These are the release notes for Sophos Endpoint Security and Control for Windows Preview versions, managed by Sophos Enterprise Console or standalone.
Some of the features mentioned in these release notes are only available on managed computers or if you have the appropriate license.
You may find that you can't yet download and use the latest version on the lists below. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.
You can find information on earlier releases, for up to the last two years, at Earlier releases.
You can find the product documentation, here Sophos Endpoint Security and Control.
The Sophos Client Firewall and Sophos Patch Agent components are now retired. They have been replaced by stub components.
Sophos Endpoint Defense is updated to version 22.214.171.12439.
|WINEP-34794||Sophos Endpoint Defense||Blocked from taking remediation steps in Safe Mode by Tamper Protection|
|Sophos Endpoint Security and Control||10.8.11
|Threat detection engine||3.82.1||3.82.1||3.82.0||3.80.1||3.79.0||3.79.0||3.77.1||3.77.1||3.74.1||3.74.1|
|Sophos Client Firewall
Windows 8 and later
|Sophos Client Firewall
Windows 7 and earlier
|Sophos Patch Agent||126.96.36.199 (stub)||1.0.314.11||1.0.314.11||1.0.314.11||1.0.314.11||1.0.314.11||1.0.313.30||1.0.313.30||1.0.313.30||1.0.313.30|
|Sophos Web Control||1.7.20||1.7.20||1.7.20||1.7.20||1.7.20||1.5||1.5||1.5||1.5||1.5|
|Sophos Remote Management System||188.8.131.52||184.108.40.206||220.127.116.11||18.104.22.168||22.214.171.124||126.96.36.199||188.8.131.52||184.108.40.206||220.127.116.11||18.104.22.168|
|Sophos Network Threat Protection||1.9.2235||1.9.2235||1.9.2235||1.9.2235||1.9.2235||1.9.2235||1.9.2235||22.214.171.12400||126.96.36.19900||188.8.131.5200|
|Sophos Endpoint Defense||184.108.40.20639||220.127.116.1172||18.104.22.16872||22.214.171.12472||126.96.36.19950||188.8.131.5250||184.108.40.20605||220.127.116.1100||18.104.22.16800||22.214.171.12400|
Standalone installations include the Sophos Web Control component but it only provides malicious website blocking.
Threat detection engine has been updated to 3.82.1.
Sophos Anti-Virus has been updated to 10.8.11.22.
Threat detection engine has been updated to 3.82.0.
|WINEP-30513||Sophos AntiVirus||Resolved an issue where Sophos AntiVirus stopped BeyondTrust PowerBroker applying its identity rules on Windows 10.|
Sophos Anti-Virus has been updated to 10.8.10.810.
Sophos AutoUpdate has been updated to 5.17.243.
Threat detection engine has been updated to 3.80.1.
Sophos Endpoint Defence has been updated to 126.96.36.19972.
|WINEP-24935||Sophos AutoUpdate||Resolved an authentication issue that stopped Sophos Anti-Virus updating.|
|WINEP-27363||Sophos Anti-Virus||Resolved an issue with Real Time Protection messages being sent when a machine restarts.|
Sophos Anti-Virus has been updated to 10.8.9.610.
Sophos Web Control has been updated to 1.7.20.
This release contains various fixes and updates.
This release includes support for the Vivaldi browser, including web protection, web control, download reputation, and data leakage prevention.
This release includes data leakage prevention support for computers with secure boot turned on.
Sophos Patch Agent now supports Windows 2019 Server.
Sophos Anti-Virus has been updated to 10.8.9.292.
Sophos Endpoint Defense has been updated to 188.8.131.5250.
Sophos Patch Agent has been updated to 1.0.314.11.
The threat detection engine has been updated from 3.77.1 to 3.79.0.
|WINEP-21540||Sophos Anti-Virus||Resolved an issue in which custom ports weren't retained after upgrade.|
Sophos Anti-Virus has been updated to support %public% as an environment variable in file, folder, or process exclusions.
Kanguru Defender Elite200 and IronKey D300S have been added to the list of secure devices in device control.
Sophos Anti-Virus has been updated to 10.8.6.215.
Sophos AutoUpdate has been updated to 5.16.37.
Sophos Network Threat Protection has been updated to 1.9.2235.
Sophos Endpoint Defense has been updated to 184.108.40.20605.
|WINEP-9227||Sophos Anti-Virus||Resolved an issue in which Windows stops unexpectedly on computers that have upgraded to Sophos Anti-Virus 10.6.4 and have IBM Clear Case installed.|
|WINEP-11677||Sophos Anti-Virus||Resolved an issue on Windows 10 or Server 2016 in which the text on the Messaging tab of the application control policy is truncated.|
|WINEP-20496||Sophos Web Control||Resolved an issue in which an upgrade could fail leaving protection disabled.|
|WINEP-18719||Sophos Anti-Virus||Resolved an issue in which Windows stops unexpectedly. Related to scanning files on network shares in the process of being modified by certain co-existing products.|
|WINEP-16468||Sophos Anti-Virus||Resolved an issue in which an internal on-access driver error 112 is logged when the user tries to upload .cab files to an FTP server using a batch file.|
|WINEP-21052||Sophos Anti-Virus||Resolved an issue in which Windows stops unexpectedly with a WIN32K_POWER_WATCHDOG_TIMEOUT error on laptops when changing between power states.|
|WINEP-22138||Sophos Anti-Virus||Resolved an issue in which Windows stops unexpectedly when the kernel stack has been exhausted|
|WINEP-17474||Sophos Anti-Virus||Resolved an issue in which data loss prevention checks are not suppressed while File Open and File Save dialog boxes are open.|
|WINEP-16651||Sophos Anti-Virus||Resolved an issue with Web Protection failures on Citrix servers when they are under load.|
|WINEP-13785||Sophos Endpoint Security and Control||Resolved data loss prevention issues with file creation on USB drive, file transfer, and Microsoft Outlook attachments on Windows 7 and 10.|
|WINEP-15728||Sophos Anti-Virus||Resolved an issue in which a file transfer is unexpectedly blocked by data control on an NTFS stream.|
|WINEP-19087||Sophos Anti-Virus||Resolved an issue on Windows Server 2016 in which browsing to some web sites is blocked by data control.|
|WINEP-15982||Sophos Anti-Virus||Resolved an issue in which Sophos Anti-Virus installation fails because of a failure in CreateUserGroups.|
The threat detection engine has been updated from 3.74.1 to 3.77.1.
Sophos AutoUpdate has been updated to 5.15.166.
|WINEP-12971||Sophos AutoUpdate||Resolved an issue with Sophos Anti-Virus failing to update.|
|WINEP-16773||Sophos AutoUpdate||Resolved an issue with unlocking computers with an identity agent installed if Almon.exe is running.|
|WINEP-17442||Sophos AutoUpdate||License expiry message is now available in all languages.|
Client Boot Strap has been updated.
|WINEP-1819||Sophos Client Firewall||After an upgrade from Windows 7 to Windows 10, the firewall Windows 7 driver
SCFNdis.sys is migrated but can't be loaded and may cause a
system error when the computer is booted.
To resolve this issue, browse to the folder C:\Windows\System32\drivers and delete the file SCFNdis.sys.
|WINEP-1818||Sophos Patch||In Enterprise Console, in the Protect Computers Wizard,
Windows 10 is not listed in the list of platforms on which Patch is available, even
though Sophos Patch Agent can be installed on Windows 10.
Even though Sophos Patch Agent will install on Windows 10, it is not currently supported on it and will not report missing patch information.
|WINEP-1770||Sophos Anti-Virus||Sophos Anti-Virus doesn’t support Hypervisor enforced Code Integrity introduced in the Enterprise lockdown mode.|
|WINEP-1758||Sophos Client Firewall||On Windows 10, a dual location firewall policy can't be applied to an endpoint
when both locations are visible (this includes VPN connections). The following
errors appear in the firewall system log:
Workaround: Disable configuration for a secondary location, or use Windows Firewall instead.
|WINEP-323||Sophos Malicious Traffic Detector||can't exclude from scanning non-local processes that you excluded in the Cloud console if they started before the sntp (Sophos Network Threat Protection) driver starts.|
|WINEP-284||Sophos Malicious Traffic Detector||In cleanup events, the user may be incorrectly reported as "System", although the correct user is reported for the initial detection.|
|DEF79180||Data Control||Files that breach a data control rule can still be transferred to a Windows 8 storage pool.|
|DEF84838||Installer||Protecting Windows 8 or Windows Server 2012 computers that are in a workgroup from
Sophos Enterprise Console 5.1 on Windows Server 2008 or Windows Server 2008 R2 fails
with the errors "Failed to launch setup.exe" and "2147942405".
For more information and instructions on how to enable deployment, see knowledge base article 118354.
|Sophos Anti-Virus||On 64-bit computers upgraded from Windows 8.1 to Windows 10, in the 32-bit version
of Windows Explorer, the right-click option Scan with Sophos
Anti-Virus does not work. (The option works correctly in the native
64-bit version of Windows Explorer.) This is due to a missing Sophos registry key,
that has not been migrated during the OS upgrade.
To resolve this issue, re-protect the computers: in Enterprise Console, select the computers you want to re-protect, right-click, and then click Protect Computers. Follow the steps in the Protect Computers Wizard. Alternatively, to manually re-protect a computer, follow the steps provided in knowledge base article 12386.
|Sophos Anti-Virus||After an upgrade from Windows 8.1 (either 64-bit or 32-bit) to Windows 10, if a
computer is started in safe mode, the Sophos Anti-Virus service (SAVService.exe)
fails to start. This is due to a missing Sophos registry key, that has not been
migrated during the OS upgrade.
To resolve this issue, re-protect the computers.
|Sophos Anti-Virus||After an upgrade from Windows 8.1 (either 64-bit or 32-bit) to Windows 10, the
Sophos Healthcheck tool fails with warnings
about missing registry keys. This is because some of the Sophos registry keys have
not been migrated during the OS upgrade.
To resolve this issue, re-protect the computers.
|Sophos Anti-Virus||When a computer is upgraded to Windows 10, the following error may be reported
against it in Enterprise Console:
These errors can be safely ignored. To remove them from Enterprise Console, after the computer has been upgraded to Windows 10, right-click the computer, click Resolve Alerts and Errors, select the errors and click Acknowledge.
|Sophos Client Firewall||After upgrading to Windows 10 a computer with a standalone installation of Sophos
Endpoint Security and Control that includes Sophos Client Firewall, the firewall
configuration can't be applied. The following errors are logged in the firewall
To resolve this issue, restart the computer.
|Sophos Client Firewall||It is not possible to deploy Sophos Anti-Virus and Sophos Client Firewall to a
Windows 10 endpoint at the same time from Sophos Enterprise Console.
Workaround: Deploy Sophos Anti-Virus first, and then re-run the Protect Computers Wizard and deploy Sophos Client Firewall.
|Sophos Client Firewall||On upgrade to Windows 10, Sophos Client Firewall loses all custom
configuration settings and reverts to the default settings. Custom configuration
settings need to be re-applied following the upgrade.
|Sophos Anti-Virus, Sophos Web Control||Sophos web protection and web control use a Layered Service Provider (LSP) to intercept network traffic. If web protection or web control is turned on while an incompatible third-party LSP is running, system instability can occur. Therefore, if a third-party LSP that is known to be incompatible is already installed on the computer, the Sophos LSP is not installed. For more information, see https://www.sophos.com/en-us/support/knowledgebase/116241.aspx.|
Sophos Endpoint Security and Control is supported on Windows XP/2003/Vista/2008/7/8/2012/Windows 10. For a full list of system requirements, see System Requirements for Antivirus protection for Windows.
To find out which maintenance version of Sophos Endpoint Security and Control (for example, 10.3.7) is running on your computer:
Automatic deployment of Sophos Endpoint Security and Control to Windows 8 and Windows Server 2012 from Sophos Enterprise Console requires Sophos Enterprise Console 5.1 or later.
Automatic deployment of Sophos Endpoint Security and Control to Windows 8.1 and Windows Server 2012 R2 from Sophos Enterprise Console requires Sophos Enterprise Console 5.2.1 R2 or later.
If you are using Sophos Enterprise Console 5.0 or earlier, you can install the software by running the installer from a bootstrap location that contains a software subscription for version 10.3. For more information on manual installation, see knowledge base article 12386.
Hidden process detection
Modified memory detection
Rawsocket applications (rawsockets are treated the same as other connections)
The option Concurrent connections for TCP rules
The option Where the local port is equal to the remote port
When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer.
Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.
When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:
|Sophos software||Shared Windows components||File names||Versions||Date of inclusion with Sophos software|
|Sophos Anti-Virus||Microsoft XML Core Services||msxml4.dll||4.30.2100.0||September 2009|
|Sophos Anti-Virus||Microsoft XML Core Services||msxml4r.dll||4.30.2100.0||September 2009|
|Sophos Anti-Virus||ATL Library||atl90.dll||9.0.30729.4148||June 2013|
|Sophos Anti-Virus||Microsoft Visual C/C++ Runtime Libraries||msvcm90.dll||9.0.30729.4148||June 2013|
|Sophos Anti-Virus||Microsoft Visual C/C++ Runtime Libraries||msvcp90.dll||9.0.30729.4148||June 2013|
|Sophos Anti-Virus||Microsoft Visual C/C++ Runtime Libraries||msvcr90.dll||9.0.30729.4148||June 2013|
|Sophos Client Firewall 3.0 for Windows 8||Microsoft XML Core Services||msxml4.dll||4.30.2100.0||June 2013|
|Sophos Client Firewall 3.0 for Windows 8||Microsoft XML Core Services||msxml4r.dll||4.30.2100.0||June 2013|
|Sophos Client Firewall 3.0 for Windows 8||Microsoft Visual C/C++ Runtime Libraries||msvcm90.dll||9.0.30729.6161||June 2013|
|Sophos Client Firewall 3.0 for Windows 8||Microsoft Visual C/C++ Runtime Libraries||msvcp90.dll||9.0.30729.6161||June 2013|
|Sophos Client Firewall 3.0 for Windows 8||Microsoft Visual C/C++ Runtime Libraries||msvcr90.dll||9.0.30729.6161||June 2013|
|Sophos Client Firewall 2.9 for Windows 7 and earlier||Microsoft XML Core Services||msxml4.dll||4.30.2100.0||September 2009|
|Sophos Client Firewall 2.9 for Windows 7 and earlier||Microsoft XML Core Services||msxml4r.dll||4.30.2100.0||September 2009|
|Sophos Client Firewall 2.9 for Windows 7 and earlier||Microsoft Visual C/C++ Runtime Libraries||msvcm90.dll||9.0.30729.6161||October 2013|
|Sophos Client Firewall 2.9 for Windows 7 and earlier||Microsoft Visual C/C++ Runtime Libraries||msvcp90.dll||9.0.30729.6161||October 2013|
|Sophos Client Firewall 2.9 for Windows 7 and earlier||Microsoft Visual C/C++ Runtime Libraries||msvcr90.dll||9.0.30729.6161||October 2013|
You can find technical support for Sophos products in any of these ways:
Copyright © 2021 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.