Endpoint

Sophos Central Server Core Agent

For Sophos Central customers

About these release notes

These are the release notes for Sophos Central Server Core Agent for Windows Server 2008 R2 and later operating systems.

Some of the features mentioned in these release notes are only available if you have the appropriate license.

Note

You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

For information about the changes to Sophos Central Server Anti-Virus, see the Sophos Central Server Anti-Virus release notes.

For information about the changes to Intercept X Advanced for Server with EDR, see the Intercept X Advanced for Server with EDR release notes.

For improvements and new features in the Sophos Central console, see What's new in Sophos Central.

Updates that require a restart

Occasionally an update requires a restart. Sophos never forces this restart and there is no impact on protection or threat detection updates during the period before the restart.

We recommend that you schedule a restart during your next maintenance window to ensure that you are running the latest version.

Versions

Components

Sophos Central Server Core Agent

Windows Server 2008 R2 and later

2.6.0

February 2020

2.5.6

January 2020

2.2.7

September 2019

2.2.6

September 2019

2.2.5

July 2019

2.2.4

June 2019

2.2.3

June 2019

2.2.1

May 2019

2.1.4

February 2019

Sophos AutoUpdate

6.1.356

6.1.356

6.0.457

6.0.457

6.0.457

6.0.457

6.0.457

6.0.457

5.14.80.80

Sophos Clean

3.8.7.124

3.8.7.124

3.8.6.1

3.8.6.1

3.8.6.1

3.8.6.1

3.8.6.1

3.8.6.1

3.8.6.1

Sophos Endpoint Defense

2.2.0.3440

2.2.0.3405

2.1.3.44

2.1.3.44

2.1.3.37

2.1.3.26

2.1.3.8

2.1.2.7

2.1.0.406

Sophos File Scanner

1.6.540

1.6.540

1.5.15.0

1.5.15.0

1.5.15.0

1.5.15.0

1.5.15.0

1.5.15.0

1.4.15

Sophos Management Communication System

4.12.179

4.11.127

4.10.423

4.10.423

4.10.423

4.10.423

4.9.462.0

4.9.462.0

4.9.462.0

Sophos Network Threat Protection

1.9.2235

1.9.2235

1.8.1555

1.8.1555

1.8.1555

1.8.1555

1.8.1555

1.8.1555

1.8.59.0

Sophos Self Help Tool

2.1.14.2

2.1.14.2

2.1.14.2

2.1.14.2

2.1.14.2

2.1.14.2

2.1.14.2

2.1.14.2

2.1.14.2

Sophos UI

1.7.957

1.7.631.0

1.7.452.0

1.7.167

1.7.167

1.7.167

1.7.134

1.7.134

1.7.24

Sophos Uninstaller

1.8.1.1

1.8.1.1

1.8.0.37

1.8.0.37

1.8.0.37

1.8.0.37

1.7.0.72

1.7.0.72

1.7.0.72

Threat Detection Engine

3.78.5

3.77.1

3.74.1.3

3.74.1.3

3.74.1.3

3.74.1.3

3.74.1.3

3.74.1.3

3.74.1.3

Sophos Message Relay

1.3.22.0

1.3.22.0

1.2.5.0

1.2.5.0

1.2.5.0

1.2.5.0

1.2.5.0

1.2.5.0

1.2.5.0

Sophos Server Lockdown

7.1.2

7.1.2

7.1.2

7.1.2

7.1.2

7.1.2

7.1.2

7.1.2

7.1.2

Sophos Standalone Engine

1.5.3

1.5.3

1.2.23

1.2.23

1.2.23

1.2.23

1.2.23

1.2.23

1.2.23

Sophos Update Cache

1.4.0.4

1.4.0.4

1.4.0.4

1.4.0.4

1.4.0.4

1.4.0.4

1.4.0.4

1.4.0.4

1.4.0.4

Sophos Health Service

2.3.12

2.3.12

2.1.0.33

2.1.0.33

2.1.0.33

2.1.0.33

2.1.0.33

2.1.0.33

2.1.0.33

Sophos File Integrity Monitoring

1.0.1.11

1.0.1.11

1.0.1.11

1.0.1.11

1.0.1.11

1.0.1.11

1.0.1.11

1.0.1.11

1.0.1.11

Sophos Live Query

2.0.1.316

1.0.2.23

1.0.1.226

           

Sophos Diagnostic Utility

6.2.69

Sophos Antimalware Scan Interface Protection

1.0.1503.0

Version 2.6.0

New features

This version of the Core Agent supports Sophos Antimalware Scan Interface (AMSI) Protection which integrates into applications for Windows 10 and Windows Server 2016 and allows for the most common malware scanning and protection techniques. Checks include whether scripts are safe to run, even if they're obfuscated or only generated at runtime. Similar checks can be applied for code that is loaded from sources other than the local disk before it is executed from memory.

New components

This release includes the following new components:

  • Sophos Diagnostic Utility
  • Sophos Antimalware Scan Interface Protection

Updated components

Sophos Management Communication System updated to version 4.12.179.

Sophos Endpoint UI updated to version 1.7.957.

Sophos Endpoint Defense updated to version 2.2.0.3440.

Threat Detection Engine updated to 3.78.5.

Sophos Live Query updated to version 2.0.1.316.

Resolved issues

Issue ID

Component

Description

WINEP-22224

Sophos Endpoint

Resolved an issue with Synchronized Security in which endpoints missed their initial heartbeat configuration policy.

Version 2.5.6

New features

This version of the Server Core Agent updates the Threat Case and Forensic Snapshot upload features that are available to customers with an Intercept X license:

  • Threat Cases (RCA) now use the endpoint Event Journals for richer data.
  • Forensic Snapshots can now be uploaded to customers’ AWS S3 buckets. These snapshots can now cover up to 90 days of activity and can be stored for archiving or later investigation.

Updated components

Sophos Central Server Core Agent updated to 2.5.x to match Sophos Core Agent version.

Sophos AutoUpdate updated to 6.1.356.

Sophos Clean updated to version 3.8.7.124.

Sophos Endpoint Defense updated to version 2.2.0.3405.

Sophos File Scanner updated to version 1.6.540.

Sophos Management Communication System updated to version 4.11.127.

Sophos Network Threat Protection updated to version 1.9.2235.

Sophos UI updated to version 1.7.631.0.

Sophos Uninstaller updated to version 1.8.1.1.

Threat Detection Engine updated to version 3.77.1.

Sophos Message Relay updated to version 1.3.22.0.

Sophos Standalone Engine updated to version 1.5.3.

Sophos Health Service updated to version 2.3.12.

Sophos Live Query updated to version 1.0.2.23.

Resolved issues

Issue ID

Component

Description

WINEP-12344

Sophos Endpoint

Resolved an issue with Sophos Endpoint using excessive CPU resource.

WINEP-14723, WINEP-14728, WINEP-14729

Sophos Endpoint

Increased robustness of installation by retrying installation in cases where another MSI installer is already running.

WINEP-19408

Sophos Endpoint

Fixed an issue in which the Management Communications System configuration can get corrupted when the computer shuts down unexpectedly.

WINEP-20408

Sophos Endpoint

Resolved an issue that prevents files in WebDAV folders from being successfully scanned.

WINEP-18710

Sophos Endpoint

Resolved an issue that prevents Sophos Health Service from starting if the events database is corrupted.

WINEP-19248

Sophos Endpoint

Resolved an issue in which Sophos Heartbeat sends an incorrect health status to the firewall.

WINEP-21961

Sophos Management Communication System

Resolved a delay in user ID information being sent to the Sophos XG Firewall, which can lead to network delay.

Version 2.2.7

New Components

Sophos Live Query version 1.0.1.226, which is used for Managed Threat Response.

Updated Components

Sophos UI updated to version 1.7.452.0.

Version 2.2.6

Updated Components

Sophos Endpoint Defense updated to version 2.1.3.44.

Version 2.2.5

Updated Components

Sophos Endpoint Defense updated to version 2.1.3.37.

Version 2.2.4

Updated Components

Sophos Management Communications System updated to version 4.10.423.

Sophos Uninstaller updated to version 1.8.0.37.

Sophos UI updated to version 1.7.167.

Sophos Endpoint Defense updated to version 2.1.3.26.

Resolved issues

Issue ID

Component

Description

WINEP-20135

Sophos Central Server Core Agent

Resolved an issue on Windows 10 1903 with SSPService.exe using excessive system memory.

WINEP-20046

Sophos Central Server Core Agent

Resolved an issue migrating endpoints from Sophos Enterprise Console to Sophos Central.

WINEP-19868

Sophos Central Server Core Agent

Improved disk IO performance of SSPEdr.exe process.

WINEP-18113

Sophos Central Server Core Agent

Resolved an issue with Windows 7 users being unable to authenticate to XG Firewalls using single sign-on.

Version 2.2.3

Updated Components

Sophos Endpoint Defense updated to version 2.1.3.8.

Resolved issues

Issue ID

Component

Description

WINEP-19720

Sophos Central Server Core Agent

Resolved an issue with Windows stopping that could occur when installing Veeam software on Cluster computers.

Version 2.2.1

New features

This version of the Core Agent supports new Server Detection and Response features. Customers with an Intercept X Advanced for Server with EDR license will get these enhancements:

  • Threat Searches now allow admins to search for activity by admin tools which could be used for malicious purposes. Currently this feature only finds Powershell activity. The admin tool Threat Search also lets admins search for arguments passed when an admin tool is run.
  • Forensic Snapshots now capture Windows Authentication events that are captured in the Windows security event log.

Updated Components

Sophos Network Threat Protection updated to version 1.8.1555.

Sophos AutoUpdate updated to version 6.0.457.

Sophos UI updated to version 1.7.134.

Sophos Endpoint Defense updated to version 2.1.2.7.

Sophos File Scanner has been updated to 1.5.15.0.

Version 2.1.4

What's new

This version includes security improvements and addresses various customer issues.

Updated Components

Sophos Clean has been updated to version 3.8.6.1.

Sophos Endpoint Defense has been updated to version 2.1.0.406.

Sophos File Scanner has been updated to 1.4.15.

Sophos Management Communications System has been updated to 4.9.462.0.

Sophos Network Threat Protection has been updated to 1.8.59.0.

Sophos UI has been updated to version 1.7.24.

Sophos Uninstaller has been updated to version 1.7.0.72.

Sophos Message Relay has been updated to version 1.2.5.0.

Sophos Standalone Engine has been updated to version 1.2.23.

Sophos Update Cache has been updated to version 1.4.0.4.

Sophos Health Service has been updated to version 2.1.0.33.

Sophos File Integrity Monitoring has been updated to version 1.0.1.11.

The threat detection engine is 3.74.1.3. For information about the threat detection engine, see the Sophos Threat Detection Engine release notes.

Additional information

System requirements

This version of Sophos Central Server Core Agent is supported on Windows Server 2008 R2 and later operating systems. Versions of Windows targeted by Microsoft for non-business environments are not supported.

Support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.