One of the best practices that Sophos recommends is to stay up-to-date to minimize the risk to your system. Staying updated does not only mean that the product has been upgraded to the latest version but getting the latest definition patterns or threat data. This article covers the steps on how to check if the threat data is up to date on all of Sophos programs.
Important: For your Sophos endpoint products, you may check if you are able to download the latest data update by accessing the default installation location relevant to your OS and compare it with the Latest data protection update information. Further information can be found in How to determine whether you're receiving the latest data protection updates.
The following Sophos products are covered:
Applies to the following Sophos products and versions
Not product specific
On the Windows desktops and servers:
You can also go to Run Diagnostic Tool > Installed Components to view the version numbers of the currently installed components.
It is very simple for Mac to confirm if it is up to date or not. Click on the Sophos shield icon and in the menu, it will have the words Up to Date. To check for the product version and the virus engine and threat data information:
Note: Make sure that it matches the latest detection engine from Sophos Endpoint Security and Control for Windows release.
Provided that auto-updating is enabled, Sophos Anti-Virus is kept updated automatically. However, Sophos Anti-Virus can also be updated manually, without waiting for the next automatic update.
To force a manual update on Sophos Anti-Virus, run this command: /opt/sophos-av/bin/savupdate
To check for the version of the Sophos Anti-Virus running on your Linux/Unix endpoints and servers, click here for the instructions.
It is very simple for Mac to confirm if it is up to date or not. Click on the Sophos shield icon and in the menu it will have the words Up to Date. To check for the virus engine and threat data information:
Note: Make sure that it matches the latest detection engine from SAV for Mac OS X release.
The Up2Date section on the UTM is located at Management > Up2Date from the WebAdmin of the UTM. Check the bottom of the Overview tab for the section that says Pattern.
This screenshot shows the message Your patterns are up to date which indicates that the version is updated successfully. The latest updates can be checked in our ftp site.
Note: The first set of numbers 9.501005 is the current version and the second set of numbers are 9.502004. This is the version you will be upgrading to (9.502004).
If for some reason it doesn’t update, check the Configuration tab and make sure that Pattern Download/Installation Interval is set to the lowest time possible.
We recommend leaving Pattern Download/Installation Interval at 15 minutes. Checking for Firmware downloads can be done daily if needed, as most of the time Firmware Updates are not needed to stop new attacks. To be on the safe side you can leave Firmware Download Interval at 15 minutes too since it doesn’t really hurt anything except for costing additional bandwidth when it downloads the updates. Pattern downloads are very small, Firmware downloads are much larger.
Patterns are updated and installed automatically according the configured interval when auto update is set to ON. From a security perspective, setting the interval to the lowest value (15 minutes) is the best as 15 minutes is far away from unbalancing the security/performance ratio.
In the event of a security breach happens in the 15 minutes interval (more than likely not), we can force download and install manually by clicking Update Pattern Now button.
The Configuration > System > Updates page displays the versions and dates of the current threat definition package and the software engine, and advises if newer versions are available. If a software engine update is available, there are also details about the update and the time and date of the next scheduled automatic update.
Software engine: The latest available software engine version is displayed. To subscribe to an RSS feed of information about appliance software updates, click the RSS icon to the right of the title. System software updates are installed automatically, but the installation can be delayed for a limited time so that they can also be installed manually using the Update Now button.
Use the Configuration > System > Updates page to check the software update status, manually initiate queued software updates, and to set the schedule for automatic software updates.
New threat definitions from SophosLabs (including anti-virus, anti-malware, and IP classification data) are automatically downloaded and installed without delay.
The Software engine section of the Updates page lists the current software version and available software updates. You can manually initiate a pending software update any time prior to the scheduled automatic software update time specified in the Software engine update schedule section. If there are multiple versions of the software available, selecting the most recent will apply previous updates, one at a time, until the appliance is at the latest software revision.
Updating Sophos PureMessage for Exchange is carried out automatically by the Sophos AutoUpdate feature. Refer to Endpoint and server protection for Windows.
In the admin interface you can check for updates by click on Support > Check for Updates press the Query button. This will show you the list of updates and its status; however, this only shows if there are actually updates. To install updates, you need to run the pmx-setup on the shell.
To update PureMessage using pmx-setup:
Note: You should upgrade the CSM/DB server first, and then the edge servers. If you want to back up your DB first, you can dump it to file, see PureMessage for UNIX: Dumping and Restoring the PostgreSQL database.
Launch the Sophos Mobile Security for iOS by clicking the Sophos icon to see the following features:
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.