⚠️ Deprecation Warning
CentOS/RHEL/Oracle 6 2.6.32 as well as Ubuntu 14.04 3.13 and 3.16 kernel support will be dropped in this and all following releases. We are not looking to add these kernels in the future. Previous Sensors versions (<4.10) will continue to receive critical updates as needed but we recommend moving sensitive workloads to more updated kernels to maintain Sensor protections available.
✨ What's New
- Perf Sensor has had its Go implementation moved to C
- Adds Linux 5.15 and 5.16 support
- Content version is now included in Content logs and alerts
- Sensor alerts may now be output to Sophos EventJournal
🗝 Key Improvements
- Greater throughput performance throughout a variety of workloads due to new Perf Sensor implementation. More detailed benchmarks coming soon!
- Increased performance during initial file integretity monitor baselining
- Experimental alerts can now be marked as silent and not emitted as alerts
- Logs are now emitted by the supervisor process after being forwarded from the suprvised sensor process
- Out-of-order message log warnings moved to debug level
- Perf Sensor subcomponent can now dump its binary to disk with
🐛 Notable Bug Fixes
- Resolved a race condition when Sensor process is quickly restarted after starting
- Fixes a bug that caused numerous false negatives for interactive shell policies
- Sensor will now no longer exit if receiving unexpected message data on IPC socket
- Removed various ticker leaks leading to increased memory usage and degredation of detections capabilities
- Fixes a race condition in alert dispatcher that resulted in a segfault
- Fixes a a segfault in sensor_task_eventstate_timer
- Proper log messages are now sent upon the trigger process exits unexpectedly
- Drop WARN logs to DEBUG when a monitored process exits unexpectedly early
Please sign in to leave a comment.