About these release notes
These are the release notes for Sophos Managed Threat Response for Windows Server 2008 R2 and later, managed by Sophos Central.
The features mentioned in these release notes are only available if you have the appropriate license.
For information about the changes to the Sophos Central Server Core Agent, see the Sophos Central Server Core Agent release notes.
For information about the changes to Sophos Central Server Anti-Virus, see the Sophos Central Server Anti-Virus release notes
For information about the changes to Sophos Intercept X Advanced for Server with EDR, see the Sophos Central Server Intercept X release notes.
For improvements and new features in the Sophos Central console, see What's new in Sophos Central.
- Remotely retrieve a file from a managed device to assist an MTR investigation. The file can be used as case evidence or submitted to Sophos for malware analysis (including static and dynamic malware).
- Added ability to turn on and off verbose logging to improve troubleshooting.
- Minor bug fixes.
Sophos MTR Endpoint Agent has been updated to 18.104.22.168.
Sophos MTR Endpoint Agent has been updated to 22.214.171.124.
Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response. It is delivered by an expert team as a fully-managed service. Beyond simply notifying you of attacks or suspicious behavior, the Sophos MTR team initiates actions on your behalf to neutralize even the most sophisticated and complex threats. Two levels of service are available:
- MTR Standard: lead-driven threat hunting, adversarial detections, activity reports, security health check.
- MTR Advanced: MTR standard features plus lead-less threat hunting, enhanced telemetry, proactive posture management, dedicated incident response lead, direct call-in support, asset discovery, scheduled ops review.
This version of Sophos Managed Threat Response is supported on Windows Server 2008 R2 and later.
- Sophos Intercept X Advanced for Server with EDR must be installed on the server.
- EDR must be enabled in the Sophos
Central Server Threat Protection policy. Under
Remediation, ensure that the following settings are
- Enable Threat Case creation
- Allow servers to send data on suspicious files, network events, and admin tool activity to Sophos Central
For a full list of system requirements, see https://www.sophos.com/en-us/support/knowledgebase/121027.aspx.
Known issues and limitations
You can find technical support for Sophos products in any of these ways:
- Visit the Sophos Community at community.sophos.com/ and search for other users who are experiencing the same problem.
- Visit the Sophos support knowledge base at www.sophos.com/en-us/support.aspx.
- Download the product documentation at www.sophos.com/en-us/support/documentation.aspx.
- Open a ticket with our support team at https://secure2.sophos.com/support/contact-support/support-query.aspx.
Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.