SURF 2.1.0930.0 Released

Overview

A new version of SURF is now available: 2.1.0930.0

This release includes several new features and updates to the application.

Watch an overview of SURF here: https://techvids.sophos.com/watch/vrakZMQkdhqKSXaFDMQeBD 

Release information

New Features

  • SFOS Health Report - Export to docx
    • The Health Report can now be exported to a document for accounting purposes
  • SFOS Health Report - Available to all users
  • Ability to run a specific rule against a CTR/SDU
  • Ability to filter rules by title

Improvements

  • New Icons
  • Stability improvements around processing CTRs/SDUs
  • SURF upgraded to be able to handle new log rotation actions for CTRs
  • Expanded descriptions added to the SFOS Health Check items

Bug Fixes

  • Updated several SFOS Health check items to have more stringent conditions so they don't trigger on rules where that setting doesn't really matter
  • Fixed issues with the rules engine not properly pulling/processing rules

Download the new version from: https://download.sophos.com/tools/SURF2.1.0930.0.msi 

  • Not working on Release channel of Windows 11 either

  • Can anyone help, i cant get SURF to run. 

    Getting two event log errors and GUI never shows up.

    First .Net Runtime Event ID 1026

    Application: SURF.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.DirectoryNotFoundException
       at System.IO.__Error.WinIOError(Int32, System.String)
       at System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CommonInit()
       at System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
       at System.IO.Directory.GetFiles(System.String, System.String)
       at SURFUI2.DataControllers.SDUController.initInventory()
       at SURFUI2.MainWindow..ctor()
    
    Exception Info: System.Windows.Markup.XamlParseException
       at System.Windows.Markup.XamlReader.RewrapException(System.Exception, System.Xaml.IXamlLineInfo, System.Uri)
       at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
       at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
       at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
       at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
       at System.Windows.Application.DoStartup()
       at System.Windows.Application.<.ctor>b__1_0(System.Object)
       at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
       at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
       at System.Windows.Threading.DispatcherOperation.InvokeImpl()
       at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
       at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
       at System.Windows.Threading.DispatcherOperation.Invoke()
       at System.Windows.Threading.Dispatcher.ProcessQueue()
       at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
       at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
       at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
       at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
       at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
       at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
       at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
       at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
       at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
       at System.Windows.Application.RunDispatcher(System.Object)
       at System.Windows.Application.RunInternal(System.Windows.Window)
       at SURFUI2.App.Main()
    


    Then

    Application Error Event ID 1000

    Faulting application name: SURF.exe, version: 2.0.120.0, time stamp: 0x81ab699b
    Faulting module name: KERNELBASE.dll, version: 10.0.22621.870, time stamp: 0x76a5df67
    Exception code: 0xe0434352
    Fault offset: 0x000000000009039c
    Faulting process ID: 0x0x62CC
    Faulting application start time: 0x0x1D8EEA36E4BBDC0
    Faulting application path: C:\Program Files\Sophos\SURF\SURF.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report ID: c0dabcdb-d246-4c69-8635-5a7ae1b155bc
    Faulting package full name: 
    Faulting package-relative application ID: 


    On current insider build of Windows 11 - Not DEV

  • Hi Prism,

    Thank you for reporting this. If you are willing to share the CTR with me - DM me.

  • Thanks for the update!

    I've found one small issue with Surf, which I will report soon with the feedback functionality.

    While I was looking at the data from a Sophos Firewall, It showed a "Warning" saying there has one Firewall rule didn't have traffic logging enabled, but this Firewall rule is a WAF policy, which by default logging is enabled and there's no way to disable it.