Skip to content
Last update: 2022-05-10

Release Notes: Sensor 4.10.0


CentOS/RHEL/Oracle 6 2.6.32 as well as Ubuntu 14.04 3.13 and 3.16 kernel support will be dropped in version 4.10.0 and later. We are not looking to add these kernels in the future. Sensor versions 4.9 and earlier will continue to receive critical updates as needed but we recommend moving sensitive workloads to more updated kernels to maintain Sensor protections available.

What's new

  • Perf Sensor's Go implementation has been moved to C.
  • Added Linux 5.15 and 5.16 support.
  • Content version is now included in Content logs and alerts.
  • Sensor alerts may now be output to Sophos EventJournal.

Key improvements

  • Greater throughput performance throughout a variety of workloads due to new Perf Sensor implementation. More detailed benchmarks coming soon.
  • Increased performance during initial file integrity monitor baselining.
  • Experimental alerts can now be marked as silent and not emitted as alerts.
  • Logs are now emitted by the supervisor process after being forwarded from the supervised sensor process.
  • Out-of-order message log warnings moved to debug level.
  • Perf Sensor subcomponent can now dump its binary to disk with -dump-perf-sensor flag.

Notable bug fixes

  • Resolved a race condition when sensor process is quickly restarted after starting.
  • Fixed a bug that caused numerous false negatives for interactive shell policies.
  • Sensor will now no longer exit if receiving unexpected message data on IPC socket.
  • Removed various ticker leaks leading to increased memory usage and degradation of detections capabilities.
  • Fixed a race condition in alert dispatcher that resulted in a segfault.
  • Fixed a segfault in sensor_task_eventstate_timer.
  • Proper log messages are now sent when the trigger process exits unexpectedly.
  • Drop WARN logs to DEBUG when a monitored process exits unexpectedly early.
Back to top