Endpoint security and control downloads page

Resolved issues Resolved issues for this release. Related to scanning files on network shares in the process of being modified by certain co-existing products. Version Note Even though Sophos Patch Agent will install on Windows 10, it is not currently supported on it and will not report missing patch information.

Workaround: Disable configuration for a secondary location, or use Windows Firewall instead. For more information and instructions on how to enable deployment, see knowledge base article To resolve this issue, re-protect the computers: in Enterprise Console, select the computers you want to re-protect, right-click, and then click Protect Computers. Follow the steps in the Protect Computers Wizard. Alternatively, to manually re-protect a computer, follow the steps provided in knowledge base article Web Protection is no longer functional.

The filtering driver has been bypassed or unloaded. To remove them from Enterprise Console, after the computer has been upgraded to Windows 10, right-click the computer, click Resolve Alerts and Errors, select the errors and click Acknowledge. Failed to update the filter rules, error To resolve this issue, restart the computer.

After the upgrade to Windows 10, import the configuration file: under Firewall, click Configure firewall, and then click Import.

For a full list of system requirements, see System Requirements for Antivirus protection for Windows. To find out which maintenance version of Sophos Endpoint Security and Control for example, If you are using Sophos Enterprise Console 5.

For more information on manual installation, see knowledge base article When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer. Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.

When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded:. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

All other product and company names mentioned are trademarks or registered trademarks of their respective owners. Sophos Remote Management System is updated to version 4. Threat Detection Engine is updated to version 3. Resolved issues Security enhancements and efficiency improvements. Components Components and their version numbers by release. The second column contains the latest release. Sophos Endpoint Security and Control Sophos Client Firewall Windows 8 and later is now version 1. Also found under Manage are Device compliance and Conditional access policies.

These policies types aren't focused security policies for configuring endpoints, but are important tools for managing devices and access to your corporate resources. Use device compliance policy to establish the conditions by which devices and users are allowed to access your network and company resources. The available compliance settings depend on the platform you use, but common policy rules include:.

In addition to the policy rules, compliance policies support Actions for non-compliance. These actions are a time-ordered sequence of actions to apply to non-compliant devices. Actions include sending email or notifications to alert device users about non-compliance, remotely locking devices, or even retiring non-compliant devices and removing any company data that might be on it. When you integrate Intune with Azure AD conditional access policies to enforce compliance policies, Conditional access can use the compliance data to gate access to corporate resources for both managed devices, and from devices that you don't manage.

To learn more, see Set rules on devices to allow access to resources in your organization using Intune. Device compliance policies are one of several methods in Intune to configure settings on devices.

When managing settings, it's important to understand what other methods are in use in your environment that can configure your devices, and to avoid conflicts. Intune passes the results of your device compliance policies to Azure AD, which then uses conditional access policies to enforce which devices and apps can access your corporate resources.

To learn more about using conditional access with Intune, see Learn about Conditional Access and Intune. When you integrate Microsoft Defender for Endpoint with Intune, you improve your ability to identify and respond to risks.

While Intune can integrate with several Mobile Threat Defense partners , when you use Microsoft Defender for Endpoint you gain a tight integration between Microsoft Defender for Endpoint and Intune with access to deep device protection options, including:. To manage tasks in the Endpoint security node of the Microsoft Endpoint Manager admin center, an account must:. Many of the settings you can configure for devices can be managed by different features in Intune.

These features include but aren't limited to:. For example, the settings found in Endpoint security policies are a subset of the settings that are found in endpoint protection and device restriction profiles in device configuration policy, and which are also managed through various security baselines.

One way to avoid conflicts is to not use different baselines, instances of the same baseline, or different policy types and instances to manage the same settings on a device.

This requires planning which methods you'll use to deploy configurations to different devices. When you use multiple methods or instances of the same method to configure the same setting, ensure your different methods either agree or aren't deployed to the same devices. If conflicts happen, you can use Intune's built-in tools to identify and resolve the source of those conflicts.

For more information, see:. Skip to main content. This browser is no longer supported. Sophos Client Firewall Windows 8 and later is now version 1. Sophos Client Firewall Windows 7 and earlier is now version 1. Sophos Patch Agent is now version 1.

Sophos Endpoint Defense is updated to version 2. Resolved issues Resolved issues for this release. Resolved issues for this release. Related to scanning files on network shares in the process of being modified by certain co-existing products. Note This update doesn't require a reboot. Known issues Known issues, listed by ID, affected component and a description of the issue. To resolve this issue, re-protect the computers. This is because some of the Sophos registry keys have not been migrated during the OS upgrade.

The filtering driver has been bypassed or unloaded 0xac This issue is caused by Sophos Client Firewall blocking the web protection processes.

Sophos Client Firewall - After upgrading to Windows 10 a computer with a standalone installation of Sophos Endpoint Security and Control that includes Sophos Client Firewall, the firewall configuration can't be aplied. The following errors are logged in the firewall system log: Failed to configure the firewall.

To resolve this issue, restart the computer. Windows 10 support Sophos Client Firewall - On upgrade to Windows 10, Sophos Client Firewall loses all custom configuration settings and reverts to the default settings.

Custom configuration settings need to be re-applied following the upgrade. If you use Sophos Enterprise Console to manage Sophos Client Firewall, re-apply the firewall policy to the computer after you upgrade it to Windows Right-click the computer, click Comply with and then click Group Firewall Policy.

If you use a standalone installation of Sophos Endpoint Security and Control and Sophos Client Firewall, before you start the upgrade to Windows 10, export the firewall configuration to a file: open Sophos Endpoint Security and Control and on the Home page, under Firewall, click Configure firewall, click Export and save the configuration file. The following errors appear in the firewall system log: Failed to configure the firewall Failed to update the filter rules error Workaround: Disable configuration for a secondary location, or use Windows Firewall instead.

If web protection or web control is turned on while an incompatible third-party LSP is running, system instability can occur. Therefore, if a third-party LSP that is known to be incompatible is already installed on the computer, the Sophos LSP is not installed. For more information, see knowledge base article In the left-hand pane, under Help and information, click View product information.

Support for Windows 8, Windows 8. If you specify a user-defined message to be displayed in desktop messages, it is not displayed in toasts. If Sophos Anti-Virus cleans up a threat that affects a Windows Store app, it marks the app as tampered with.

This causes Windows to offer the user the ability to re-download and re-install the app. If the user attempts a rootkit scan on this file system, a message will be logged in the Sophos Anti-Viruslog telling them that rootkit scanning is not supported. When you install Sophos Client Firewall, all network adapters are temporarily disconnected. This results in network connections being unavailable for up to 20 seconds and the disconnection of networked applications such as Microsoft Remote Desktop.

When the log is displayed in a view that auto-refreshes such as Allowed connections , the view stops refreshing if the service is under a heavy load.

After changing to a different view and then back again, auto-refreshing works normally. Application Control When Sophos Anti-Virus detects a controlled application on a remote share, the alert always shows that the application was detected on the local computer. Sophos Device Control Sophos Device Control does not block removable storage devices that are used as system drives, as this typically destabilizes the operating system.

Shared Windows components When you install Sophos software, some Windows components that might also be used by non-Sophos software are also installed or upgraded: Known issues, listed by ID, affected component and a description of the issue.