Sophos Protection for Linux

Version 2023.1 New

New features

On-Access File Scanning.
You can now configure on-access scanning for the Sophos Linux Agent on your Linux devices. You can turn on on-access scanning for the Sophos Linux Agent in your server threat protection policies in Sophos Central. On-access scanning is turned off by default. See Server Threat Protection Policy.
Malware Quarantine.
We've introduced quarantine for the Sophos Linux Agent. This applies to both on-access and on-demand scanning. This gives your Linux devices additional protection by automatically quarantining suspicious files. Quarantine is based on a signature match.

Updated components

SPL-Base-Component has been updated to 1.2.2.
SPL-Anti-Virus-Plugin (Server Protection) has been updated to 1.1.0.
SPL-Endpoint-Detection-and-Response-Plugin has been updated to 1.1.8.
SPL-Live-Response-Plugin has been updated to 1.7.0.
SPL-Event-Journaler-Plugin has been updated to 1.0.4.
SPL-Runtime-Detection-Plugin has been updated to 5.4.0.

Components

Components and their version numbers by release. The second column contains the latest release.
Sophos Protection for Linux	2023.1 January 2023	2022.4 October 2022	1.2.0 September 2022	1.1.10 June 2022	1.1.9.1 March 2022	1.1.9 February 2022	1.1.8 November 2021	1.1.7.1 August 2021	1.1.7 July 2021	1.1.6 June 2021	1.1.5 April 2021	1.1.4 December 2020	1.1.3 August 2020	1.1.1 June 2020
SPL-Base-Component	1.2.2	1.2.1	1.2.0	1.1.10	1.1.9	1.1.9	1.1.8	1.1.7	1.1.7	1.1.6	1.1.5	1.1.4	1.1.3	1.1.1
SPL-Endpoint-Detection-and-Response-Plugin	1.1.8	1.1.7	1.1.7	1.1.6	1.1.5	1.1.5	1.1.4	1.1.2	1.1.2	1.1.2	1.1.1	1.1.0	1.0.2	1.0.1
SPL-Live-Response-Plugin	1.7.0	1.6.1	1.6.1	1.5.2	1.5.1	1.5.1	1.5.0	1.2.2	1.2.2	1.2.2	1.2.2	1.2.1	1.2.0
SPL-Anti-Virus-Plugin	1.1.0	1.0.8	1.0.7	1.0.6	1.0.5	1.0.5	1.0.4	1.0.3	1.0.2
SPL-Event-Journaler-Plugin	1.0.4	1.0.3	1.0.3	1.0.2	1.0.1	1.0.1	1.0.0
SPL-Runtime-Detection-Plugin	5.4.0	5.1.0	5.1.0	5.0.0	4.10.1	4.10.0	4.9.0

Version 2022.4

Updated components

SPL-Base-Component (Sophos Linux Base) has been updated to 1.2.1.
SPL-Anti-Virus-Plugin (Server Protection) has been updated to 1.0.8.

Version 1.2.0

Updated components

We've updated the names of our components.

Sophos Linux Base is now called SPL-Base-Component.

Server Protection is now called SPL-Anti-Virus-Plugin.

Sophos Live Discover plugin is now called SPL-Endpoint-Detection-and-Response-Plugin.

Sophos Linux Event Journaler is now called SPL-Event-Journaler-Plugin.

Sophos Linux Live Response is now called SPL-Live-Response-Plugin.

Sophos Linux Runtime Detection plugin is now called SPL-Runtime-Detection-Plugin.

SPL-Base-Component (Sophos Linux Base) has been updated to 1.2.0.
SPL-Endpoint-Detection-and-Response-Plugin (Sophos Live Discover plugin) has been updated to 1.1.7.
SPL-Live-Response-Plugin (Sophos Linux Live Response) has been updated to 1.6.1.
SPL-Anti-Virus-Plugin (Server Protection) has been updated to 1.0.7.
SPL-Event-Journaler-Plugin (Sophos Linux Event Journaler) has been updated to 1.0.3.
SPL-Runtime-Detection-Plugin (Sophos Linux Runtime Detection Plugin) has been updated to 5.1.0.

Version 1.1.10

New features

We now support Amazon Linux 2022, Ubuntu 22.04 (LTS), Oracle 8, Miracle Linux, Debian 10 and Debian 11. Earlier versions of Sophos Protection for Linux don't support these platforms.

Updated components

Sophos Linux Base has been updated to 1.1.10.
Sophos Live Discover plugin has been updated to 1.1.6.
Sophos Linux Live Response has been updated to 1.5.2.
Server Protection has been updated to 1.0.6.
Sophos Linux Event Journaler has been updated to 1.0.2.
Sophos Linux Runtime Detection Plugin has been updated to 5.0.0.

Version 1.1.9.1

Updated components

Sophos Linux Runtime Detection Plugin has been updated to 4.10.1.

Version 1.1.9

New features

Event Journals now record runtime detections to make them available in Live Discover.
Sophos Protection for Linux now reports endpoint health in Sophos Central.

Updated components

Sophos Linux Base has been updated to 1.1.9.
Sophos Live Discover Plugin has been updated to 1.1.5.
Sophos Linux Live Response has been updated to 1.5.1.
Server Protection has been updated to 1.0.5.
Sophos Linux Event Journaler has been updated to 1.0.1.
Sophos Linux Runtime Detection Plugin has been updated to 4.10.0.

Version 1.1.8

New features

We've added Event Journals to record AV detections to make them available in Live Discover and Sophos XDR.

New components

Sophos Linux Event Journaler is version 1.0.0.
Sophos Linux Runtime Detection Plugin is version 4.9.0.

Updated components

Sophos Linux Base has been updated to 1.1.8.
Sophos Live Discover Plugin has been updated to 1.1.4.
Sophos Linux Live Response has been updated to 1.5.0.
Server Protection has been updated to 1.0.4.

Version 1.1.7.1

Updated components

Server Protection has been updated to 1.0.3.

Version 1.1.7

New features

We've added Server Protection, an on-demand antivirus scanner. This uses a threat detection engine, including machine learning models, alongside signature-based protection.

Version 1.1.6

New features

You can assign products using the command line at install time if you use thin installer version 1.1.1 and later versions.

Version 1.1.5

New features

This version of Sophos Protection for Linux supports the XDR Data Lake capabilities in Sophos Central. Additionally, this version supports installing directly to a Sophos Central Group if you use thin installer version 1.0.8 and later versions.

Updated components

Sophos Linux Base has been updated to 1.1.5.
Sophos Live Discover plugin has been been updated to 1.1.1.
Sophos Linux Live Response has been updated to 1.2.2.

Version 1.1.4

Updated components

Sophos Linux Base has been updated to 1.1.4.
Sophos Live Discover plugin has been been updated to 1.1.0.
Sophos Linux Live Response has been updated to 1.2.1.

Version 1.1.3

New features

This version of Sophos Protection for Linux supports the EDR 3 capabilities in Sophos Central. Live Response allows admins to remotely connect to devices and get access to a command-line interface. This allows them to perform detailed investigations or to take prompt action to contain or remediate a threat.

Version 1.1.1

New features

This version of Sophos Protection for Linux supports the EDR 3 capabilities in Sophos Central. Live Discover allows admins to use osquery to search the device data across their estate to answer almost any question they can think of.

Note

You can't use the Sophos Protection for Linux agent in conjunction with Sophos Anti-Virus for Linux.

System requirements

Free disk space: 2.5 GB
Memory: 2 GB
System type: x64
Systemd supported and running
Kernel that supports glibc 2.17 or later
Bash is installed

Supported platforms

The following platforms and point releases have been tested:

Amazon Linux 2
Amazon Linux 2022
CentOS 7
CentOS Minimal
CentOS Stream
Debian 10
Debian 11
Miracle Linux 8
Oracle 7
Oracle 8
RHEL 7
RHEL 8
RHEL 9
Ubuntu 18.04 (LTS)
Ubuntu 20.04 (LTS)
Ubuntu 22.04 (LTS)
Ubuntu Minimal

Support

You can find technical support for Sophos products in any of these ways:

Visit Sophos Community at Sophos community and search for other users who are experiencing the same problem.
Visit Sophos support at Sophos support.
Find how-to, configuration and troubleshooting videos at Sophos Techvids video hub.

Legal notices

Copyright © 2023 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.