Due to current events we are lengthening the Extended Support for Windows XP and Windows Server 2003 until July 31, 2020. This article will be updated if there are any further changes to dates.
Previously Extended Support for Windows XP and Windows Server 2003 was due to expire April 17, 2020.
Sophos always recommends that customers upgrade to the latest operating systems and apply the latest patches/security updates as a security best practice. There are however legitimate reasons why customers may still be running an operating system that is no longer supported by Microsoft.
Due to the deprecation of SHA-1 certificates for code signing, Sophos is no longer capable of rebuilding/recompiling products that will run on Windows XP or Server 2003 after March 5, 2020. New features, hot-fixes, or security patches can no longer be created for Sophos products on Windows XP or Server 2003.
How does this affect me?
Sophos products used on Windows XP and Windows Server 2003 will continue to run but there will be no new features, hot-fixes, or security patches. If customers encounter an issue, it may not be possible to rectify it.
Sophos uses externally verifiable certificates when signing our production code so it can be independently verified by third parties. This proves that Sophos is the original source and that no tampering has taken place. After March 5, 2020 it is no longer possible to use SHA-1 certificates to sign our production code.
Please refer to this Microsoft Blog Article for more in-depth details (https://blogs.windows.com/msedgedev/2016/11/18/countdown-to-sha-1-deprecation/)
Security Best Practice
Sophos always recommends that customers upgrade to the latest operating systems and apply the latest patches/security updates as a security best practice. To see which operating systems and platforms are supported by Sophos, as well as planned retirement dates please visit KB119018.
The following sections are covered:
Contact your Account Manager if you require extended support for these operating systems.
Note: After securing and applying the extended license for Windows XP and Windows Server 2003 in your Sophos Central, the Sophos full installer must be downloaded and used for the installation to proceed.
As the extended package is a separate version to the existing Windows package, some steps are required to deploy this new package to your Windows XP/2003 computers.
Extended Anti-Virus support for Windows XP/2003 does not include the following components:
If you have either of these components installed on your Windows XP/2003 computers you will need to manually access the computer and uninstall the component before moving the machine to the new group. To determine if they are installed right click the computer and select View Computer Details. The two settings to check are:
If they are not installed, these fields will be blank.
Note: If you do move the machines to the new group with these two components installed, they will remain on the computer but fail to update. If this occurs you will see the following update failures against the computer in Enterprise Console:
Download of Sophos Patch Agent failed from server \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\ [0x0000006b] Download of Sophos Client Firewall failed from server \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\ [0x0000006b]
Download of Sophos Patch Agent failed from server \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\ [0x0000006b]
Download of Sophos Client Firewall failed from server \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\ [0x0000006b]
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.