Sophos Managed Threat Response for Linux

About these release notes

These are the release notes for Sophos Managed Threat Response for Linux, managed by Sophos Central.

The features mentioned in these release notes are only available if you have the appropriate license.

Note You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.



Sophos Managed Threat Response for Linux


February 2020


November 2019

Sophos Linux Base



Sophos Live Query


Sophos Managed Threat Response plugin


Version 1.0.2

New features

  • Remotely retrieve a file from a managed device to assist an MTR investigation. The file can be used as case evidence or submitted to Sophos for malware analysis (including static and dynamic malware).
  • Added ability to turn on and off verbose logging to improve troubleshooting.
  • Minor bug fixes.

Updated components

Sophos Live Query updated to

Sophos Managed Threat Response plugin updated to

Version 1.0.1

New features

Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response. It is delivered by an expert team as a fully-managed service. Beyond simply notifying you of attacks or suspicious behavior, the Sophos MTR team initiates actions on your behalf to neutralize even the most sophisticated and complex threats. Two levels of service are available:

  • MTR Standard: lead-driven threat hunting, adversarial detections, activity reports, security health check.
  • MTR Advanced: MTR standard features plus lead-less threat hunting, enhanced telemetry, proactive posture management, dedicated incident response lead, direct call-in support, asset discovery.

System requirements

This version of Sophos Managed Threat Response is supported on Linux.

For a full list of system requirements, see knowledge base article 134906.

Known issues and limitations

Issue ID




Sophos Managed Threat Response for Linux

The use of Message Relays with Sophos Managed Threat Response for Linux is not supported.


Sophos Linux Base

Sophos Managed Threat Response for Linux does not support systems that have another product that is managed by Sophos Central installed.

You can have only one managed product installed at a time.


Sophos Linux Base

Clone de-duplication is not supported by Sophos Managed Threat Response for Linux.


Sophos Managed Threat Response for Linux

Process monitoring may not work on a system that is already running osquery.


Sophos Managed Threat Response for Linux

Process monitoring data is not available on systems with auditd enabled.


You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.