Out dated "Engine version"

Dear All,

 

I've an issue with Engine version and its not up to date. Would anyone please assist the quick action to check for 1000s of machines and update accordingly with current version from Sophos.

 

Sophos Anti-Virus is installed on the remote host :

  Installation path : C:\Program Files (x86)\Sophos\Sophos Anti-Virus
  Product version   : 10.8.2.334
  Engine version    : 3.73.0.2420 (This is out-dated and how can I update this since its all by system.)


The engine version is out-of-date. The oldest supported version from the vendor is 3.74.1.
Virus signatures last updated   : 2018/11/11
Virus signatures last updated   : 2018/11/11

As a result, the remote host might be infected by viruses.

 

Thanks in well Adv.

Faisal

  • Hello Faisal,

    where is this information from about 3.74.1 being the oldest (I guess you mean latest)?
    The on-premise Recommended Release Notes name 3.73.0.

    Christian

  • I'm also seeing the same on a Nessus report, Plugins Last Updated November 11 at 4:52 PM Plugin Set 201811111652

     

    Sophos Anti-Virus is installed on the remote host :

      Installation path : C:\Program Files (x86)\Sophos\Sophos Anti-Virus
      Product version   : 10.8.2.334
      Engine version    : 3.73.0.2420

    The engine version is out-of-date. The oldest supported version from
    the vendor is 3.74.1.
      Virus signatures last updated   : 2018/11/13
    Virus signatures last updated   : 2018/11/13

    As a result, the remote host might be infected by viruses.

     

     

  • In reply to JT~:

    Hello Faisal and JT~,

    whom do you trust, Nessus or me Wink?

    Seriously - tenable's description of the Nessus Plugin for Sophos (12215) has four links that refers to the Sophos site: The home page, two regarding the Latest IDE, and the fourth links to the Version release dates page (note that it refers only to the on-premise SESC, not Central). The Nessus page states the plugin was last Modified: 2018/10/10. Dunno if thie Engine check was introduced at this time, maybe.
    Two points are obvious though:
    1. tenebale has no direct information feed (i.e. official data from Sophos)
    2. they mis-interpret the version article

    As to 2.: It seems that neither the staged rollout is taken into account, nor the fact that these are proposed dates (it's not uncommon that a new version is behind this schedule)

    Christian

  • In reply to JT~:

    I am seeing the same information from a Nessus report:

    Plugin Output: Sophos Anti-Virus is installed on the remote host :
    Installation path : C:\Program Files (x86)\Sophos\Sophos Anti-Virus

    Product version : 10.8.2.334

    Engine version : 3.73.0.2420
    The engine version is out-of-date. The oldest supported version from the vendor is 3.74.1.

    Virus signatures last updated : 2018/11/12 Virus signatures last updated : 2018/11/12
    As a result, the remote host might be infected by viruses.

    However, I can't find instructions on how to update the Engine version to 3.74.1.

  • In reply to ISSA_SESC:

    Hello ISSA_SESC,

    you are just quoting IT~'s post - forgot to add content or is this an I have this problem too?

    Christian

  • In reply to QC:

    I am having the same same problem and I cut and pasted my Nessus results.  Here they are again below.  Hopefully you can see them now:

    I am seeing the same information from a Nessus report:

    Plugin Output: Sophos Anti-Virus is installed on the remote host :
    Installation path : C:\Program Files (x86)\Sophos\Sophos Anti-Virus

    Product version : 10.8.2.334

    Engine version : 3.73.0.2420
    The engine version is out-of-date. The oldest supported version from the vendor is 3.74.1.

    Virus signatures last updated : 2018/11/12 Virus signatures last updated : 2018/11/12
    As a result, the remote host might be infected by viruses.

    However, I can't find instructions on how to update the Engine version to 3.74.1.

  • In reply to ISSA_SESC:

    Hello ISSA_SESC,

    I can't find instructions on how to update the Engine version to 3.74.1
    maybe my post isn't as clear as I thought it is - I've left out the conclusion as I assumed it's obvious.
    There are no instructions because you can't update the engine because it is not (yet) out. Nessus incorrectly assumes the article lists actual definite deployment dates. Furthermore - I didn't mention this in my previous post - the "announcement" (that isn't one) of 3.74.1 for November is for the Preview version. For Recommended the estimate is Jan 2019.

    Christian

  • In reply to QC:

    Hi Christian,

    Thank you for the update and the details.  This will be good to note in my security report.  

  • In reply to QC:

    I had the same issue. I've opened a ticket with Nessus in hopes they will correct their plugin and get this fixed.

  • In reply to QC:

    Hi QC;

     

    Thanks for such great posts. As I can see from the dates of these posts, I believe we should have the update now. However, we are still having the same vulnerabilities being detected. Could you be please able to advise when the update would be released?

     

     

    Kind Regards;

     

     

    Abdul.

  • In reply to Abdul Jaleeli:

    Hello Abdul,

    when the update would be released
    can't say, I'm not Sophos. And Sophos likely won't tell - to quote from the Release Dates article: Further details and more precise dates are available to customers with Enhanced TAM support (whatever TAM support is). Furthermore there's proposed, confidence level, and last but not least may not be available ... during that month. Quite clear IMO that it's not about hard dates or that Jan means early January, first half of January.

    still having the same vulnerabilities (emphasis mine)
    this is a misunderstanding of Nessus' reports or - if it is them who call it vulnerability - a gross misinterpretation of said article. While the Engine Release Notes most of the time cite security and detection improvements and enhancements there's nothing that even remotely suggests that a previous engine version is vulnerable, would result in a vulnerability, or result in diminished detection rates. It seems that Nessus just takes some publicly available data and draws some rather debatable conclusion.

    Christian

  • In reply to QC:

    Thanks for the response Christian;

     

    I know you are not Sophos, however, I taught you might be well aware about them. 

  • In reply to QC:

    Hello QC,

     

    We are in Jan now, still the Ver. is as old :(

     

    Regards

    Faisal

  • In reply to Faisal Raza1:

    Hello Faisal,

    why this old :( - what are your concerns? Why this obsession with 3.74.1 or that it you have to have it by now?
    Is it still not clear what I am trying to say - well, apparently not. There's nothing wrong with 3.73. There's nothing wrong with your subscription that still doesn't contain 3.74.1. Everything is working fine (except Nessus).

    Christian

  • In reply to QC:

    Answer: Update your Nessus Plugin Database.

    I opened a ticket with Nessus and they fixed the Engine Version to the current Sophos version; the plugin is fixed. If your plugins are not automatically updating, then they will have missed the fix and you will still be seeing those "vulnerabilities".

    Just update your Nessus plugins.

    QC is correct. It is not a Sophos issue, it was a Nessus issue.