File integrity of Sophos updates

We guarantee the integrity of our software updates.

Here's how we ensure that no-one's tampered with the files.

We digitally sign all binary files we publish.

Each of your devices does as follows:

  • Downloads files over a secure HTTPS session. This setting is now the default for new accounts.
    Note If your account doesn't already use HTTPS updating, we recommend changing to it. In Sophos Central, go to Overview > Global Settings > HTTPS Updating.
  • Fetches a manifest (signed by us) that lists what the device needs to install. It'll install only files that are on the list.
  • Installs only files that are signed by us.

So your devices can't install any files that we haven't approved.