About these release notes

These are the release notes for Sophos Managed Threat Response for Windows Server 2008 R2 and later, managed by Sophos Central.

The features mentioned in these release notes are only available if you have the appropriate license.

Note You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

For information about the changes to the Sophos Central Server Core Agent, see the Sophos Central Server Core Agent release notes.

For information about the changes to Sophos Central Server Anti-Virus, see the Sophos Central Server Anti-Virus release notes

For information about the changes to Sophos Intercept X Advanced for Server with EDR, see the Sophos Central Server Intercept X release notes.

For improvements and new features in the Sophos Central console, see What's new in Sophos Central.



Sophos Managed Threat Response

Windows Server 2008 R2 and later


November 2019

Sophos MTR Endpoint Agent

Version 1.0.1

New features

Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response. It is delivered by an expert team as a fully-managed service. Beyond simply notifying you of attacks or suspicious behavior, the Sophos MTR team initiates actions on your behalf to neutralize even the most sophisticated and complex threats. Two levels of service are available:

  • MTR Standard: lead-driven threat hunting, adversarial detections, activity reports, security health check.
  • MTR Advanced: MTR standard features plus lead-less threat hunting, enhanced telemetry, proactive posture management, dedicated incident response lead, direct call-in support, asset discovery, scheduled ops review.

System requirements

This version of Sophos Managed Threat Response is supported on Windows Server 2008 R2 and later.

In addition:

  • Sophos Intercept X Advanced for Server with EDR must be installed on the server.
  • EDR must be enabled in the Sophos Central Server Threat Protection policy. Under Remediation, ensure that the following settings are turned on:
    • Enable Threat Case creation
    • Allow servers to send data on suspicious files, network events, and admin tool activity to Sophos Central

For a full list of system requirements, see https://www.sophos.com/en-us/support/knowledgebase/121027.aspx.

Legal notices

Copyright © 2019 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.