Sophos Endpoint Security and Control 10.0.12 release notes

April 2014

Maintenance phase

Endpoint Security and Control version 10.0 is now in its Maintenance phase. Although we still support it, and update the threat detection engine and threat data monthly, feature development has ended. To check the Retirement date, go to

You can upgrade to version 10.3.

Version numbers

Sophos Anti-Virus (SAV) 10.0.12
Sophos Client Firewall (SCF) 2.9.1
Sophos AutoUpdate (SAU) 3.1.1

To identify the threat detection engine version and the threat data version:

  1. Open Endpoint Security and Control.
  2. In the left-hand pane, under Help and information, click View product information.
  3. Under Anti-virus and HIPS, click Software.
Note: Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.

What's new

  • The threat detection engine and threat data have been updated.
  • Fixed: Vulnerability in Microsoft Detours software used in Sophos Anti-Virus (DEF93356).

Known issues

Some of the known issues in this release have been fixed in later versions of Sophos Endpoint Security and Control. For a list of the latest fixed issues, see the release notes for later releases of Sophos Endpoint Security and Control, which are available at

Sophos Anti-Virus

Issue ID Description Found in Fixed in
DEF84125 In the Spanish version, the Endpoint Security and Control Help contains some links that are in English. 10.0 10.2.0
DEF84016 In the Italian version, the links to the Sophos website, security information and technical support go to English webpages. 10.0 10.2.2
DEF83635 The web protection LSP is incompatible with the LSP that is used by Microsoft Intelligent Application Gateway. To resolve this, the web protection LSP is not installed. 10.0 10.2.1
DEF83548 On Windows Vista or later, some websites take a long time to load with the "Sophos Web Intelligence Service" service running. 10.0 10.2.1
DEF83496 The "Sophos Anti-Virus" service can be deadlocked if the on-access scanning checksum file is locked. 10.0.6 10.2.1
DEF82646 Each time that the "Sophos Anti-Virus" service is restarted, Visual Studio 2010 rebuilds all projects. 10.0 10.2.1
DEF81600 The Sophos Anti-Virus log repeatedly shows that the file C:\Documents and Settings\All Users\Application Data\Sophos\Web Control\Activity\current could not be accessed during an on-demand scan. 10.0 10.2.0
DEF80504 The process ALMon can terminate unexpectedly if a desktop message is displayed when Sophos Anti-Virus starts to update itself. 10.0.4 10.2.1
DEF79482 iSCSI mount points cannot be excluded from on-access scanning. 9.7.7 10.2.5
DEF56055 If you manually change the DNS list using Control Panel, Sophos Live Protection stops working. To work around this problem, restart the Sophos Anti-Virus service. 9.5
- Sophos web protection and web control use a Layered Service Provider (LSP) to intercept network traffic. If web protection or web control is turned on while an incompatible third-party LSP is running, system instability can occur. Therefore, if a third-party LSP that is known to be incompatible is already installed on the computer, the Sophos LSP is not installed. For more information, see 10.0

Sophos AutoUpdate

Issue ID Description Found in Fixed in
DEF83871 After upgrading Sophos Anti-Virus, an unexpected reboot request sometimes appears in Sophos Enterprise Console. SAU 2.7.4 10.2.2
DEF82722 On Windows Server 2008 Core, updating of Endpoint Security and Control takes a long time. 10.0 10.2.0
DEF75436 Sophos AutoUpdate installer stops Windows Indexing Service when excluding the AutoUpdate Cache folder from indexing for Windows Search. SAU 2.6.0 10.2.2
WKI64768 AutoUpdate does not support updating through proxies that use WDigest authentication. However, AutoUpdate does support normal digest authentication. For more information, see SAU 2.5.8

Web Control

Issue ID Description Found in Fixed in
DEF83522 Inappropriate Website Control allows adult content to be loaded in some circumstances. 10.0 10.2.1
DEF82585 Full Web Control stops images in an iGoogle gadget from being displayed. 10.0 10.2.1
DEF81690 Rules in the Full Web Control policy that check for Group fail in some circumstances. 10.0 10.2.1

Additional information

  • Support for Windows 8 and Windows Server 2012

    Endpoint Security and Control 10.0 does not support Windows 8 or Windows Server 2012. Version 10.3 does support Windows 8 and Windows Server 2012.

  • Application Control

    When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer.

  • Device Control

    Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.

  • Sophos Client Firewall
    • Sophos Client Firewall does not support the "mobile broadband" driver model in Windows version 7.
    • When you install Sophos Client Firewall, all network adapters are temporarily disconnected. This results in network connections being unavailable for up to 20 seconds and the disconnection of networked applications such as Microsoft Remote Desktop.
    • When the log is displayed in a view that auto-refreshes (such as Allowed connections), the view stops refreshing if the service is under a heavy load. After changing to a different view and then back again, auto-refreshing works normally.
  • Unsupported scenarios
    • Endpoint Security and Control standalone installations do not support Windows Server Core.
    • Endpoint Security and Control managed and standalone installations do not support Windows Server Core Hyper-V.
    • On Windows 2000 systems running Internet Explorer 5 or 6, Web protection allows access to blocked sites via Windows Explorer.
  • Shared Windows components

    When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:

    Sophos software Shared Windows component
    Name Filenames Versions Date of inclusion with Sophos software
    Sophos Anti-Virus Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
    msxml4r.dll 4.30.2100.0 September 2009
    ATL Library ATL80.dll 8.0.50727.4053 June 2007
    Microsoft Visual C/C++ Runtime Libraries msvcm80.dll 8.0.50727.4053 June 2007
    msvcp80.dll 8.0.50727.4053 June 2007
    msvcr80.dll 8.0.50727.4053 June 2007
    Sophos AutoUpdate Windows Installer msi.dll 2.0.2600.2 November 2003
    msiexec.exe 2.0.2600.2 November 2003
    msihnd.dll 2.0.2600.2 November 2003
    msimain.sdb N/a November 2003
    msimsg.dll 2.0.2600.2 November 2003
    msisip.dll 2.0.2600.2 November 2003
    msls31.dll 3.10.337.0 November 2003
    mspatcha.dll 5.1.2600.0 November 2003
    riched20.dll November 2003
    sdbapiU.dll November 2003
    shfolder.dll 5.0.2919.20 November 2003
    usp10.dll 1.325.2180.1 November 2003
    Sophos Client Firewall Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
    msxml4r.dll 4.30.2100.0 September 2009
    Microsoft Visual C/C++ Runtime Libraries msvcm80.dll 8.0.50727.4053 March 2010
    msvcp80.dll 8.0.50727.4053 March 2010
    msvcr80.dll 8.0.50727.4053 March 2010

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2011–2014 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.