Version 1.5.3
New features
Risk-Free for 30 Days – Get Sophos (off)Sophos Security Features. Sophos Home Premium is an effective and easy-to-use antivirus which can protect up to 10 devices. Sophos is relatively minimalistic in terms of both design and features, but this is what makes it a good choice for non-technical users.
This version introduces support for macOS 11 Big Sur.
Version 1.5.2
This article covers how to troubleshoot Sophos Home issues on macOS 11 - Big Sur. TROUBLESHOOTING Post installation (or upgrade) issues on Big Sur. Sophos Home requires 4 steps in order to run on Big Sur (macOS 11) 1 - Enabling System Extensions 2 - Allowing Notifications. 3 - Granting Full Disk Access to components 4 - Rebooting the Mac. Support for macOS 11 Big Sur. New in SafeGuard Enterprise 8.3. Sophos SafeGuard Easy releases that can be migrated to SafeGuard Enterprise. Tokens and smartcards. As the most revolutionary update to Apple’s operating system in years, the macOS 11 Big Sur is a major milestone in macOS history. And, its release coincides with Apple's newly-launched MacBook.
New features
Added support for Secure Enclave (iMac 2019 and MacBook Air 2019).
Discontinued support for macOS 10.12.x.
Unsupported file system warning messages (for example a Linux partition) are now reported only once in Sophos Central.
We no longer list unsupported file systems when running the command-line tool 'seadmin'.
Resolved issues
| Issue ID | Description |
|---|---|
| MACDP-854 | Resolved an issue in which the macOS message 'Enter a password to unlock' doesn't disappear after the same user password is confirmed. |
| MACDP-847 | Resolved an issue in which encryption doesn't start when internet connectivity is disabled. |
| MACDP-845 | Resolved an issue in which encryption doesn't start automatically until you have signed in again or restarted. |
Version 1.5.1
New features
This version introduces support for macOS Catalina 10.15.
Version 1.5
New features
You can now rotate the recovery key without needing a password. This applies to macOS 10.14.
Added support for the newly introduced 'Dark Mode' on macOS Mojave 10.14.
Added support for Secure Enclave (iMac Pro and new MacBooks).
Added support to encrypt the boot volume only, which is a new policy setting in Sophos Central.
Added a check and a warning if the current user doesn't have a mobile account, which is needed to enable FileVault 2.
Added SDU support to the command-line tool seadmin (SDU information now contains seadmin result).
Resolved issues
| Issue ID | Description |
|---|---|
| MACDP-573 | Resolved an issue with Sophos Central Encryption failing to send the recovery key to Sophos Central. |
| MACDP-462 | Resolved an issue in which the recovery key was missing after upgrading to macOS High Sierra. |
| MACDP-726 | Resolved an issue with SophosEncryptionD not handling the unexpected output of diskutil information. |
Early Access Program: Endpoint Protection for macOS 11
Join our EAP to try Endpoint Protection for macOS 11 Big Sur in your test environment. Read more
Current Endpoint Protection doesn't support macOS 11
Endpoint Protection isn't generally available for macOS 11 Big Sur. If you use Endpoint Protection, don't upgrade Macs in your production environment yet.
Device Encryption now supports macOS 11
Central Device Encryption 1.5.3 supports macOS 11 Big Sur. We've updated your Macs to 1.5.3 automatically. So if they only have Central Device Encryption (no Endpoint Protection), you can upgrade them to macOS 11.
macOS 11 Big Sur: No Endpoint Protection support yet
Endpoint Protection doesn't support macOS 11 Big Sur yet. If you use Endpoint Protection, please don't upgrade Macs until support is available. An EAP release is coming soon.
macOS 11 Big Sur: Device Encryption support available now
Central Device Encryption 1.5.3 supports macOS 11 Big Sur. We've updated your Macs to 1.5.3 automatically. So if your Macs only have Central Device Encryption (no Endpoint Protection), you can upgrade them to macOS 11 now.
Multi-firewall reporting
With Central Firewall Reporting Advanced, you can now include multiple firewalls in a single report. The Report Hub and Report Generator both support multi-device reporting. Read more
Changes in AD Sync credentials
You'll need to use API credentials for AD Sync, instead of a Sophos Central username and password, from February 2021. This means that you no longer need Sophos Central accounts with multi-factor authentication turned off. If your AD Sync client is earlier than 3.3.4 (check in the Diagnostic screen), you must upgrade before you can switch to API credentials. Read more
Connection tracking for Windows endpoints and servers
We're adding a new threat protection policy option, 'Track network connections'. This will improve our detection capabilities. Read more
XG Firewall: Scheduled and bulk firmware updates
If you have XG Firewall 18 MR3 or later, you can now schedule firmware updates. You can also configure firewalls that are in groups to update in bulk when we publish firmware updates. Read more
Sophos Central Device Encryption not compatible with macOS 11
Sophos Central Device Encryption (CDE) isn’t currently compatible with the upcoming macOS 11 Big Sur release.
Don’t upgrade Macs running CDE to macOS 11 yet. If you do, CDE won’t work correctly. You could even lose your FileVault recovery keys, meaning that you can’t recover a Mac if the user forgets their password.
We plan to issue a CDE service release that fixes these problems. Please wait for it before you upgrade to macOS 11.
Intercept X protection enhancements
We're starting to turn on IPS and behavior detection features for endpoint and server customers. You'll see a new 'Detect malicious behavior' option in threat protection policies. Read more
APIs for global settings and role management
Our second set of global settings APIs covers scanning exclusions, exploit mitigation, and intrusion prevention. The Roles API lets you fully enumerate admin roles, as well as create, update and delete individual roles. Read more
Now optimize AWS and Azure spend with Cloud Optix
Enable teams to monitor spend across Amazon Web Services and Microsoft Azure in a single console, compare multiple services side by side, and receive detailed recommendations to optimize cloud costs. Read more
Help available in more languages
We now provide help for Self Service Portal in all languages that Sophos Central supports. Help for Sophos Central Enterprise and Partner is already available in French, German, Italian, Japanese, and Spanish.
Central Firewall Reporting Advanced: scheduling and exports
Getting your favorite and custom reports is now even easier.You can schedule them and have them delivered to your inbox or pick them up in Sophos Central. Or you can generate reports manually and view them or export them straight to your inbox. Read more
Flexible Enterprise Master Licenses
You can allocate a specific number of licenses, with only products you want, to each sub-estate, or pool the licenses for use when needed. You can also prevent selected sub-estates from using a product by allocating zero licenses of that type.
Intercept X Advanced with EDR
macOS support for Live Discover and Live Response is here - plus more. Read more
Extension for controlled updates ends
We’re ending our temporary extension of the length of time you can postpone updates for. For more information and details of how to manage updates, see Controlled updates
IPS for Windows servers
The Early Access Program for New Server Protection and EDR Features now benefits from IPS (Intrusion Prevention System), which gives even more defense against malicious traffic. Read more
Central Firewall Reporting Advanced
Central Firewall Reporting Advanced lets you save custom report templates. First, configure a report with the columns and layout you want. Then save it in your template library for quick access whenever you need to run it.
Session timeout period extended
Sophos Central Admin, Sophos Central Partner, and Sophos Central Enterprise now allow longer sessions before timeout. By default, sessions can be inactive for 3 hours before you're automatically signed out, and can last 24 hours before sign-out is enforced. You can extend sessions up to 8 times in a 24-hour period.
Cloud Optix Quick-start setup for AWS
Cloud Optix Quick-start is the new, easiest way to get started with the core CSPM features of Cloud Optix and see value in just a few clicks. Read more
Extend EDR to the cloud
Intercept X Advanced for Server with EDR and Cloud Optix are joining forces to extend protection beyond server workloads to critical cloud services. Make the most of this upgrade, which is included in the cost of the Server EDR license. Read more
Sophos Intercept X Advanced with EDR just keeps getting better
EDR updates include role management for Live Response, new Live Discover queries, and Live Response on Linux in the server Early Access Program. Read more
Updated user details page
We've updated the 'Summary' and 'Devices' tabs on a user's details page. All device types now have a consistent look, with additional actions available for mobile devices.
Sophos Intercept X with EDR: start using the powerful new EDR features
Ask detailed IT operations and threat hunting questions across your entire estate and respond to any potential IT issues or security threats with precision. Rollout of the powerful new EDR functionality is complete and all Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR customers have access. Read more
Sophos Wireless: Synchronized Security enhancements
With this release, you can activate Synchronized Security for Sophos Endpoint separately to Sophos Mobile (UEM), restrict an SSID to only Sophos managed devices, and create a list of allowed domains for devices that have a red Security Heartbeat status. In addition, the user identity of unmanaged devices is shown on the “Devices” page. Read more
Sophos Cloud Optix: new advanced search
Easily search inventory data for hosts, containers, networks, storage services, IAM roles, and serverless functions, to investigate suspicious activity and insecure deployments like never before. Read more
Tenant Directory and Global Settings APIs
APIs for managing users, groups, and the first wave of global settings in Sophos Central are now available. The Tenant Directory Management API covers user management and group management (users and devices). The Global Settings API (phase 1) covers allowed applications, blocked items, and website management. Read more
Sophos Mobile 9.6 released
Check out the new features: additional device management capabilities for iOS, macOS, and Android; enhancements to Sophos Secure Email; migration from Sophos Mobile on-premise or as-a-service. Read more
Sophos Intercept X Advanced with EDR: powerful compliance checking and threat hunting features
Ask detailed IT operations and threat hunting questions across your entire estate and respond to any non-compliance or threats with precision. The rollout process has begun and all Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR customers will receive the new features by late June. Read more
Sophos Email: advanced threat reporting
Get unparalleled insight into email attachments that are opened in the Sophos cloud sandbox, with a breakdown of threat verdicts based on machine learning analysis, file reputation, VirusTotal results, and Mitre ATT&CK Matrix tactics. Read more
Tenant Directory and Global Settings APIs
APIs for managing users, groups, and the first wave of global settings in Sophos Central are now available. The Tenant Directory Management API covers user management and group management (users and devices). The Global Settings API (phase 1) covers allowed applications, blocked items, and website management. Read more
Sophos Cloud Optix new asset inventory and threat investigation updates
Ensure secure configuration across public cloud environments with multiple additions to asset inventory and topology results. These provide greater insight, email alerts, brandable reports for MSPs, and activity log visualizations. The visualizations enable you to analyze CloudTrail logs by geographic location to help investigate high-risk events. Read more
Retirement of products on Windows Server 2008
The retirement date for Sophos products that are used on Windows Server 2008 is July 31, 2020. Read more
Extended support for Windows XP and Windows Server 2003
The end of extended support for Sophos products used on Windows XP or Windows Server 2003 has been moved to July 31, 2020 because of current events. Read more
Updated endpoint user interface
A new user interface for Sophos Intercept X and Device Encryption is being rolled out to Windows devices. Read more
Partner and Enterprise role-based access control scope
In Sophos Central Partner and Sophos Central Enterprise, you can grant administrators access to all current and future sub-estates or you can continue to grant them access to specific sub-estates.
Central Firewall Reporting Advanced for XG Firewall
With Central Firewall Reporting Advanced, you can create customized, historical reports on network activity for your Sophos XG Firewall. Easily add storage capacity as you need it and extend reporting up to one year ago.
EDR Early Access Program updates
With Live Response, admins can now remotely access devices and use a command-line interface to perform further investigations or take action directly on a device. Live Discover support for Linux has also been added to the program. Read more
Submitting samples to Sophos
There’s now an option in Global Settings that lets you automatically submit sample files to SophosLabs. This helps us to identify new threats and update your protection. Sound familiar? You might have seen it in your Threat Protection policy previously. Read more
Extended support for Windows XP and Windows Server 2003
The end of extended support for Sophos products used on Windows XP or Windows Server 2003 has been moved to June 30, 2020 because of current events. Read more
Controlled updates are being extended
We are temporarily extending the length of time that Sophos software updates can be postponed for. Read more
Submitting samples to Sophos
There’s now an option in Global Settings that lets you automatically submit sample files to SophosLabs. This helps us to identify new threats and update your protection. Sound familiar? You might have seen it in your Threat Protection policy previously. Read more
FREE virtual XG Firewall trial for 90 days
We are extending Sophos XG Firewall free trials to 90 days to better enable organizations to provide secure remote access for employees. The trial includes use of the Sophos Connect IPSec VPN client for PCs and Macs. Read more
Extended support for Windows XP and Windows Server 2003
The end of extended support for Sophos products used on Windows XP or Windows Server 2003 has been moved to June 30, 2020 because of current events. Read more
Controlled updates are being extended
We are temporarily extending the length of time that Sophos software updates can be postponed for. Read more
Powerful new EDR capabilities available in EAP
Endpoint and server customers can join our Early Access Program (EAP) to take advantage of Live Discover, which enables you to run powerful queries for IT operations and threat hunting. Start using pre-built SQL queries that can be fully customized. Read more
FREE virtual XG Firewall trial for 90 days
We are extending Sophos XG Firewall free trials to 90 days to better enable organizations to provide secure remote access for employees. The trial includes use of the Sophos Connect IPSec VPN client for PCs and Macs. Read more
Extended support for Windows XP and Windows Server 2003
The end of extended support for Sophos products used on Windows XP or Windows Server 2003 has been moved to June 30, 2020 because of current events. Read more
Controlled updates are being extended
We are temporarily extending the length of time that Sophos software updates can be postponed for. Read more
CIS certification for AWS, Azure, and GCP environments
Sophos Cloud Optix has been certified by CIS to accurately assess your public cloud environments based on best practices for secure configuration. Read more
Improved container visibility and more from Cloud Optix
Sophos Cloud Optix has a wealth of new features: comprehensive public cloud container visibility with support for Amazon EKS, Azure AKS, and GKE, plus new AWS service integrations, API updates, and more. Read more
New sign-in screen
We're changing the look and feel of the screen where you sign in. Don't worry, though. Your current email address and password will still work. So will the URL, bookmark or favorite that you use to get to Sophos Central.
FREE virtual XG Firewall trial for 90 days
We are extending Sophos XG Firewall free trials to 90 days to better enable organizations to provide secure remote access for employees. The trial includes use of the Sophos Connect IPSec VPN client for PCs and Macs. Read more
Active Directory Sync update
If you install the March Microsoft security update, we recommend that you configure Active Directory Sync to use a TLS/SSL connection. Read more
AMSI Protection has gone live
Endpoint users will automatically receive AMSI protection over the next few weeks. AMSI helps to detect and block obfuscated scripts, such as PowerShell, that are commonly used by attackers. Read more
Sophos Cloud Optix: adding AWS accounts is now even simpler
Use AWS CloudFormation to add individual or multiple AWS accounts to Cloud Optix. This is a convenient alternative to the existing Sophos CLI script and Terraform options. Read more
Public cloud IAM visualization, spend monitoring, and more
The latest Sophos Cloud Optix release provides a breakthrough in IAM visualization. It also provides security-focused spend monitoring, extended container security with Amazon EKS, and more. Read more
Customize your Phish Threat training email address
You can now customize the full email address used in the delivery of Phish Threat training-related emails to end users. Read more
Sophos XG Firewall 18: group policies
Add your firewalls to groups to keep them synchronized, manage the group policy from Sophos Central to make changes to the entire group quickly and easily, and use the tasks queue to monitor application of policies. Read more
Sophos XG Firewall 18: reporting
Firewall reporting provides the flexibility and tools to create custom reports on network activity. It’s all included for free with version 18. Look for a “Premium” version in the coming months. Read more
Email DKIM signing
Sophos Email Gateway now provides the ability to sign outbound emails with DKIM signatures. You can create and manage DKIM keys using the domain settings in Sophos Central.
Sophos Intercept X Enhanced Protection EAP now available for servers
The Early Access Program (EAP), including enhanced protection against script and memory-based attacks, heap spray attacks, CTF exploits and more, is now available for servers. Read more
Sophos Email impersonation protection – now available
Protect your organization from business email compromise and other forms of targeted phishing.
Sophos Cloud Optix December feature update
The latest release for Sophos Cloud Optix is here, including licensing improvements, management upgrades, and security enhancements. Expect more features early this year. Read more
Sophos Mobile 9.5 – now available
The latest version of Sophos Mobile is now available in Sophos Central. New capabilities include Chromebook security, extended Android and Windows management functionality, various usability improvements, and much more. Read more
Sophos Central adds granularity to custom roles
We’ve added flexibility to custom roles in Sophos Central, which enables you to create roles that can access only specific products and cannot edit or apply policies.
Threat Indicators now live
If you have Sophos EDR, you can now see the Threat Indicators list. This shows you the most suspicious items on your network so you can focus your efforts on them. Read more
End of support for Sophos for Virtual Environments 1.2
Still running version 1.2.0 on your Security VMs? Restart them to upgrade as we'll stop supporting 1.2.0 in January. Read more
Sophos Wireless – New hotspot features
We've introduced new features to improve the hotspot experience for you and your users. You can customize the look of the captive portal with your logo and brand colors and also select social login as the authentication type (Facebook, Google). Read more
Sophos Central Enterprise APIs
The new Sophos Central APIs are now available for all Sophos Central Enterprise customers. With these APIs, you can query tenants, enumerate and manage endpoints and servers, and query alerts and manage them programmatically. Read more
Intercept X Enhanced Protection EAP update
The Early Access Program (EAP) has been updated to include protection against Encrypting File System attacks, CTF exploits, and ApiSet Stub malicious DLLs, and further defenses against memory-based attacks. Read more
Sophos Cloud Optix now live in Sophos Central
The latest release for Sophos Cloud Optix integrates the service with Sophos Central. This enables you to manage Cloud Optix alongside a range of complementary public cloud solutions including Sophos Intercept X for Server and Sophos XG Firewall in a single management console. Read more
Forensic Snapshots now uploadable to S3 Buckets
You can now automatically upload snapshots to an Amazon S3 bucket that you own. This avoids you having to manually retrieve forensic snapshots from individual endpoints. Read more
Sophos XG Firewall management and reporting
We've just launched early access for new features for XG Firewall v18. Now you can run v18 firewall reports, group your v18 firewalls, and manage them all at once, right in Sophos Central.Read more
Sophos Big Sur Permissions
Intercept X Enhanced Protection EAP is now live
Join the Early Access Program for 'New Endpoint Protection Features' and benefit from AMSI and IPS protection that gives even more defense against script and memory-based attacks and malicious traffic patterns. Read more
Cloud Optix feature update
Provide teams with a single view of security posture across multiple public cloud environments, with a range of exciting enhancements to the Cloud Optix service for AWS, Azure, GCP, and Infrastructure as Code environments. Read more
Email data loss prevention
Data loss prevention for Sophos Email is now live and included with the Sophos Email Advanced license. Read more
Sophos Home Mac Big Sur
Sophos Email: Try impersonation protection
Protect your organization from targeted phishing attacks that rely on identity deception. Join our early access program to see how. Read more
Device Encryption 2.0
Now you can make users change their BitLocker passcode. And users can protect files with a password before sharing, either on demand or with the Outlook add-in. Read more
macOS Catalina: urgent action needed
Tighter security in macOS Catalina (10.15) means you must take action for Sophos protection to keep working. Read more
Sophos Email: Data Loss Prevention EAP is live
Now protect sensitive information, with discovery of financials, confidential contents, health information, and PII in all emails and attachments. Read more
Sophos Central Partner gets custom roles
We’ve added custom admin roles in Sophos Central Partner. This lets you create roles that can only access specific products and can’t edit or apply policies.
Sophos Central Enterprise gets custom roles
We’ve added custom admin roles in Sophos Central Enterprise. This lets you create roles that can only access specific products and can’t edit or apply policies.
Sophos Central Email
Now you can enforce TLS secure communications by domain, for both inbound and outbound mail.
Threat Indicators beta
Customers with EDR enabled endpoints and servers are getting an early preview of our new Threat Indicators feature. Threat Indicators uses machine learning to show you a prioritized list of the most suspicious activity. Now you know what to look for, so you can focus on the most important investigations. Read more
Unified Endpoint Management UI improvements
Instantly see the health of your UEM-managed endpoints on the main Sophos Central dashboard. Easier workflow for managing traditional and mobile endpoints in the Devices view, with the most common actions just a few clicks away.
Sophos Email: quarantine un-scanned emails
This new feature allows you to quarantine emails if we can't scan them or access the contents (for example, when we find an encrypted zip file, a corrupt file, unexpected content, or a large compressed attachment).
Sophos Email: customize smart banners
You can now customize the text that appears in smart banners.
Sophos Cloud Optix updates
We’ve given network visualizations for AWS a new look and the ability to show Sophos UTMs. We’ve also added more Azure security and compliance features, visualizations for GCP, an option to change how often environments are scanned, and more. Read more
Improved installer for macOS
The Sophos Endpoint Protection installer for macOS now includes several command-line options to allow customized installations. Read more
Intercept X for Server with EDR - now available
Intercept X for Server with EDR includes our all-new, intelligent Endpoint Detection and Response (EDR) features. Get the insights and expertise you need to respond to potential threats, report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Read more
Intercept X Advanced with EDR 1.1 is here!
Intercept X Advanced with EDR now captures all PowerShell activity so that it can be reviewed and analyzed. Read more
Enhanced email alerts
We've introduced new global settings that let you control and customize email alerts in Sophos Central Enterprise, Partner and Admin. You can now configure the recipients, distribution lists, and frequency of alerts, or set custom rules. Read more
Sophos Email Encryption
Sophos Email Encryption is now generally available. Sophos Email Advanced customers can send encrypted email on demand (using an Outlook add-in or subject tagging), via DLP rules, and domain to domain. Read more
Sophos Email Smart Banners
Sophos Email Advanced customers can now enable information banners on emails from outside the organization. These help recipients identify the risk from each email and let them add senders to their allow and block lists with one click. Read more
Sophos Cloud Optix - now available
Achieve compliance and manage security risks, with complete visibility across your Amazon Web Services, Microsoft Azure, and Google Cloud environments. Read more
Intercept X for Server EDR Early Access Program
Intercept X for Server is getting our all-new, intelligent Endpoint Detection and Response (EDR) features. Get the insights and expertise you need to respond to potential threats, report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Join the Early Access Program today! Read more
Sophos Email Content Control – Now Live
Content Control for Sophos Email Advanced now makes it easy to quickly build content filtering policies across an organization, preventing outbound email data loss and inbound malware threats. Read more
XG Firewall management
You can now manage Sophos XG Firewall from Sophos Central. It’s time to Synchronize Your Security! Read more
Intercept X for Server EDR Early Access Program now open
Intercept X for Server is getting our all-new, intelligent Endpoint Detection and Response (EDR) features. Get the insights and expertise you need to respond to potential threats, report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Join the Early Access Program today! Read more
Threat Analysis Center
The all-new Threat Analysis Center for EDR consolidates Threat Cases and Threat Searches, across all supported device types, into a single area. Find it in the Overview. Read more
Sophos Central Enterprise gets global policies
Now you can apply the same global settings and base policies to a set of sub-estates or all sub-estates. Just create and use a global template.
Sign in with Azure AD
Sophos Central admins, Sophos Central Enterprise admins, and Self Service Portal users can now sign in using credentials stored in Microsoft Azure AD. Read more
Sophos Central Enterprise: Select a region for sub-estates
Sophos Central Enterprise Super Admins can select a region when they create a new sub-estate. The region is now shown in the sub-estate Contact Info.
Phish Threat: Upgrade now
Award-winning training content, Outlook add-in to report phish, 10 languages, Synchronized Security benefits and more. Upgrade to the latest Phish Threat version for free. Read more
Sophos Email Encryption EAP now live
Join the Sophos Email Advanced Encryption Early Access Program today at no extra cost. Read more
Sophos Central Partner gets audit logs
Partner administrators can access audit logs to track changes across Sophos Central Partner. They also get access to audit logs in Sophos Central Admin they have permission to view.
Phish Threat now available in Dutch
IT teams can now carry out phishing simulation and a variety of cybersecurity awareness courses in Dutch. Read more
Sophos Email: Compromised mailbox detection
Synchronized Security now connects Sophos Email and Endpoint Protection to detect and clean up infected computers sending out spam and viruses. Read more
Join the Email Content Control EAP
Stop or quarantine content based on keywords and attachment types in this Sophos Email Advanced early access program. Read more
Phish Threat: Randomized attacks
Now you can send multiple emails in random order during simulated attacks. This makes training more effective and shows you more about user behavior. Read more
Enhanced AWS integration
Alerts are now integrated into AWS Security Hub, so you can consolidate alerts across AWS. And our S3 bucket health reporting highlights critical misconfiguration. Read more
Sophos Central Partner gets global policies
Manage global settings and base policies for customers. Create templates that consist of these settings and apply them to customer groups.
Sophos Central Partner gets RBAC
We’ve added role-based access control (RBAC) for Central Partner. This lets you use pre-defined roles to give your admins different levels of access, depending on their responsibilities.
Intercept X Advanced with EDR is here!
The best just got better: our all-new, intelligent Endpoint Detection and Response (EDR) features give you the insights and expertise you need to respond to potential threats. Add EDR today to report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Read more
Synchronized Security: Email Advanced and Phish Threat
Sophos Email Advanced and Phish Threat now work together to find and train users who click on risky links in email. Read more
EDR Early Access: Submit files to win prizes!
Analyze for a prize! Submit your suspicious files to SophosLabs for your chance to win a prize.Read more
Alert Details View
We’ve added a new Alert Details View to the Alerts page in Sophos Central Admin. View additional details, including links to EDR Threat Cases, directly from your alerts.
File Integrity Monitoring for Windows servers
We've added a new File Integrity Monitoring feature for Windows Servers. Track for unplanned and unexpected changes to critical system files and meet certain compliance requirements of the PCI Data Security Standard. Read more
Message Relays now work with macOS
Already using message relays for your Windows computers? If you have any macOS devices, they'll now automatically use your current message relays and any you set up in future.
Phish Threat Outlook add-in now available
Report suspected phishing and spam messages with one click right from Outlook. The Phish Threat Outlook add-in turns your employees into an active line of defense against cyberattacks. Read more
Enhanced Root Cause Analysis (now Threat Cases)
We’ve been hard at work overhauling Root Cause Analysis (RCA) and implementing additional features to make it easier for admins to conduct deeper investigations. Read more
Sophos Big Sur Eap
Sophos Wireless
Sophos Wireless now includes debugging, audit and accounting features which help you to diagnose WLAN issues on the network and address them. This release also improves the wireless client scalability on the APX series and brings many other UI improvements. Read more
Sophos Central Enterprise updates
Enterprise Super Administrators can now disable enterprise management for individually-licensed accounts, unlink sub-estates to operate as standalone Sophos Central Admin accounts, or delete sub-estates entirely.
Deep Learning malware analysis is now part of the EDR EAP
This feature automatically analyzes malware in extreme detail, breaking down file attributes and code and comparing them to millions of other files so you can determine if a file should be blocked or allowed. Read more
Are your endpoints and servers fully protected?
Check your Endpoint and Server Threat Protection policies to ensure that you're protected against advanced malware and ransomware. Sophos continually adds new features, but not all are turned on automatically.
Windows 10 Redstone 5 and Windows Server 2019 support
The Intercept X agent now supports the latest Windows 10 Redstone 5 and Windows Server 2019 update. If you have paused updates, you will need to start them again to receive the updated agent. If you don't have Intercept X, you don't have to take any action as no changes are needed. Read more
Intercept X EDR early access program now open
The best just got better. Intercept X is adding detection, investigation, and response capabilities. The early access program is now open to the public.
Windows Server Protection for Microsoft Azure
Protecting Windows Servers running in Azure just got even easier: use a VM extension script. Read more
Sophos Email reporting and policy enhancements
New detailed message summaries, policy enhancements and mailbox search added to Sophos Email. Read more
30 training courses added to Phish Threat 2
Take advantage of 30 new award-winning Phish Threat training courses today. Plus new ways to find the latest email templates fast.
New in Sophos Mobile 8.5
Enhanced Unified Endpoint Management (UEM) capabilities with macOS app management, macOS DEP support, Android Zero Touch, Knox Mobile Enrollment, usability improvements and much more. New managed Mobile Threat Defense capabilities for both Android and iOS, including device, app, and network security features. Read more
Central Enterprise Audit Logs
Enterprise administrators can access audit logs to track changes across Sophos Enterprise Admin. They can also get access to audit logs in Sophos Central Admin that they have permissions to.
Central Admin exports lists of Computers, Servers and People
Sophos Central Admin now has the ability to export to CSV the lists of Computers, Servers and People on the Overview pages.
Improvements for People pages with many users
We've updated the People pages in the Overview and Products sections. On the Users tab, all columns are now sortable, all the data shown is searchable, and we've added new columns for Last Active and Group Name.
Intercept X Advanced for Server - now available
We've now completed the global roll-out of Intercept X Advanced for Server. New deep learning, exploit prevention, anti-hacker and Root Cause Analysis capabilities can now be enabled in your Server Protection policies. For details on enabling the new features: Read more
Intercept X Advanced for Server
Server Protection Advanced is now called Intercept X Advanced for Server and includes powerful deep learning, exploit prevention, anti-hacker features and Root Cause Analysis. We're rolling out the new features over the next few weeks. Read more
Server Protection Standard - New features, new name
Server Protection Standard is now called Server Protection and includes Peripheral, Application and Web Control, along with DLP, Malicious Traffic Detection and Synchronized Security Heartbeat. New features now available at no extra cost, but you need to turn them on. Read more
Root Cause Analysis for servers
Now part of Intercept X Advanced for Server, Root Cause Analysis helps you to investigate the chain of events around a malware infection. Data may be sent to Sophos to help us to improve your protection, but you can opt out in Account Details > Account Preferences. Read more
Sophos Wireless
Sophos Wireless now includes support for our next-generation APX Series access points. The three new APX models provide the first Synchronized Security functionality between Wireless, Endpoint and Mobile. With 802.11ac Wave 2 technology, they are custom-built for overall enhanced performance. This release also includes enhancements to Rogue AP detection, bulk provisioning and many other UI improvements. Read more
Phish Threat 2 - attachments campaigns
SophosLabs sees malware on up to 77 percent of blocked mail. Train employees to spot these attacks with new malicious attachment simulations.
Sophos Email Advanced
Introducing Sophos Email Advanced and new features for Email Standard. Sandboxing, advanced URL protection, DKIM, DMARC, and more. Read more
Central Enterprise gets RBAC
We’ve added role-based access control (RBAC) for Sophos Central Enterprise. This lets you use pre-defined roles to give your admins different levels of access, depending on their responsibilities.
New alerts options
Soon you'll see new options for handling alerts. You'll be able to view and resolve alerts in groups, use new filters, and control who gets email alerts and how often they get them.
Monitor and manage Windows Firewall
Sophos Central now monitors Windows Firewall on most Windows desktops and servers. It can also control whether it’s active for public, private or domain connections.
Server Protection – Intercept X Early Access Program (Beta) update
We've added a new exploit mitigation that detects abuse of Application Procedure Calls, used recently as the method of spreading the WannaCry worm. Read more
HTTPS updating
You can now enable HTTPS updating for all endpoints (Windows, macOS and Linux) with a single, global setting for your account.
Server Protection - Intercept X
Want better protection for Windows servers? Try our Early Access Program (EAP), which adds Intercept X features including Deep Learning, Root Cause Analysis, Master Boot Record protection, exploit prevention and anti-hacker options. Read more
Early Access Program data sharing
The Server Protection - Intercept X EAP may send data to Sophos from May 10, 2018. This helps us improve your protection, but you can opt out in Account Details > Account Preferences if you want to.
New Device Encryption features
Device Encryption now supports unattended activation when “Require startup authentication” is set to off. Get started faster with the on-boarding wizard, and use the updated Encryption dashboard for a more detailed overview.
Using Synchronized Security?
We'd love to get your feedback. Take a short survey to tell us about your experiences. Read more
MFA - Sign in with SMS
You can now sign in to Sophos Central Admin or Sophos Central Enterprise with an SMS text message as a second factor - or you can still use Sophos/Google Authenticator.
Phish Threat 2 - new features
The most trialed Sophos Central product for two months – now featuring security training campaigns, more customization options, and improved campaign scheduling. Read more
AWS map in Server Protection
Sophos And Big Sur Update
We've added a map view for AWS workloads. We also now discover workloads in every public AWS region, even ones you're not actively using, as attackers can use them to hide. So you can reduce risk by ensuring all your instances are protected, see your whole AWS EC2 environment in a single view, and still easily drill down to details.
Sophos Wireless
Sophos Wireless now makes your life much easier: the latest version has better throughput under load, lets you search clients, and has simple support for VLAN for Hotspot. Read more
Sophos Mobile 8
The new version of Sophos Mobile is here. We’ve added macOS management and configuration, app management on Windows 10, extended management for Android and iOS, and much more. Read more
Remote Desktop support
We've added Remote Desktop Services support, including tracking of license usage, to Server Protection. Read more
More Server Protection updates
You can now use Server Lockdown on Windows Server 2016, and have Linux servers and Macs updated from an update cache on your network.
Tamper protection passwords
You can now get the password you need to uninstall Sophos software, even if you've deleted the computer from Sophos Central. Read more
New threat protection
We've added options to the threat protection policy so that you can turn our new active adversary features on or off. These features prevent credential theft, APC violations, privilege escalation, code caves, and more. This is in addition to the deep learning options already announced. Read more
Sophos for Virtual Environments
Sophos for Virtual Environments 1.2 lets guest VMs move between Security VMs to stay protected even if they can’t connect to their current Security VM.Read more
SAV for vShield retirement
We'll retire Sophos Anti-Virus for vShield on March 31st, 2018. To stay protected, migrate to Sophos for Virtual Environments before then -- it uses the same licenses, so there's no extra cost. Read more
Use automatic installation? Read this
Next time you download the Sophos Endpoint installer for Windows, you must change your settings. But you'll never need to download it again -- our new installer doesn't expire. Read more
New macOS installer
We’ve released a new Sophos Endpoint installer for macOS. If you have old installers, they'll stop working in mid-February -- delete them and download the new one. Read more
OS X 10.9 support
Macs running OS X 10.9 will stop getting Sophos updates when we release Sophos Anti-Virus for macOS 9.7.4. We ended support for OS X 10.9 last April.Read more
Installation from a cache
You can now do initial installation of Sophos Endpoint on Windows from an update cache on your network, saving you internet bandwidth. Read more
Major Intercept X release
The latest version of Intercept X is here. The new version includes deep learning, an advanced form of machine learning, to detect malware and potentially unwanted applications. It also includes new credential theft, privilege escalation and code cave protection, and much more. The new features will be enabled by default over the next several weeks unless you have turned them on/off already in the threat protection policy. Read more
Multi-factor authentication
Sophos Endpoint And Big Sur
Multi-factor authentication (MFA) is here. For Sophos Central Admin, super admins decide whether admins must log in with MFA. For Enterprise Dashboard, admins must always use MFA. Read more
New Phish Threat email templates
Sophos And Big Sur Free
New phishing templates for TalkTalk Group, Google, Santander Bank, and more are now available in Phish Threat. Browse templates