This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Out dated "Engine version"

Dear All,

 

I've an issue with Engine version and its not up to date. Would anyone please assist the quick action to check for 1000s of machines and update accordingly with current version from Sophos.

 

Sophos Anti-Virus is installed on the remote host :

  Installation path : C:\Program Files (x86)\Sophos\Sophos Anti-Virus
  Product version   : 10.8.2.334
  Engine version    : 3.73.0.2420 (This is out-dated and how can I update this since its all by system.)


The engine version is out-of-date. The oldest supported version from the vendor is 3.74.1.
Virus signatures last updated   : 2018/11/11
Virus signatures last updated   : 2018/11/11

As a result, the remote host might be infected by viruses.

 

Thanks in well Adv.

Faisal



This thread was automatically locked due to age.
Parents
  • I'm also seeing the same on a Nessus report, Plugins Last Updated November 11 at 4:52 PM Plugin Set 201811111652

     

    Sophos Anti-Virus is installed on the remote host :

      Installation path : C:\Program Files (x86)\Sophos\Sophos Anti-Virus
      Product version   : 10.8.2.334
      Engine version    : 3.73.0.2420

    The engine version is out-of-date. The oldest supported version from
    the vendor is 3.74.1.
      Virus signatures last updated   : 2018/11/13
    Virus signatures last updated   : 2018/11/13

    As a result, the remote host might be infected by viruses.

     

     

  • I am seeing the same information from a Nessus report:

    Plugin Output: Sophos Anti-Virus is installed on the remote host :
    Installation path : C:\Program Files (x86)\Sophos\Sophos Anti-Virus

    Product version : 10.8.2.334

    Engine version : 3.73.0.2420
    The engine version is out-of-date. The oldest supported version from the vendor is 3.74.1.

    Virus signatures last updated : 2018/11/12 Virus signatures last updated : 2018/11/12
    As a result, the remote host might be infected by viruses.

    However, I can't find instructions on how to update the Engine version to 3.74.1.

  • Hello ISSA_SESC,

    you are just quoting IT~'s post - forgot to add content or is this an I have this problem too?

    Christian

  • I am having the same same problem and I cut and pasted my Nessus results.  Here they are again below.  Hopefully you can see them now:

    I am seeing the same information from a Nessus report:

    Plugin Output: Sophos Anti-Virus is installed on the remote host :
    Installation path : C:\Program Files (x86)\Sophos\Sophos Anti-Virus

    Product version : 10.8.2.334

    Engine version : 3.73.0.2420
    The engine version is out-of-date. The oldest supported version from the vendor is 3.74.1.

    Virus signatures last updated : 2018/11/12 Virus signatures last updated : 2018/11/12
    As a result, the remote host might be infected by viruses.

    However, I can't find instructions on how to update the Engine version to 3.74.1.

  • Hello ISSA_SESC,

    I can't find instructions on how to update the Engine version to 3.74.1
    maybe my post isn't as clear as I thought it is - I've left out the conclusion as I assumed it's obvious.
    There are no instructions because you can't update the engine because it is not (yet) out. Nessus incorrectly assumes the article lists actual definite deployment dates. Furthermore - I didn't mention this in my previous post - the "announcement" (that isn't one) of 3.74.1 for November is for the Preview version. For Recommended the estimate is Jan 2019.

    Christian

  • Hi Christian,

    Thank you for the update and the details.  This will be good to note in my security report.  

  • I had the same issue. I've opened a ticket with Nessus in hopes they will correct their plugin and get this fixed.

  • Hi QC;

     

    Thanks for such great posts. As I can see from the dates of these posts, I believe we should have the update now. However, we are still having the same vulnerabilities being detected. Could you be please able to advise when the update would be released?

     

     

    Kind Regards;

     

     

    Abdul.

  • Hello Abdul,

    when the update would be released
    can't say, I'm not Sophos. And Sophos likely won't tell - to quote from the Release Dates article: Further details and more precise dates are available to customers with Enhanced TAM support (whatever TAM support is). Furthermore there's proposed, confidence level, and last but not least may not be available ... during that month. Quite clear IMO that it's not about hard dates or that Jan means early January, first half of January.

    still having the same vulnerabilities (emphasis mine)
    this is a misunderstanding of Nessus' reports or - if it is them who call it vulnerability - a gross misinterpretation of said article. While the Engine Release Notes most of the time cite security and detection improvements and enhancements there's nothing that even remotely suggests that a previous engine version is vulnerable, would result in a vulnerability, or result in diminished detection rates. It seems that Nessus just takes some publicly available data and draws some rather debatable conclusion.

    Christian

Reply
  • Hello Abdul,

    when the update would be released
    can't say, I'm not Sophos. And Sophos likely won't tell - to quote from the Release Dates article: Further details and more precise dates are available to customers with Enhanced TAM support (whatever TAM support is). Furthermore there's proposed, confidence level, and last but not least may not be available ... during that month. Quite clear IMO that it's not about hard dates or that Jan means early January, first half of January.

    still having the same vulnerabilities (emphasis mine)
    this is a misunderstanding of Nessus' reports or - if it is them who call it vulnerability - a gross misinterpretation of said article. While the Engine Release Notes most of the time cite security and detection improvements and enhancements there's nothing that even remotely suggests that a previous engine version is vulnerable, would result in a vulnerability, or result in diminished detection rates. It seems that Nessus just takes some publicly available data and draws some rather debatable conclusion.

    Christian

Children