About these release notes

These are the release notes for Sophos Endpoint Security and Control for Windows Preview version, managed by Sophos Enterprise Console or standalone.

Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.

Note

You may find that you cannot yet download and use the latest versions in the lists below. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

Version 10.8

Components

Sophos Endpoint Security and Control

10.8.4.4 VE3.77.1

August 2019

10.8.4.4 VE 3.74.1

July 2019

10.8.4.3 VE3.74.1

May 2019

Sophos Anti-Virus

10.8.4.227

10.8.4.227

10.8.4.227

Threat detection engine

3.77.1

3.74.1

3.74.1

Sophos Client Firewall Windows 8 and later

3.0.6

3.0.6

3.0.6

Sophos Client Firewall Windows 7 and earlier

2.9.7

2.9.7

2.9.7

Sophos AutoUpdate

5.15.166

5.15.166

5.14.36

Sophos Patch Agent

1.0.313.30

1.0.313.30

1.0.313.30

Sophos Web Control

1.5

1.5

1.5

Sophos Remote Management System

4.1.2.24

4.1.2.24

4.1.2.24

Sophos Network Threat Protection

Malicious Traffic Detector

1.8.77.8000

1.8.77.8000

1.8.77.8000

Sophos Endpoint Defense

2.1.2.8000

2.1.2.8000

2.1.2.8000

Standalone installations include the Sophos Web Control component but it only provides malicious website blocking.

10.8.4.4 VE3.77.1

Updated Components

The threat detection engine has been updated from 3.74.1 to 3.77.1. For information about the threat detection engine, see the Sophos Threat Detection Engine release notes.

Version 10.8.4.4 VE 3.74.1

Updated Components

Sophos AutoUpdate has been updated to 5.15.166.

Resolved issues

Issue ID

Component

Description

WINEP-12971

Sophos AutoUpdate

Resolved an issue with Sophos Anti-Virus failing to update.

WINEP-16773

Sophos AutoUpdate

Resolved an issue with unlocking computers with an identity agent installed if Almon.exe is running.

WINEP-17442

Sophos AutoUpdate

License expiry message is now available in all languages.

Version 10.8.4.3 VE3.74.1

Updated Components

Client Boot Strap has been updated.

Known issues and limitations

Issue ID

Component

Description

WINEP-1819

Sophos Client Firewall

After an upgrade from Windows 7 to Windows 10, the firewall Windows 7 driver SCFNdis.sys is migrated but cannot be loaded and may cause a system error when the computer is booted.

To resolve this issue, browse to the folder C:\Windows\System32\drivers and delete the file SCFNdis.sys.

WINEP-1818

Sophos Patch

In Enterprise Console, in the Protect Computers Wizard, Windows 10 is not listed in the list of platforms on which Patch is available, even though Sophos Patch Agent can be installed on Windows 10.

Note

Even though Sophos Patch Agent will install on Windows 10, it is not currently supported on it and will not report missing patch information.

WINEP-1770

Sophos Anti-Virus

Sophos Anti-Virus doesn’t support Hypervisor enforced Code Integrity introduced in the Enterprise lockdown mode.

WINEP-1758

Sophos Client Firewall

On Windows 10, a dual location firewall policy cannot be applied to an endpoint when both locations are visible (this includes VPN connections). The following errors appear in the firewall system log:

Failed to configure the firewall

Failed to update the filter rules error 80004005

Workaround: Disable configuration for a secondary location, or use Windows Firewall instead.

WINEP-323

Sophos Malicious Traffic Detector

Cannot exclude from scanning non-local processes that you excluded in the Cloud console if they started before the sntp (Sophos Network Threat Protection) driver starts.

WINEP-284

Sophos Malicious Traffic Detector

In cleanup events, the user may be incorrectly reported as "System", although the correct user is reported for the initial detection.

DEF79180

Data Control

Files that breach a data control rule can still be transferred to a Windows 8 storage pool.

DEF84838

Installer

Protecting Windows 8 or Windows Server 2012 computers that are in a workgroup from Sophos Enterprise Console 5.1 on Windows Server 2008 or Windows Server 2008 R2 fails with the errors "Failed to launch setup.exe" and "2147942405".

For more information and instructions on how to enable deployment, see https://www.sophos.com/en-us/support/knowledgebase/118354.aspx.

 

Sophos Anti-Virus

On 64-bit computers upgraded from Windows 8.1 to Windows 10, in the 32-bit version of Windows Explorer, the right-click option Scan with Sophos Anti-Virus does not work. (The option works correctly in the native 64-bit version of Windows Explorer.) This is due to a missing Sophos registry key, that has not been migrated during the OS upgrade.

To resolve this issue, re-protect the computers: in Enterprise Console, select the computers you want to re-protect, right-click, and then click Protect Computers. Follow the steps in the Protect Computers Wizard. Alternatively, to manually re-protect a computer, follow the steps provided in knowledgebase article 12386.

 

Sophos Anti-Virus

After an upgrade from Windows 8.1 (either 64-bit or 32-bit) to Windows 10, if a computer is started in safe mode, the Sophos Anti-Virus service (SAVService.exe) fails to start. This is due to a missing Sophos registry key, that has not been migrated during the OS upgrade.

To resolve this issue, re-protect the computers.

 

Sophos Anti-Virus

After an upgrade from Windows 8.1 (either 64-bit or 32-bit) to Windows 10, the Sophos Healthcheck tool fails with warnings about missing registry keys. This is because some of the Sophos registry keys have not been migrated during the OS upgrade.

To resolve this issue, re-protect the computers.

 

Sophos Anti-Virus

When a computer is upgraded to Windows 10, the following error may be reported against it in Enterprise Console:

Web Protection is no longer functional. The filtering driver has been bypassed or unloaded. [0xa058000c]

These errors can be safely ignored. To remove them from Enterprise Console, after the computer has been upgraded to Windows 10, right-click the computer, click Resolve Alerts and Errors, select the errors and click Acknowledge.

 

Sophos Client Firewall

After upgrading to Windows 10 a computer with a standalone installation of Sophos Endpoint Security and Control that includes Sophos Client Firewall, the firewall configuration cannot be applied. The following errors are logged in the firewall system log:

Failed to configure the firewall.

Failed to update the filter rules, error 80004005.

To resolve this issue, restart the computer.

 

Sophos Client Firewall

It is not possible to deploy Sophos Anti-Virus and Sophos Client Firewall to a Windows 10 endpoint at the same time from Sophos Enterprise Console.

Workaround: Deploy Sophos Anti-Virus first, and then re-run the Protect Computers Wizard and deploy Sophos Client Firewall.

 

Sophos Client Firewall

On upgrade to Windows 10, Sophos Client Firewall loses all custom configuration settings and reverts to the default settings. Custom configuration settings need to be re-applied following the upgrade.

  • If you use Enterprise Console to manage Sophos Client Firewall, re-apply the firewall policy to the computer after you upgrade it to Windows 10. In Enterprise Console, in the computer list, the computer’s policy compliance will be shown as “Differs from policy”. Right-click the computer, click Comply with and then click Group Firewall Policy.
  • If you use a standalone installation of Endpoint Security and Control and Sophos Client Firewall, before you start the upgrade to Windows 10, export the firewall configuration to a file: open Sophos Endpoint Security and Control and on the Home page, under Firewall, click Configure firewall, click Export and save the configuration file.

    After the upgrade to Windows 10, import the configuration file: under Firewall, click Configure firewall, and then click Import.

 

Sophos Anti-Virus, Sophos Web Control

Sophos web protection and web control use a Layered Service Provider (LSP) to intercept network traffic. If web protection or web control is turned on while an incompatible third-party LSP is running, system instability can occur. Therefore, if a third-party LSP that is known to be incompatible is already installed on the computer, the Sophos LSP is not installed. For more information, see https://www.sophos.com/en-us/support/knowledgebase/116241.aspx.

Additional information

System requirements

Sophos Endpoint Security and Control is supported on Windows XP/2003/Vista/2008/7/8/2012. For a full list of system requirements, see System Requirements for Antivirus protection for Windows.

Subscriptions, packages and product versions

Which maintenance version of Endpoint Security and Control do I have?

To find out which maintenance version of Endpoint Security and Control (for example, 10.3.7) is running on your computer:

  1. Open Endpoint Security and Control.
  2. In the left-hand pane, under Help and information, click View product information.
  3. Under Anti-virus and HIPS, click Software.

Deployment

Automatic deployment of Endpoint Security and Control to Windows 8 and Windows Server 2012 from Enterprise Console requires Enterprise Console 5.1 or later.

Automatic deployment of Endpoint Security and Control to Windows 8.1 and Windows Server 2012 R2 from Enterprise Console requires Enterprise Console 5.2.1 R2 or later.

If you are using Enterprise Console 5.0 or earlier, you can install the software by running the installer from a bootstrap location that contains a software subscription for version 10.3. For more information on manual installation, see https://www.sophos.com/en-us/support/knowledgebase/12386.aspx.

Support for Windows 10

For information about Windows 10 support, see knowledgebase article 122504.

Support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2

  • Endpoint Security and Control uses toast notifications instead of balloon notifications to display messages on screen.
  • If you specify a user-defined message to be displayed in desktop messages, it is not displayed in toasts. For more information, see https://www.sophos.com/en-us/support/knowledgebase/118233.aspx.
  • If Sophos Anti-Virus cleans up a threat that affects a Windows Store app, it marks the app as tampered with. This causes Windows to offer the user the ability to re-download and re-install the app.
  • Rootkit scanning is not supported on REFS file systems on Windows Server 2012 and Windows Server 2012 R2. If the user attempts a rootkit scan on this file system, a message will be logged in the SAV log telling them that rootkit scanning is not supported.

Sophos Client Firewall

  • A number of features have been removed from Sophos Client Firewall 3.0 for Windows 8:

    Interactive mode
    Hidden process detection
    Modified memory detection
    Rawsocket applications (rawsockets are treated the same as other connections)
    Non-stateful rules
    The option Concurrent connections for TCP rules
    The option Where the local port is equal to the remote port

  • Sophos Client Firewall does not support the "mobile broadband" driver model in Windows 7.
  • When you install Sophos Client Firewall, all network adapters are temporarily disconnected. This results in network connections being unavailable for up to 20 seconds and the disconnection of networked applications such as Microsoft Remote Desktop.
  • When the log is displayed in a view that auto-refreshes (such as Allowed connections), the view stops refreshing if the service is under a heavy load. After changing to a different view and then back again, auto-refreshing works normally.

Application Control

When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer.

Sophos Device Control

Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.

Unsupported scenarios

  • Endpoint Security and Control standalone installations do not support Windows Server Core.
  • Endpoint Security and Control managed and standalone installations do not support Windows Server Core Hyper-V.

Shared Windows components

When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:

Sophos software

Shared Windows component

Name

File names

Versions

Date of inclusion with Sophos software

Sophos Anti-Virus

Microsoft XML Core Services

msxml4.dll

4.30.2100.0

September 2009

msxml4r.dll

4.30.2100.0

September 2009

ATL Library

atl90.dll

9.0.30729.4148

June 2013

Microsoft Visual C/C++ Runtime Libraries

msvcm90.dll

9.0.30729.4148

June 2013

msvcp90.dll

9.0.30729.4148

June 2013

msvcr90.dll

9.0.30729.4148

June 2013

Sophos Client Firewall 3.0 for Windows 8

Microsoft XML Core Services

msxml4.dll

4.30.2100.0

June 2013

msxml4r.dll

4.30.2100.0

June 2013

Microsoft Visual C/C++ Runtime Libraries

msvcm90.dll

9.0.30729.6161

June 2013

msvcp90.dll

9.0.30729.6161

June 2013

msvcr90.dll

9.0.30729.6161

June 2013

Sophos Client Firewall 2.9 for Windows 7 and earlier

Microsoft XML Core Services

msxml4.dll

4.30.2100.0

September 2009

msxml4r.dll

4.30.2100.0

September 2009

Microsoft Visual C/C++ Runtime Libraries

msvcm90.dll

9.0.30729.6161

October 2013

msvcp90.dll

9.0.30729.6161

October 2013

msvcr90.dll

9.0.30729.6161

October 2013

Legal notices

Copyright © 2019 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.