PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
As I hope you are all aware the computer world is dealing with a vulnerability at the chip level, and patches are going out. The early access program for Intercept X is affected. If you are not on the EAP please see the Sophos Knowledge base article. https://community.sophos.com/kb/en-us/128053, and several news articles.
Current Sophos Shipping Products:
For customers running the current shipping Sophos Endpoint Standard, Advanced or Intercept X product no actions are required.
If you exit the EAP your endpoint will revert to Intercept X current shipping and no changes are required.
Machines in the EAP for Intercept X
If you want the Microsoft patch to auto install, you need to make the following registry change.
To enable auto download and install of the MS Patch confirm the following registry entry exists and is set.
Also see the Microsoft instructions
Security Advisory: ADV180002
AV Specific Info: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892?mkt_tok=eyJpIjoiWW1Sa04yRmxNRFV5WTJFeiIsInQiOiJQcElzMjV5YVRGSFlvUGhnZUN6bjdxc1JnK3hsWjFWNklzOWxUSk5DdDZhSmt5cjE1cWNZeTRYWnBkZUI4RHF0N1ZtMEQwQWc5bnF0ZzBNcU1ycHpmK1kzVkdHSW1XZlBHK1RcL0EzQ1RLcVh5bjlQVmdVck4yZStQRlZqMWNPbysifQ%3D%3D
For customers running Windows 10 Redstone 3 or 4
You will need to make an additional registry edit prior to applying the patch.
To get the Intercept X Sophos System Protector to run correctly we need to remove a registry setting.
- First from the administration console you need to disable tamper protection for the endpoint
- Next you will need to delete a registry setting for Sophos System Protector.
Delete the WOW64 registry key for the Sophos System Protection Service. “HKLM\SYSTEM\CurrentControlSet\Services\Sophos System Protection Service”
NOTE: Once we release the updated Intercept X product all of this is resolved and no changes to registry settings will be required. J