Sophos Endpoint Security and Control release notes

Version numbers

Sophos Anti-Virus 10.0.5
Threat detection engine 3.31.20
Threat data 4.78, June 2012
Sophos Client Firewall 2.9.0
Sophos AutoUpdate 2.7.1
Note: Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.

New in this release

  • (WKI80137) On-access scanning for adware and PUAs is now turned on for new managed installations, as well as standalone installations.
  • (SUG80715) The time taken to run full computer scans and custom scans has been reduced, by reducing the time taken to scan for rootkits.
  • The threat detection engine and threat data have been updated.

Fixed issues

Sophos Anti-Virus

  • (DEF78916) Although Sophos Anti-Virus can detect a master boot record infection, it cannot clean it up.

Sophos Data Control

  • (DEF81443) On Windows 7 and possibly Windows Vista, you can bypass data control if you cut and paste a folder to a CD.

Sophos Web Protection and Web Control

  • (DEF79706) RTSP traffic is incompatible with web protection or web control.
  • (DEF80155) With web protection or web control turned on, if you go to www.yahoo.com, the browser displays a page of random characters.
  • (DEF80612) With web protection or web control turned on, if you go to a VPOP website, the pages are not displayed properly.
  • (DEF81052) With web protection turned on, if initialization of the LSP (Layered Service Provider) fails, there is a memory leak in the LSP. This was found to be the cause of an increase in the footprint of a Sophos PureMessage scanning process.
  • (DEF81158) Endpoint Security and Control cannot register with the Sophos Web Appliance if there is no WPAD server available.

Known issues

Standalone installer

  • (CR26760) Sophos Client Firewall installation unexpectedly fails if run from a Windows Installer (.msi) package on Vista with User Access Control enabled.

Sophos Anti-Virus

  • (DEF80504) The process ALMon can terminate unexpectedly if a desktop message is displayed when Sophos Anti-Virus starts to update itself.
  • Web protection uses an LSP (Layered Service Provider) to facilitate URL lookups. When Web protection is enabled alongside an incompatible LSP, system instability can occur. When a known incompatible LSP is already installed on the computer, the Sophos LSP is not installed. For more information, see http://www.sophos.com/support/knowledgebase/article/116241.html.
  • (DEF56055) If you manually change the DNS list using Control Panel, Sophos Live Protection stops working. To work around this problem, restart the Sophos Anti-Virus service.
  • (WKI55631) Web protection does not support Windows XP Service Pack 1 and Windows 2000 Service Pack 3. To work around this problem, install the latest service pack for the operating system.
  • (DEF20694) When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer.

Sophos AutoUpdate

Sophos Client Firewall

  • (WKI55953) When you install Sophos Client Firewall, all network adapters are temporarily disconnected. This results in network connections being unavailable for up to 20 seconds and the disconnection of networked applications such as Microsoft Remote Desktop.
  • (WKI32813) Sophos Client Firewall reports Internet Explorer version 8 and 9 as a hidden process. For more information, see http://www.sophos.com/support/knowledgebase/article/54899.html.
  • (DEF18752) On Windows XP running Sophos Client Firewall and VMware, virtual machines might not be able to access the network. For more information, see http://www.sophos.com/support/knowledgebase/article/15434.html.
  • (DEF53171) Sophos Client Firewall does not support the “mobile broadband” driver model in Windows version 7.
  • (DEF16039) Sophos Client Firewall occasionally blocks some trusted applications.
  • (CR27434) When rules in the configuration editor are changed, packets of traffic that should not be affected by the modified rules may briefly be blocked while the rules are updating. This will occur only very briefly, but may be noticeable if alerts are being sent to the management console.
  • (CR27073) IPv6 traffic is not logged.
  • (CR26248) When the log is displayed in a view that auto-refreshes (such as Allowed connections), the view stops refreshing if the service is under a heavy load. After changing to a different view and then back again, auto-refreshing works normally.
  • (CR25569) Although rules blocking IPv6 traffic block traffic that approaches or leaves the machine, they do not block loopback IPv6 traffic.

Additional information

  • On Windows 2000 systems running Internet Explorer 5 or 6, Web protection allows access to blocked sites via Windows Explorer.
  • Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.
  • Endpoint Security and Control standalone installations do not support Windows Server Core.
  • Endpoint Security and Control managed and standalone installations do not support Windows Server Core Hyper-V.

  • Shared Windows components

    When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:

    Sophos software Shared Windows component
    Name Filenames Versions Date of inclusion with Sophos software
    Sophos Anti-Virus Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
    msxml4r.dll 4.30.2100.0 September 2009
    ATL Library ATL80.dll 8.0.50727.4053 June 2007
    Microsoft Visual C/C++ Runtime Libraries msvcm80.dll 8.0.50727.4053 June 2007
    msvcp80.dll 8.0.50727.4053 June 2007
    msvcr80.dll 8.0.50727.4053 June 2007
    Sophos AutoUpdate Windows Installer msi.dll 2.0.2600.2 November 2003
    msiexec.exe 2.0.2600.2 November 2003
    msihnd.dll 2.0.2600.2 November 2003
    msimain.sdb N/a November 2003
    msimsg.dll 2.0.2600.2 November 2003
    msisip.dll 2.0.2600.2 November 2003
    msls31.dll 3.10.337.0 November 2003
    mspatcha.dll 5.1.2600.0 November 2003
    riched20.dll 5.30.23.1200 November 2003
    sdbapiU.dll 1.0.0.1 November 2003
    shfolder.dll 5.0.2919.20 November 2003
    usp10.dll 1.325.2180.1 November 2003
    Sophos Client Firewall Microsoft XML Core Services msxml4.dll 4.30.2100.0 September 2009
    msxml4r.dll 4.30.2100.0 September 2009
    Microsoft Visual C/C++ Runtime Libraries msvcm80.dll 8.0.50727.4053 March 2010
    msvcp80.dll 8.0.50727.4053 March 2010
    msvcr80.dll 8.0.50727.4053 March 2010

Information from previous releases

May 2012

New in this release

  • The threat detection engine and threat data have been updated.

Fixed issues

  • (DEF77443) Suspicious behavior detection errors in Sophos Anti-Virus logs
  • (DEF75340) Delete and Summary buttons are briefly accessible when a custom scan is in progress
  • (DEF78977) Sophos web protection conflicts with Netop School
  • (DEF76254) On Windows Embedded POSReady 2009, Sophos Anti-Virus does not start
  • (DEF79143) Sophos web protection conflicts with PGP 10.2 Desktop
  • (DEF80237) Sophos web protection stops some HTTPS websites from downloading
  • (SUG79878) Websites in the Authorized websites list do not bypass scanning
  • (DEF62200) Sophos data control interferes with use of IronKey secure removable storage
  • (DEF78335) Nero CD burning stops responding when Sophos device control is set to "Detect but do not block devices"
  • (DEF76100) Sophos web control sometimes uploads empty logs to Sophos Web Appliance

April 2012

New in this release

  • The threat detection engine and threat data have been updated.

Fixed issues

  • (DEF79591) With web protection or web control turned on, when a web server returns a “Connection: close” response without specifying the content length, Internet Explorer stops responding.
  • (SUG79132, SUG79134) The SanDisk Cruzer and BlockMaster SafeStick USB flash drives are not categorized correctly by Sophos device control as secure removable storage when the user who inserts them is logged on as a non-Administrator user. Instead, the devices are blocked.

March 2012

New in this release

  • The threat detection engine and threat data have been updated.

Fixed issues

  • (DEF78169, DEF78214) On a computer that is running Symantec PGP Desktop version 10.2, the Layered Service Provider that is used by Sophos web protection and Sophos web control conflicts with the Symantec Layered Service Provider. This prevents web browsing.
  • (DEF78756) With Sophos web control turned on, some web pages take a very long time to load.

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2011–2012 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.