Sophos Protection for Linux distribution and kernel support.

This page provides details related to distribution and kernel support for Linux platforms.

Sophos Support

Sophos Support provides a commercially reasonable effort to support Sophos Protection for Linux. A commercially reasonable effort means that Sophos Support will investigate issues on supported platforms and kernel versions. If we can reproduce an issue on a supported platform, we may be able to address it. Resolving issues may require updating an existing distribution or OS configuration and installing additional packages.

Supported platforms and kernels

The current list of supported platforms is in the System requirements section of the release notes. See Sophos Protection for Linux release notes. Minimum kernel versions are noted in the release notes where applicable.

We support the latest kernels for operating systems while they're within the vendor's support cycle. As the vendor retires support for older kernels, Sophos may also remove support for them.

We don't support kernels known to prevent Sophos Protection for Linux from functioning.

Due to the diverse and flexible nature of Linux deployments and configurations, we recommend testing deployments to ensure acceptable performance for specific environments.

CPU architecture support

Sophos Protection for Linux supports both x86_64 and ARM64 architectures. We support ARM64 on platforms with kernel versions 5.3 or later. This is due to a lack of support for user space access monitors in kernel probes (kprobes) before the 5.3 release. This affects some ARM System-on-Chip (SoC) devices.

Additional options

Linux provides many distributions with flexibility and openness for users to configure and customize a distribution for any environment. Our customers deploy in a variety of scenarios. Sophos will provide commercially reasonable effort to support Sophos Protection for Linux in the following scenarios:

• Unlisted platforms
• Minor releases and service packs
• Custom or minimal kernel builds
• Hardened configurations
• Legacy versions

Unlisted platforms

For platforms not listed in the release notes, we'll attempt to reproduce any issues on a related platform and system requirements as referenced in the release notes. For example, we would test an issue on Rocky Linux using Red Hat Enterprise Linux (RHEL) because Rocky Linux is based on the RHEL image. This is called a downstream distribution.

Any limitations of Sophos support, including support for earlier minor releases and custom and minimal kernel versions, as applicable, will also apply to downstream distributions.

Minor releases and service packs

Sophos tests and supports the most recent active minor release or service pack of supported platforms listed within the System requirements section of the release notes for Sophos Protection for Linux.

We recommend that customers upgrade to the current active minor release or service pack as early as possible. When the operating system vendor releases a new minor release or service pack, the previous version may stop receiving important security updates from the vendor. We may require you to upgrade if an issue isn't reproducible on the latest minor release or service pack.

Custom kernel builds

The flexible nature of Linux allows end-users to run custom kernels or builds of a distribution. This provides many options to customize different production distributions based on specific environments and use cases. As a result, it's more likely that an issue may occur on a custom kernel.

The agent utilizes user space APIs and doesn't directly inject code into the kernel or require a kernel module. There are a variety of techniques and fallbacks utilized to ensure the most comprehensive coverage. This approach minimizes the potential issues and ensures continuity when running on supported kernels as well as custom kernels. If we have access to the kernel, we will attempt to reproduce the issue to determine if it's product related or a kernel bug or defect.

Hardened or minimal configurations

A hardened or minimal configuration is a Linux distribution customized to address vulnerabilities and reduce the attack surface. Certain usability and performance compromises are made in favor of increased security in these distributions. Issues can result from these compromises that would not occur on an unmodified version of the same distribution. To resolve issues, we may require the installation of additional packages and updates to the distribution that are included in a default configuration.

Legacy versions

Legacy versions are older versions of platforms. These versions are approaching or have reached the end of mainstream support by the distribution vendor. We'll continue to test and release content and virus data library updates. Sophos will only address critical product issues, which may include hotfixes and updates to address vulnerabilities, at our discretion.

We reserve the right to suspend, reduce, or end support for a legacy version. For example, if we discover an issue that requires a fix to the operating system that the third-party vendor doesn't provide, or if we determine that the resolution requires a change to the product code.

Software packages and legacy versions

Sophos will support software packages released before the Sophos published end-of-support date for a distribution. Once a legacy version reaches end-of-support, newer software packages aren't supported on it. While you may update to a newer software package, resolving an issue may require you to revert to the previously supported software package. We recommend configuring legacy hosts with appropriate software package versions using the Update Management policy.