Sophos Protection for Linux

Version 2023.3 New

New features

Enterprise Software Management:

This release introduces Enterprise Software Management support for the Sophos Protection for Linux Agent. This provides additional flexibility for customers to test and control updates across their estate.
Enterprise Software Management is replacing Controlled Updates. You can still use Controlled Updates for Linux servers until they're turned off on January 31st, 2024.

Installation updates:

You can now configure a Message Relay and Update Cache during installation.
Updates to capture additional logging details to help troubleshoot installation failures.

On-access file scanning updates:

You can now configure on-read or on-write scanning for the on-access scanner.

Updated components

Sophos Protection for Linux has been updated to 2023.3.
Sophos Linux Base has been updated to 1.2.5.
Sophos Live Discover Plugin has been updated to 1.1.10.
Sophos Linux Live Response has been updated to 1.7.2.
Server Protection has been updated to 1.1.2.
Sophos Linux Event Journaler has been updated to 1.0.6.
Sophos Linux Runtime Detection Plugin has been updated to 5.6.0.

Components

Components and their version numbers by release. The second column contains the latest release.
Sophos Protection for Linux	2023.3 September 2023	2023.2 June 2023	2023.1.3 May 2023	2023.1.2 April 2023	2023.1 January 2023	2022.4 October 2022	1.2.0 September 2022	1.1.10 June 2022	1.1.9.1 March 2022	1.1.9 February 2022	1.1.8 November 2021	1.1.7.1 August 2021	1.1.7 July 2021	1.1.6 June 2021	1.1.5 April 2021	1.1.4 December 2020	1.1.3 August 2020	1.1.1 June 2020
SPL-Base-Component	1.2.5	1.2.4	1.2.3	1.2.3	1.2.2	1.2.1	1.2.0	1.1.10	1.1.9	1.1.9	1.1.8	1.1.7	1.1.7	1.1.6	1.1.5	1.1.4	1.1.3	1.1.1
SPL-Endpoint-Detection-and-Response-Plugin	1.1.10	1.1.9	1.1.8	1.1.8	1.1.8	1.1.7	1.1.7	1.1.6	1.1.5	1.1.5	1.1.4	1.1.2	1.1.2	1.1.2	1.1.1	1.1.0	1.0.2	1.0.1
SPL-Live-Response-Plugin	1.7.2	1.7.1	1.7.0	1.7.0	1.7.0	1.6.1	1.6.1	1.5.2	1.5.1	1.5.1	1.5.0	1.2.2	1.2.2	1.2.2	1.2.2	1.2.1	1.2.0
Server Protection	1.1.2	1.1.1	1.1.0	1.1.0	1.1.0	1.0.8	1.0.7	1.0.6	1.0.5	1.0.5	1.0.4	1.0.3	1.0.2
SPL-Event-Journaler-Plugin	1.0.6	1.0.5	1.0.4	1.0.4	1.0.4	1.0.3	1.0.3	1.0.2	1.0.1	1.0.1	1.0.0
SPL-Runtime-Detection-Plugin	5.6.0	5.3.0	5.0.99	4.0.99	5.4.0	5.1.0	5.1.0	5.0.0	4.10.1	4.10.0	4.9.0

Version 2023.2

New features

PUA Detections: Provides capability for detection of Potentially Unwanted Applications (PUAs) for Linux. PUA detection requires no additional policy configuration and is automatically enabled as part of on-demand or on-access scanning on the Sophos Linux Agent.

Updated components

Sophos Linux Base has been updated to 1.2.4.
Sophos Live Discover Plugin has been updated to 1.1.9.
Sophos Linux Live Response has been updated to 1.7.1.
Server Protection has been updated to 1.1.1.
Sophos Linux Event Journaler has been updated to 1.0.5.
Sophos Linux Runtime Detection Plugin has been updated to 5.3.0.

Version 2023.1.3

Updated components

SPL-Runtime-Detection-Plugin has been updated to 5.0.99.

Version 2023.1.2

Updated components

SPL-Base-Component has been updated to 1.2.3.
SPL-Runtime-Detection-Plugin has been updated to 4.0.99.

Version 2023.1

New features

On-Access File Scanning.
You can now configure on-access scanning for the Sophos Linux Agent on your Linux devices. You can turn on on-access scanning for the Sophos Linux Agent in your server threat protection policies in Sophos Central. On-access scanning is turned off by default. See Server Threat Protection Policy.
Malware Quarantine.
We've introduced quarantine for the Sophos Linux Agent. This applies to both on-access and on-demand scanning. This gives your Linux devices additional protection by automatically quarantining suspicious files. Quarantine is based on a signature match.

Updated components

SPL-Base-Component has been updated to 1.2.2.
SPL-Anti-Virus-Plugin (Server Protection) has been updated to 1.1.0.
SPL-Endpoint-Detection-and-Response-Plugin has been updated to 1.1.8.
SPL-Live-Response-Plugin has been updated to 1.7.0.
SPL-Event-Journaler-Plugin has been updated to 1.0.4.
SPL-Runtime-Detection-Plugin has been updated to 5.4.0.

Version 2022.4

Updated components

SPL-Base-Component (Sophos Linux Base) has been updated to 1.2.1.
SPL-Anti-Virus-Plugin (Server Protection) has been updated to 1.0.8.

Version 1.2.0

Updated components

We've updated the names of our components.

Sophos Linux Base is now called SPL-Base-Component.

Server Protection is now called SPL-Anti-Virus-Plugin.

Sophos Live Discover plugin is now called SPL-Endpoint-Detection-and-Response-Plugin.

Sophos Linux Event Journaler is now called SPL-Event-Journaler-Plugin.

Sophos Linux Live Response is now called SPL-Live-Response-Plugin.

Sophos Linux Runtime Detection plugin is now called SPL-Runtime-Detection-Plugin.

SPL-Base-Component (Sophos Linux Base) has been updated to 1.2.0.
SPL-Endpoint-Detection-and-Response-Plugin (Sophos Live Discover plugin) has been updated to 1.1.7.
SPL-Live-Response-Plugin (Sophos Linux Live Response) has been updated to 1.6.1.
SPL-Anti-Virus-Plugin (Server Protection) has been updated to 1.0.7.
SPL-Event-Journaler-Plugin (Sophos Linux Event Journaler) has been updated to 1.0.3.
SPL-Runtime-Detection-Plugin (Sophos Linux Runtime Detection Plugin) has been updated to 5.1.0.

Version 1.1.10

New features

We now support Amazon Linux 2022, Ubuntu 22.04 (LTS), Oracle 8, Miracle Linux, Debian 10 and Debian 11. Earlier versions of Sophos Protection for Linux don't support these platforms.

Updated components

Sophos Linux Base has been updated to 1.1.10.
Sophos Live Discover plugin has been updated to 1.1.6.
Sophos Linux Live Response has been updated to 1.5.2.
Server Protection has been updated to 1.0.6.
Sophos Linux Event Journaler has been updated to 1.0.2.
Sophos Linux Runtime Detection Plugin has been updated to 5.0.0.

Version 1.1.9.1

Updated components

Sophos Linux Runtime Detection Plugin has been updated to 4.10.1.

Version 1.1.9

New features

Event Journals now record runtime detections to make them available in Live Discover.
Sophos Protection for Linux now reports endpoint health in Sophos Central.

Updated components

Sophos Linux Base has been updated to 1.1.9.
Sophos Live Discover Plugin has been updated to 1.1.5.
Sophos Linux Live Response has been updated to 1.5.1.
Server Protection has been updated to 1.0.5.
Sophos Linux Event Journaler has been updated to 1.0.1.
Sophos Linux Runtime Detection Plugin has been updated to 4.10.0.

Version 1.1.8

New features

We've added Event Journals to record AV detections to make them available in Live Discover and Sophos XDR.

New components

Sophos Linux Event Journaler is version 1.0.0.
Sophos Linux Runtime Detection Plugin is version 4.9.0.

Updated components

Sophos Linux Base has been updated to 1.1.8.
Sophos Live Discover Plugin has been updated to 1.1.4.
Sophos Linux Live Response has been updated to 1.5.0.
Server Protection has been updated to 1.0.4.

Version 1.1.7.1

Updated components

Server Protection has been updated to 1.0.3.

Version 1.1.7

New features

We've added Server Protection, an on-demand antivirus scanner. This uses a threat detection engine, including machine learning models, alongside signature-based protection.

Version 1.1.6

New features

You can assign products using the command line at install time if you use thin installer version 1.1.1 and later versions.

Version 1.1.5

New features

This version of Sophos Protection for Linux supports the XDR Data Lake capabilities in Sophos Central. Additionally, this version supports installing directly to a Sophos Central Group if you use thin installer version 1.0.8 and later versions.

Updated components

Sophos Linux Base has been updated to 1.1.5.
Sophos Live Discover plugin has been been updated to 1.1.1.
Sophos Linux Live Response has been updated to 1.2.2.

Version 1.1.4

Updated components

Sophos Linux Base has been updated to 1.1.4.
Sophos Live Discover plugin has been been updated to 1.1.0.
Sophos Linux Live Response has been updated to 1.2.1.

Version 1.1.3

New features

This version of Sophos Protection for Linux supports the EDR 3 capabilities in Sophos Central. Live Response allows admins to remotely connect to devices and get access to a command-line interface. This allows them to perform detailed investigations or to take prompt action to contain or remediate a threat.

Version 1.1.1

New features

This version of Sophos Protection for Linux supports the EDR 3 capabilities in Sophos Central. Live Discover allows admins to use osquery to search the device data across their estate to answer almost any question they can think of.

Note

You can't use the Sophos Protection for Linux agent in conjunction with Sophos Anti-Virus for Linux.

System requirements

Free disk space: 2.5 GB
Memory: 2 GB
System type: x64
Systemd supported and running
glibc 2.17 or later
Bash is installed

Note

We test the two most recent point releases for all supported platforms.

Supported platforms

Minimum kernel versions are noted where applicable.

Amazon Linux 2
Amazon Linux 2022
CentOS 7 (3.10.0-1062 or later)
CentOS Minimal
CentOS Stream
Debian 10
Debian 11
Miracle Linux 8
Oracle 7 (3.10.0-1062 or later)
Oracle 8
RHEL 7 (3.10.0-1062 or later)
RHEL 8
RHEL 9
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 15
Ubuntu 18.04 (LTS) (4.15 or later)
Ubuntu 20.04 (LTS)
Ubuntu 22.04 (LTS)
Ubuntu Minimal

Support

You can find technical support for Sophos products in any of these ways:

Visit Sophos Community at Sophos community and search for other users who are experiencing the same problem.
Visit Sophos support at Sophos support.
Find how-to, configuration and troubleshooting videos at Sophos Techvids video hub.

Legal notices

Copyright © 2023 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.