With the release of Sophos Endpoint Security and Control 10 (licensed as Sophos Endpoint Protection 10) there are many new features and improvements.
This article is provided to give you an overview of the benefits of upgrading to Endpoint 10. For further information please see the release notes, product documentation and specific articles.
Known to apply to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control 10.0
The list below contains all of the 'new' features in Endpoint 10. Don't forget to also read what improvements we've made.
- Sophos Patch Assessment1
- The new patch assessment feature allows you to deploy an agent to endpoint computers that will identify missing patches and send this information back to the server, where you can view it in Sophos Enterprise Console.
- Patch assessment monitors the most widely used products from Adobe, Apple, Citrix, Microsoft and others. SophosLabs rates patches as critical, high, medium and low and tells you which threats a patch prevents so you can easily identify the most important ones.
- Web Filtering1
- You can now restrict access to certain categories of websites in order to control web usage and avoid any impact on workplace productivity.
- Like web content scanning, this feature supports the five major browsers: Internet Explorer, Firefox, Chrome, Safari, and Opera.
- Can be used in two different configurations:
- Endpoint only to control use of inappropriate websites which requires no extra hardware or software.
- Web Protection Suite combines our web appliance and endpoint web filtering. Policy syncs immediately with Endpoints through the cloud eliminating backhauling and reducing the number of needed gateway appliances.
- Integrated encryption1
- Full-disk encryption integrated into Endpoint 10 with no separate deployment or console required. Easily install full-disk encryption to your computers in just six clicks. Then check status, policy and user activity simply in our console.
- Please note that integrated Full Disk Encryption is not yet available in Enterprise Console 5.0; it will be available in Enterprise Console 5.1, currently scheduled for release in the second quarter of 2012.
1The Patch Assessment, Web Control and integrated encryption features are not included with all licenses. If you want to use them you may need to customize your license. For more information please see Pricing & Editions - Customize your security in 2 simple steps.
- Fewer restarts required when upgrading.
- The Upgrade Advisor is not a separate program and now runs during the installation and hence does not have to be run before the installer.
- New Installer Framework. There are now multiple Microsoft installer (MSI) files that gives you greater control of the installation. Also if you need to install the database via scripts they are automatically extracted and available if required.
- During the installation you can select an existing SQL Server instance for the Sophos database or choose to create a new SOPHOS instance. You cannot create a SQL instance of another name during the installation of the Console.
- Search function in console to locate a computer, by hostname or IP address, or range of computers by hostname. You can access the menu option from the console under: Edit | Find a computer (Ctrl+F). You can even use wildcards (*, ?) to find a range of computers matching the search term.
- Import or export exclusions from an Anti-Virus and HIPs policy
- Multiple selection of alerts and errors is now supported.
- SMTP server authentication.
- Management Console has a new color scheme and iconography, but there is no significant change to the layout.
- Now that we have introduced new features that generate events, we have given the event viewers more prominence in the console. You launch an event viewer from the Events menu in the taskbar at the top of the console.
- Faster start-up/boot times for computers.
- Increased on-access and on-demand scanning performance.
- Web content scanning protection has been re-written and is no longer dependent on Browser Helper Objects (BHO) that are only applicable to Internet Explorer. Web content scanning now supports all leading browsers Internet Explorer, Firefox, Chrome, Safari and Opera and with no BHO dependency making it more secure and tamperproof.
- Buffer Overflow Protection (BOPs) for Vista/ Windows 7 clients (which runs on 64-bit computers).
- The on-access scanner default settings are now set for best protection. The table below shows a comparison between the current default settings and the default setting of the previous version of Sophos Anti-Virus.
Note: The settings shown below are for a new install of Enterprise Console v5 and Sophos Anti-Virus v10. If you perform an upgrade your existing policy settings will be used.
|Option ||Setting is selected? |
|SAV 9.7 ||SAV 10.x |
|on-read ||Yes ||Yes |
|on-write ||No ||Yes |
|on-rename ||No ||Yes |
|'Automatically clean up items that contain virus/malware' ||No ||Yes |
For more information please see: Recommended on-access scanning settings for 10.x
- On-demand and scheduled scanning: The option to 'Automatically clean up items that contain virus/malware' is enabled for new on-demand scans. Right-click scans and Scan my computer will still retain the old setting and do not provide automatic clean up.
Endpoint changes to functionality that affects menus and terminology
The following menu options and wording have also been changed:
- 'Scan for suspicious files (HIPS)' has changed to 'Scan for suspicious files' as the scanning of suspicious files is not done at run-time like HIPS detections are.
- 'Suspicious behavior' has been changed to 'Behavior Monitoring'
- Behavior Monitoring is now split into five options (three options were present in 9.7)
- 'Alert only' options exist for both suspicious behavior and BOPS.
Note: If you selected the 'Alert only' option in version 9.7 both HIPs and BOPs settings will inherit the 'Alert only' option.
- 'Alert only' option only relates to suspicious behavior and does not relate to malicious behavior.
- Disabling ‘malicious behavior’ will disable HIPS scanning.
- The 'Options' tab under on-access settings has been removed and the settings previously shown there have moved to the 'Scanning' tab.
Virus alerting to the end user
Whether a threat has been cleaned up or not the end user will see a balloon message advising of the detection and that it has been moved to the quarantine manager.
We have designed the alerting this way as, and to not show a success or failure message due to:
- At the time of the alert it is not possible to determine the precise outcome of the cleanup routine - if one is set. Hence for best protection it is advisable to alert the end user.
- A secondary message to advise of the outcome could, in certain scenarios, bombard the user (i.e., file infectors).
And remember you can always disable balloons altogether if you like.
Virus reporting to the console
Due to the change in enabling automatic cleanup, virus alerts that correspond to a threat that has been successfully dealt with, will not appear on the console Dashboard and there will no warning shown against the computer (because there is no action required on your part). However you will see detections and actions under the computer details for a computer for reference and the detections will appear in any threat reports you run.