.X or earlier.

    You will see an error message and your computer may not be protected against malware. The solution is to delete the registry key values below and then restart the SAV Service.

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0000 to SAV-NNNN

    (where NNNN is the last key).

  • (DEF56055) If you manually change the DNS list using Control Panel, Sophos Live Protection stops working. To work around this problem, restart the Sophos Anti-Virus service.
  • (WKI55631) Web protection does not support Windows XP Service Pack 1 and Windows 2000 Service Pack 3. To work around this problem, install the latest service pack for the operating system.
  • (DEF20694) When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer.
  • (DEF18144, DEF16510) There are known issues for web content scanning with some browser extensions (for example, with Google Gears and RealPlayer 11 Download and Record). You should disable these browser extensions.

Sophos Device Control

  • (DEF39454) On Windows Vista, if a non-administrator user inserts a device that would be blocked by Sophos Device Control, they may be asked to enter administrator credentials. The user will not be allowed access to the device, whether they enter credentials or not. However, if they do not enter administrator credentials, an alert is not sent to the management console.

Sophos Client Firewall

  • (DEF61237) When Sophos Endpoint Security and Control is upgraded to version 9.5, Sophos Client Firewall may display a message requesting network access for the hidden process SAVProxy.exe launched by %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe. To work around this problem, allow all hidden processes launched by ALMon.exe to access the network, and then restart the computer.
  • (DEF59219) If you try to add a checksum for some system applications in the System32 folder using the Firewall configuration dialog box, a checksum for the equivalent file in the SysWOW64 folder is added instead. You can, however, add both of these checksums in interactive mode.
  • (WKI55953) When you install Sophos Client Firewall, all network adapters are temporarily disconnected. This results in network connections being unavailable for up to 20 seconds and the disconnection of networked applications such as Microsoft Remote Desktop.
  • (WKI32813) Sophos Client Firewall reports Internet Explorer 8 as a hidden process. For more information see http://www.sophos.com/en-us/support/knowledgebase/54899.aspx.
  • (DEF18752) On Windows XP running Sophos Client Firewall and VMware, virtual machines might not be able to access the network. For more information, see http://www.sophos.com/en-us/support/knowledgebase/15434.aspx.
  • (DEF53171) Sophos Client Firewall does not support the “mobile broadband” driver model in Windows version 7.
  • (DEF16039) Sophos Client Firewall occasionally blocks some trusted applications.
  • (CR27434) When rules in the configuration editor are changed, packets of traffic that should not be affected by the modified rules may briefly be blocked while the rules are updating. This will occur only very briefly, but may be noticeable if alerts are being sent to the management console.
  • (CR27073) IPv6 addresses/interfaces in the log of traffic are not logged in IPv6 format.
  • (CR26950) It is not possible to navigate using the TAB key after adding and deleting an application in the upper area of the Processes tab.
  • (CR26248) When the log is displayed in a view that auto-refreshes (such as Allowed connections), the view stops refreshing if the service is under a heavy load. After changing to a different view and then back again, auto-refreshing works normally.
  • (CR25569) Although rules blocking IPv6 traffic block traffic that approaches or leaves the machine, they do not block loopback IPv6 traffic.

Additional information

  • On Windows 2000 systems running Internet Explorer 5 or 6, Web protection allows access to blocked sites via Windows Explorer.
  • Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.
  • Endpoint Security and Control standalone installations do not support Windows Server Core.
  • Endpoint Security and Control managed and standalone installations do not support Windows Server Core Hyper-V.
  • Shared Windows components

    When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:

    Sophos software Shared Windows component
    Name Filenames Versions Date of inclusion with Sophos software
    Sophos Anti-Virus Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
    msxml4r.dll 4.30.2100.0 September 2009
    ATL Library ATL80.dll 8.0.50727.4053 June 2007
    Microsoft Visual C/C++ Runtime Libraries msvcm80.dll 8.0.50727.4053 June 2007
    msvcp80.dll 8.0.50727.4053 June 2007
    msvcr80.dll 8.0.50727.4053 June 2007
    Sophos AutoUpdate Windows Installer msi.dll 2.0.2600.2 November 2003
    msiexec.exe 2.0.2600.2 November 2003
    msihnd.dll 2.0.2600.2 November 2003
    msimain.sdb N/a November 2003
    msimsg.dll 2.0.2600.2 November 2003
    msisip.dll 2.0.2600.2 November 2003
    msls31.dll 3.10.337.0 November 2003
    mspatcha.dll 5.1.2600.0 November 2003
    riched20.dll 5.30.23.1200 November 2003
    sdbapiU.dll 1.0.0.1 November 2003
    shfolder.dll 5.0.2919.20 November 2003
    usp10.dll 1.325.2180.1 November 2003
    Sophos Client Firewall Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
    msxml4r.dll 4.30.2100.0 September 2009
    Microsoft Visual C/C++ Runtime Libraries msvcm80.dll 8.0.50727.4053 March 2010
    msvcp80.dll 8.0.50727.4053 March 2010
    msvcr80.dll 8.0.50727.4053 March 2010

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2009–2013 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

Common Public License

The Sophos software that is referenced in this document includes or may include some software programs that are licensed (or sublicensed) to the user under the Common Public License (CPL), which, among other rights, permits the user to have access to the source code. The CPL requires for any software licensed under the terms of the CPL, which is distributed in object code form, that the source code for such software also be made available to the users of the object code form. For any such software covered under the CPL, the source code is available via mail order by submitting a request to Sophos; via email to support@sophos.com or via the web at http://www.sophos.com/en-us/support/contact-support/contact-information.aspx. A copy of the license agreement for any such included software can be found at http://opensource.org/licenses/cpl1.0.php

ConvertUTF

Copyright 2001–2004 Unicode, Inc.

This source code is provided as is by Unicode, Inc. No claims are made as to fitness for any particular purpose. No warranties of any kind are expressed or implied. The recipient agrees to determine applicability of information provided. If this file has been purchased on magnetic or optical media from Unicode, Inc., the sole remedy for any claim will be exchange of defective media within 90 days of receipt.

Unicode, Inc. hereby grants the right to freely use the information supplied in this file in the creation of products supporting the Unicode Standard, and to make copies of this file in any form for internal or external distribution as long as this notice remains attached.

dtoa.c

The author of this software is David M. Gay.

Copyright © 1991, 2000 by Lucent Technologies.

Permission to use, copy, modify, and distribute this software for any purpose without fee is hereby granted, provided that this entire notice is included in all copies of any software which is or includes a copy or modification of this software and in all copies of the supporting documentation for such software.

THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED WARRANTY. IN PARTICULAR, NEITHER THE AUTHOR NOR LUCENT MAKES ANY REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.

Info-ZIP

Copyright © 1990–2005 Info-ZIP. All rights reserved.

For the purposes of this copyright and license, “Info-ZIP” is defined as the following set of individuals:

Mark Adler, John Bush, Karl Davis, Harald Denker, Jean-Michel Dubois, Jean-loup Gailly, Hunter Goatley, Ed Gordon, Ian Gorman, Chris Herborth, Dirk Haase, Greg Hartwig, Robert Heath, Jonathan Hudson, Paul Kienitz, David Kirschbaum, Johnny Lee, Onno van der Linden, Igor Mandrichenko, Steve P. Miller, Sergio Monesi, Keith Owens, George Petrov, Greg Roelofs, Kai Uwe Rommel, Steve Salisbury, Dave Smith, Steven M. Schweda, Christian Spieler, Cosmin Truta, Antoine Verheijen, Paul von Behren, Rich Wales, Mike White

This software is provided “as is,” without warranty of any kind, express or implied. In no event shall Info-ZIP or its contributors be held liable for any direct, indirect, incidental, special or consequential damages arising out of the use of or inability to use this software.

Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:

  1. Redistributions of source code must retain the above copyright notice, definition, disclaimer, and this list of conditions.
  2. Redistributions in binary form (compiled executables) must reproduce the above copyright notice, definition, disclaimer, and this list of conditions in documentation and/or other materials provided with the distribution. The sole exception to this condition is redistribution of a standard UnZipSFX binary (including SFXWiz) as part of a self-extracting archive; that is permitted without inclusion of this license, as long as the normal SFX banner has not been removed from the binary or disabled.
  3. Altered versions—including, but not limited to, ports to new operating systems, existing ports with new graphical interfaces, and dynamic, shared, or static library versions—must be plainly marked as such and must not be misrepresented as being the original source. Such altered versions also must not be misrepresented as being Info-ZIP releases—including, but not limited to, labeling of the altered versions with the names “Info- ZIP” (or any variation thereof, including, but not limited to, different capitalizations), “Pocket UnZip,” “WiZ” or “MacZip” without the explicit permission of Info-ZIP. Such altered versions are further prohibited from misrepresentative use of the Zip-Bugs or Info-ZIP e-mail addresses or of the Info-ZIP URL(s).
  4. Info-ZIP retains the right to use the names “Info-ZIP,” “Zip,” “UnZip,” “UnZipSFX,” “WiZ,” “Pocket UnZip,” “Pocket Zip,” and “MacZip” for its own source and binary releases.

mt19937ar.c

Copyright (c) 1997–2002 Makoto Matsumoto and Takuji Nishimura. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. The names of its contributors may not be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

OpenSSL cryptographic toolkit

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL license

Copyright © 1998–2011 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. All advertising materials mentioning features or use of this software must display the following acknowledgment:

    “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)”

  4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.
  5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.
  6. Redistributions of any form whatsoever must retain the following acknowledgment:

    “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)”

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS” AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay license

Copyright © 1995–1998 Eric Young (eay@cryptsoft.com) All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscape’s SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young’s, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

    “This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)”

    The word “cryptographic” can be left out if the routines from the library being used are not cryptographic related :-).

  4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement:

    “This product includes software written by Tim Hudson (tjh@cryptsoft.com)”

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License.]

Simple ECMAScript Engine

Copyright © 2003, 2004, 2005, 2006, 2007 David Leonard. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. Neither the name of David Leonard nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

strcasestr.c

Copyright © 1990, 1993 The Regents of the University of California. All rights reserved.

This code is derived from software contributed to Berkeley by Chris Torek.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

UnRAR

The source code of UnRAR utility is freeware. This means:

  1. All copyrights to RAR and the utility UnRAR are exclusively owned by the author - Alexander Roshal.
  2. The UnRAR sources may be used in any software to handle RAR archives without limitations free of charge, but cannot be used to re-create the RAR compression algorithm, which is proprietary. Distribution of modified UnRAR sources in separate form or as a part of other software is permitted, provided that it is clearly stated in the documentation and source comments that the code may not be used to develop a RAR (WinRAR) compatible archiver.
  3. The UnRAR utility may be freely distributed. It is allowed to distribute UnRAR inside of other software packages.
  4. THE RAR ARCHIVER AND THE UnRAR UTILITY ARE DISTRIBUTED “AS IS”. NO WARRANTY OF ANY KIND IS EXPRESSED OR IMPLIED. YOU USE AT YOUR OWN RISK. THE AUTHOR WILL NOT BE LIABLE FOR DATA LOSS, DAMAGES, LOSS OF PROFITS OR ANY OTHER KIND OF LOSS WHILE USING OR MISUSING THIS SOFTWARE.
  5. Installing and using the UnRAR utility signifies acceptance of these terms and conditions of the license.
  6. If you don’t agree with terms of the license you must remove UnRAR files from your storage devices and cease to use the utility.

Thank you for your interest in RAR and UnRAR.

Alexander L. Roshal