About these release notes

These are the release notes for Sophos Core Agent for Windows 7 and later, managed by Sophos Central.

Some of the features mentioned in these release notes are only available if you have the appropriate license.

Note You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

For information about the changes to Sophos Endpoint Advanced, see the Sophos Endpoint Advanced release notes.

For information about the changes to Sophos Intercept X, see the Sophos Intercept X release notes.

For improvements and new features in the Sophos Central console, see What's new in Sophos Central.

Versions

Components

Sophos Endpoint

Windows 7 and later

2.4.0

June 2019

2.3.0

April 2019

2.2.2

December 2018

2.2.1

November 2018

2.2.0

November 2018

Sophos AutoUpdate

6.0.547

6.0.547

5.13.51

5.13.51

5.13.51

Sophos Management Communications System

4.10.423

4.9.424

4.9.424

4.9.300

4.9.300

Sophos Health Service

2.1.0.33

2.1.0.33

2.1.0.33

2.1.0.33

2.1.0.33

Sophos Network Threat Protection

Malicious Traffic Detection

1.8.1555

1.8.1555

1.8.59.0

1.7.620.0

1.7.529.0

Sophos Endpoint UI

1.7.167

1.7.134

1.7.24

1.7.24

1.7.24

Sophos Uninstaller

1.8.0.37.

1.7.0.72

1.7.0.72

1.7.0.72

1.7.0.72

Sophos Endpoint Defense

2.1.3.26

2.1.2.0

2.1.0.406

2.1.0.405

2.1.0.378

Sophos Self Help Tool

2.0.103

2.0.103

2.0.103

2.0.103

2.0.103

Sophos Clean

3.8.6.1

3.8.6.1

3.8.6.1

3.8.6.1

3.8.6.1

Sophos File Scanner

1.5.15.0

1.5.15.0

1.4.15.0

1.4.15.0

1.4.15.0

Threat Detection Engine

3.74.1

3.74.1

3.74.1

3.74.1

3.74.1

Version 2.4.0

Updated Components

Sophos Management Communications System updated to version 4.10.423.

Sophos Uninstaller updated to version 1.8.0.37.

Sophos Endpoint UI updated to version 1.7.167.

Sophos Endpoint Defense updated to version 2.1.3.26.

Resolved issues

Issue ID

Component

Description

WINEP-20135

Sophos Endpoint

Resolved an issue on Windows 10 1903 with SSPService.exe using excessive system memory.

WINEP-20046

Sophos Endpoint

Resolved an issue migrating endpoints from Sophos Enterprise Console to Sophos Central.

WINEP-19868

Sophos Endpoint

Improved disk IO performance of SSPEdr.exe process.

WINEP-19720

Sophos Endpoint

Resolved an issue with Windows stopping that could occur when installing Veeam software on Cluster computers.

WINEP-18113

Sophos Endpoint

Resolved an issue with Windows 7 users being unable to authenticate to XG Firewalls using single sign-on.

Version 2.3.0

New features

This version of the Core Agent supports new Endpoint Detection and Response features. Customers with an Intercept X Advanced with EDR license will get these enhancements:

  • Threat Searches now allow admins to search for activity by admin tools which could be used for malicious purposes. Currently this feature only finds Powershell activity. The admin tool Threat Search also lets admins search for arguments passed when an admin tool is run.
  • Forensic Snapshots now capture Windows Authentication events that are captured in the Windows security event log.

Updated Components

Sophos AutoUpdate updated to version 6.0.457.

Sophos Network Threat Protection updated to version 1.8.1555.

Sophos Endpoint UI updated to version 1.7.134.

Sophos Endpoint Defense updated to version 2.1.2.0.

Sophos File Scanner updated to 1.5.15.0.

Resolved issues

Issue ID

Component

Description

WINEP-15020

Sophos AutoUpdate

Resolved an issue with AutoUpdate not enabling TLS 1.1 or 1.2 on Windows 7 and Windows 8.

Version 2.2.2

Updated Components

Sophos Management Communications System updated to version 4.9.424.

Sophos Network Threat Protection updated to version 1.8.59.0.

Sophos Endpoint Defense updated to version 2.1.0.406.

Resolved issues

Issue ID

Component

Description

WINEP-16959

Sophos Network Threat Protection

Resolved an issue with Connection Tracking affecting network connectivity.

WINEP-16965

Sophos Endpoint Defense

Resolved an installation failure on Windows 10 RS5 where the installer failed to copy SophosEL.sys into the ELAM driver backup path.

WINEP-16986

Management Communications System

Resolved an issue uploading Endpoint Detection and Response (EDR) data through a message relay.

Version 2.2.1

Updated Components

Sophos Network Threat Protection updated to version 1.7.620.0.

Sophos Endpoint Defense updated to version 2.1.0.405.

Resolved issues

Issue ID

Component

Description

WINEP-16853

Sophos Endpoint Defense

Resolved an issue with submitting files containing multi-byte characters to SophosLabs Threat Intelligence.

WINEP-16752

Sophos Network Threat Protection

Resolved an issue with isolation exclusions not always being removed correctly.

Version 2.2.0

New features

This version of the Core Agent supports new Endpoint Detection and Response capabilities. Customers entitled to the new EDR features will get access to:

  • An enhanced endpoint that will continually send metadata to Sophos Central on detected or suspicious portable executable files and network connections to IP addresses and domains from those files. This allows admins to perform a Threat Search across the estate to identify endpoints that have seen those indicators of compromise and take further action.
  • Admins can generate a Threat Case from Threat Search results when they want to understand the history surrounding a file that has been returned from search results.
  • A new Clean and Block action adds the hash of suspect files to a blocked item list that is distributed to the endpoints. Matching files are prevented from executing and cleaned where found.
  • In the event potential undetected threats have been identified, Admin Led Isolation can restrict the TCP and UDP network connectivity of an endpoint. A new Auto Isolation capability has also been introduced to allow an endpoint to automatically isolate in the event its health status goes red.
  • Admins can create on demand Forensic Snapshots of the system activity on an endpoint to allow for advanced forensic investigations.
  • A new Deep Learning Malware Analysis feature lets customers submit suspect portable executable files to SophosLabs where a detailed analysis is performed breaking down file attributes and code and comparing them to millions of other files so you can determine if a file is malicious or not.

Updated Components

Sophos Management Communications System updated to version 4.9.300.

Sophos Network Threat Protection updated to version 1.7.529.0.

Sophos Uninstaller updated to version 1.7.0.72.

Sophos Health updated to version 2.1.0.33.

Sophos Endpoint UI updated to version 1.7.24.

Sophos Endpoint Defense updated to version 2.1.0.378.

Sophos Clean updated to version 3.8.6.1.

Sophos File Scanner updated to version 1.4.15.0.

Threat Detection Engine updated to version 3.74.1. For information about the threat detection engine, see the Sophos Threat Detection Engine release notes.

Resolved issues

Issue ID

Component

Description

WINEP-9893

Sophos Endpoint UI

Changed PUA Desktop Message wording.

Known issues and limitations

Issue ID

Component

Description

WINEP-11685

Sophos Clean

Running a system scan when offline and when the machine has malware that is only found with an on-line confirmation results in the endpoint security health returning to green when it should remain red. When online the malware is re-detected, if activated.
WINEP-10715

Sophos Endpoint Defense

Failed to generate RCAs for email phishing attacks when using Edge on Windows 10 as the default browser.

WINEP-10584

Sophos Health Service

Inconsistent security health status. Notification of a Red security health status may not be displayed in Sophos Central if the detection happens while some Sophos services are stopped.

WINEP-12084

Sophos UI

The Settings tab on the endpoint console is not being displayed when tamper protection is disabled. Closing and re-opening the endpoint console resolves the issue.

WINEP-11735

Sophos Clean

Attempts to ‘restore’ an application from quarantine may not restore some complex registry settings. This has only been seen for malware variants and not for legitimate applications.

Additional information

System requirements

This version of Sophos Endpoint is supported on Windows 7 and later client operating systems. For a full list of system requirements, see https://www.sophos.com/en-us/support/knowledgebase/121027.aspx.

Support for migration from on-premise management

It is now possible to automatically migrate a computer managed by Sophos Enterprise Console or Sophos Control Center to be managed by Sophos Central. Please see the Sophos Central Migration Tool Help for more details.

For known migration issues, see the issues for Sophos Central agent installer in Known issues and limitations.

Support for Windows 8 and Windows 8.1

  • Sophos Endpoint uses toast notifications instead of balloon notifications to display messages on screen.
  • If you specify a user-defined message to be displayed in desktop messages, it is not displayed in toasts. For more information, see https://www.sophos.com/en-us/support/knowledgebase/118233.aspx.
  • If Sophos Anti-Virus cleans up a threat that affects a Windows Store app, it marks the app as tampered with. This causes Windows to offer the user the ability to re-download and re-install the app.

Sophos Device Control

Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.

Legal notices

Copyright © 2019 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.