These are the release notes for Sophos Protection for Linux, managed by Sophos Central.
The features mentioned in these release notes are only available if you have the appropriate license.
You may find that you can't yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.
View the product documentation at Sophos Central.
There are no new features for this release.
Resolved an issue affecting SPL package upgrades.
Sophos Protection for Linux | 2024.2.1 September 2024 |
2024.2 June 2024 |
2024.1 February 2024 |
2023.4 November 2023 |
2023.3 September 2023 |
2023.2 June 2023 |
2023.1.3 May 2023 |
2023.1.2 April 2023 |
2023.1 January 2023 |
2022.4 October 2022 |
1.2.0 September 2022 |
1.1.10 June 2022 |
1.1.9.1 March 2022 |
1.1.9 February 2022 |
1.1.8 November 2021 |
1.1.7.1 August 2021 |
1.1.7 July 2021 |
1.1.6 June 2021 |
1.1.5 April 2021 |
1.1.4 December 2020 |
1.1.3 August 2020 |
1.1.1 June 2020 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SPL-Base-Component | 1.2.9 | 1.2.8 | 1.2.7 | 1.2.6 | 1.2.5 | 1.2.4 | 1.2.3 | 1.2.3 | 1.2.2 | 1.2.1 | 1.2.0 | 1.1.10 | 1.1.9 | 1.1.9 | 1.1.8 | 1.1.7 | 1.1.7 | 1.1.6 | 1.1.5 | 1.1.4 | 1.1.3 | 1.1.1 |
SPL-Endpoint-Detection-and-Response-Plugin | 1.1.13 | 1.1.13 | 1.1.12 | 1.1.11 | 1.1.10 | 1.1.9 | 1.1.8 | 1.1.8 | 1.1.8 | 1.1.7 | 1.1.7 | 1.1.6 | 1.1.5 | 1.1.5 | 1.1.4 | 1.1.2 | 1.1.2 | 1.1.2 | 1.1.1 | 1.1.0 | 1.0.2 | 1.0.1 |
SPL-Live-Response-Plugin | 1.7.5 | 1.7.5 | 1.7.4 | 1.7.3 | 1.7.2 | 1.7.1 | 1.7.0 | 1.7.0 | 1.7.0 | 1.6.1 | 1.6.1 | 1.5.2 | 1.5.1 | 1.5.1 | 1.5.0 | 1.2.2 | 1.2.2 | 1.2.2 | 1.2.2 | 1.2.1 | 1.2.0 | |
SPL-Anti-Virus-Plugin | 1.1.5 | 1.1.5 | 1.1.4 | 1.1.3 | 1.1.2 | 1.1.1 | 1.1.0 | 1.1.0 | 1.1.0 | 1.0.8 | 1.0.7 | 1.0.6 | 1.0.5 | 1.0.5 | 1.0.4 | 1.0.3 | 1.0.2 | |||||
SPL-Event-Journaler-Plugin | 1.1.0 | 1.1.0 | 1.0.8 | 1.0.7 | 1.0.6 | 1.0.5 | 1.0.4 | 1.0.4 | 1.0.4 | 1.0.3 | 1.0.3 | 1.0.2 | 1.0.1 | 1.0.1 | 1.0.0 | |||||||
SPL-Runtime-Detection-Plugin | 5.9.1 | 5.9.1 | 5.8.0 | 5.7.0 | 5.6.0 | 5.3.0 | 5.0.99 | 4.0.99 | 5.4.0 | 5.1.0 | 5.1.0 | 5.0.0 | 4.10.1 | 4.10.0 | 4.9.0 | |||||||
SPL-Response-Actions-Plugin | 1.1.0 | 1.1.0 | 1.0.3 | 1.0.2 | 1.0.1 | 1.0.0 | ||||||||||||||||
SPL-Device-Isolation-Plugin | 1.1.0 | 1.1.0 | 1.0.0 |
You can now configure on-access scanning for the Sophos Linux Agent on your Linux devices. You can turn on on-access scanning for the Sophos Linux Agent in your server threat protection policies in Sophos Central. On-access scanning is turned off by default. See Server Threat Protection Policy.
We've introduced quarantine for the Sophos Linux Agent. This applies to both on-access and on-demand scanning. This gives your Linux devices additional protection by automatically quarantining suspicious files. Quarantine is based on a signature match.
We've updated the names of our components.
Sophos Linux Base is now called SPL-Base-Component.
Server Protection is now called SPL-Anti-Virus-Plugin.
Sophos Live Discover plugin is now called SPL-Endpoint-Detection-and-Response-Plugin.
Sophos Linux Event Journaler is now called SPL-Event-Journaler-Plugin.
Sophos Linux Live Response is now called SPL-Live-Response-Plugin.
Sophos Linux Runtime Detection plugin is now called SPL-Runtime-Detection-Plugin.
We now support Amazon Linux 2022, Ubuntu 22.04 (LTS), Oracle 8, Miracle Linux, Debian 10 and Debian 11. Earlier versions of Sophos Protection for Linux don't support these platforms.
We've added Server Protection, an on-demand antivirus scanner. This uses a threat detection engine, including machine learning models, alongside signature-based protection.
You can assign products using the command line at install time if you use thin installer version 1.1.1 and later versions.
This version of Sophos Protection for Linux supports the XDR Data Lake capabilities in Sophos Central. Additionally, this version supports installing directly to a Sophos Central Group if you use thin installer version 1.0.8 and later versions.
This version of Sophos Protection for Linux supports the EDR 3 capabilities in Sophos Central. Live Response allows admins to remotely connect to devices and get access to a command-line interface. This allows them to perform detailed investigations or to take prompt action to contain or remediate a threat.
This version of Sophos Protection for Linux supports the EDR 3 capabilities in Sophos Central. Live Discover allows admins to use osquery to search the device data across their estate to answer almost any question they can think of.
You can't use the Sophos Protection for Linux agent in conjunction with Sophos Anti-Virus for Linux.
We test the two most recent point releases for all supported platforms.
ARM64 systems require a minimum kernel of 5.3. This is due to a lack of support for user-space access monitors in kernel probes (kprobes) before the 5.3 release. This affects some ARM System-on-Chip (SoC) devices.
Minimum kernel versions for x86_64 systems are noted where applicable.
You can find technical support for Sophos products in any of these ways:
Copyright © 2023 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.