SonicWall® Capture Client 3.

0
Release Notes
April 2020
These release notes provide information about SonicWall® Capture Client 3.0 release. Capture Client 3.0 is a
feature release that includes new features and enhancements. It also identifies the issues resolved from
previous versions.

NOTE: Existing Capture Client implementations are not automatically updated. You need to actively
update your Capture Client policy and select the appropriate version for your configuration.
To update Capture Client:
1 Navigate to Security Policies > Capture Client.
2 Hover over the Capture Client policy.
3 Click Edit.
4 Select the Settings tab and choose the Capture Client version from the drop-down list.
5 Click Update.

Topics:
• About Capture Client
• System Requirements
• New Features and Enhancements
• Resolved Issues
• Known Issues
• Licensing
• Upgrading Information
• SonicWall Support

About Capture Client

SonicWall Capture Client is a unified client offering that delivers multiple client protection capabilities through a
unified interface. With a next-generation malware protection engine powered by SentinelOne, the SonicWall
Capture Client delivers advanced threat protection with these key features:
• Continuous behavioral monitoring of end users that helps create a complete profile of file activity,
application, and process activity, and network activity. This protects against both file-based and fileless
malware, delivering a 360⁰ attack view with actionable intelligence relevant for investigations.
• Multiple layered signatureless techniques include techniques for protecting cloud intelligence,
advanced static analysis and dynamic behavioral protection. They help protect against and remediate
well known, little known, and even unknown malware, without regular scans or periodic updates. This
maintains the highest level of protection at all times, without hampering user productivity.

SonicWall Capture Client 3.0 1

Release Notes
 • Unique roll-back capabilities support policies that not only remove the threat completely but also
restore a targeted client to its original state, before the malware activity started. This removes the effort
of manual restoration in the case of ransomware and similar attacks.
• Cloud-based management console reduces the footprint and overhead of management. It improves the
deployability and enforceability of endpoint protection, irrespective of where the endpoint is.
The size of your Capture Client tenancy is only limited by the number of endpoint licenses procured.

System Requirements
Capture Client is a comprehensive endpoint security solution that protects Windows and macOS devices. It is
administered from the SonicWall Cloud Management Console, a cloud service requiring only a web browser and
an internet connection. To get maximum performance and protection, the following standards are
recommended:
• Minimum Hardware Requirements
• Supported Operating Systems
• Capture Client Compatibility with S1
• Browser Levels
• Third Party Software Interoperability

Minimum Hardware Requirements

To install Capture Client on a PC or Mac, the device must meet the following hardware requirements:

Specification Minimum Recommended

CPU requirements
Memory requirements
Storage requirements
1 GHz or better Dual-core processor is
recommended. Beginning with
Capture Client 1.0.24 for Windows
and macOS, you can install on a
single-core CPU, but performance
is not optimal.
1 GB RAM or more 3 GB RAM is recommended
2 GB free disk space on the
Windows partition.

To install Capture Client on a system running Linux, the device must meet the following hardware requirements:

Specification Minimum Recommended

CPU requirements
SSE4.x instruction support CPU
Memory requirements
Storage requirements
1 GHz or better Dual-core processor is
recommended.
NOTE: Some virtual environments mask support for advanced CPU
capabilities. See your VM vendor documentation.
1 GB RAM or more 2 GB RAM is recommended.
1 GB free disk space 3 GB in /opt/sentinelone

SonicWall Capture Client 3.0 2

Release Notes
Supported Operating Systems
Capture Client supports endpoints (PCs, laptops, tablets, and other devices) running the following operating
systems. Capture Client’s advanced threat protection is powered by SentinelOne, and the SentinelOne agent is
automatically installed and configured according to the Threat Protection security policy. The recommended
SentinelOne agent version is listed below.

Preferred
Operating System Version SentinelOne Agent
Windows Operating System
Windows Server 2019 4.0.4.81 or later is
2016 preferred for all Windows
versions listed here.
2012 R2, 2012
2008 R2
Windows 10 32- and 64-bit
Windows 10 RS5 on 32- and 64-bit
Windows 8 Version 8.1 on 32- and 64-bit
Windows 7 Version 7 SP1 on 32- and 64-bit
NOTE: All agents running on Windows that are supported according to SentinelOne’s life cycle are tested for
compatibility with each Windows 10 Redstone release. Supported editions of Windows 7, 8, 8.1 and 10
include Home, Pro, Pro for Workstations, Enterprise, Education, Pro Education, and Enterprise LTSC. Core and
Mobile editions are not supported.
mac Operating System
macOS 10.15.4 Catalina 4.0.3.3085 or later
NOTE: Due to Apple Notarization requirements, macOS 10.15 up to 10.15.2 requires Capture Client 2.0.20 or
later and SentinelOne 3.2.1.2800 or later. macOS 10.15.3 or later requires SentinelOne 3.6.1.2964 or later to
be installed before upgrading macOS to 10.15.3.
macOS 10.14 and newer up to Mojave 4.0.3.3085 or later
10.14.6
NOTE: The SentinelOne macOS 2.6.3 or later is required for macOS Mojave. An existing SentinelOne 2.6.2 or
2.6.0 version must be upgraded to 2.6.3 or later, before upgrading to macOS Mojave.
NOTE: macOS 10.14.5 or later requires Capture Client 2.0.10 or later and SentinelOne 3.0.4 or later due to
Apple Notarization requirements.
macOS 10.13 or later High Sierra 4.0.3.3085 or later
macOS 10.12 Sierra 4.0.3.3085 or later
Linux Operating Systems
Amazon Linux 2018.03 4.0.3.11
2017.03
AMI 2
Red Hat Enterprise Linux (RHEL) 8 4.0.3.11
7.x
6.4+
Ubuntu 19.04, 19.10 4.0.3.11
18.04
16.04
14.04
CentOS 7.x 4.0.3.11
6.4+

SonicWall Capture Client 3.0 3

Release Notes
 Preferred
Operating System Version SentinelOne Agent
Oracle Linux (OL) 7.x 4.0.3.11
(formerly known as Oracle 6.9, 6.10
Enterprise Linux or OEL)
SUSE Linux Enterprise Server 12 4.0.3.11
Fedora 25, 26, 27, 28, 29, 30 4.0.3.11
Debian 8, 9, 10 4.0.3.11
Virtuozzo 7 4.0.3.11
SELinux 4.0.3.11
NOTE: SELinux OS policies have preference over Sentinel One agent functionality.
Scientific Linux 7 4.0.3.11
6

Installation Notes
To ensure Capture Client operates effectively, the following guidelines are recommended:
• .NET Framework 4.0 or later needs to be installed. For Windows 7 and Windows 2008 R2, you may be
prompted for .NET 4.0 to be installed.
• On Windows 7, install the update to enable TLS 1.1 and TLS 1.2 as the default secure protocols in
WinHTTP in Windows. Add the registry subkey. These options are not supported in the default Windows
7 installation.
• For Windows 7 SP1 and Windows Server 2008 R2, the Microsoft Security Advisory 3033929,
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3033929, must be installed
to meet the minimum requirements for the Capture Client installer. It provides SHA-2 Code Signing
Support.
• When the following Microsoft Security Updates are installed, you must restart the endpoint and run the
Agent installation again.
• Update 2758857 for Windows 7 and Windows Server 2008 R2 (https://www.microsoft.com/en-
us/download/details.aspx?id=35973)
• Update 2533623 for Window 7 SP1 and Windows Server 2008 R2
(https://www.microsoft.com/en-us/download/details.aspx?id=26767)
• Configure Microsoft Windows Volume Shadow Copy Service (VSS) before you install the agent. More
information is available in this knowledgebase article: https://www.sonicwall.com/support/knowledge-
base/configuring-windows-vss-for-rollback/180614060954053/.

SonicWall Capture Client 3.0 4

Release Notes
Capture Client Compatibility with S1
The following table lists which SentinelOne (S1) agents are compatible with each Capture Client release.

Capture Client SentinelOne Version for SentinelOne Version for SentinelOne Version for
Version Windows macOS Linux
2.0.17 2.8.2.6745 3.0.2.2629 Not applicable
3.0.2.35 3.0.4.2657
3.1.5.63 3.2.0.2671
3.3.3.29 3.4.2.2857
3.4.4.5.1 3.6.0.2908
3.6.6.104 4.0.3.3085 (recommended)
4.0.4.81 (recommended)
2.0.20 3.0.2.35 3.0.2.2629 Not applicable
2.8.2.6745 3.0.4.2657
3.1.5.63 3.2.0.2671
3.3.3.29 3.2.1.2800
4.0.4.81 (recommended) 4.0.3.3085 (recommended;
must for fresh install of
2.0.20)
2.0.24 3.0.2.35 3.0.4.2657 Not applicable
3.1.5.63 3.2.0.2671
3.3.3.29 3.2.1.2800
3.4.4.51 3.4.2.2857
4.0.4.81 (recommended) 4.0.3.3085 (recommended;
must for fresh install of
2.0.24)
2.0.27 3.0.2.35 3.0.4.2657 Not applicable
3.1.5.63 3.2.0.2671
3.3.3.29 3.2.1.2800
3.4.4.51 3.4.2.2857
3.6.6.104 3.6.0.2098
4.0.4.81 (recommended) 4.0.3.3085 (recommended;
must for fresh install of
2.0.27)
2.0.28 3.0.2.35 3.0.4.2657 Not applicable
3.1.5.63 3.2.0.2671
3.3.3.29 3.2.1.2800
3.4.4.51 3.4.2.2857
3.6.6.104 3.6.0.2098
4.0.4.81 (recommended) 3.6.1.2964
4.0.3.3085 (recommended;
must for fresh install on
macOS 10.15.3)
3.0 3.4.4.5.1 3.4.2.2857 3.5.2.6
3.6.6.104 3.6.0.2908 4.0.3.11 (recommended)
3.7.2.45 3.6.2.2982
4.0.4.81 (recommended) 4.0.3.3085 (recommended)

SonicWall Capture Client 3.0 5

Release Notes
Browser Levels
Based on the operating system you are using, the following browser levels are supported.

NOTE: These browser levels apply to the browser running the Cloud Management Console.

Windows Windows Windows Windows

Browser Supported Vista Linux macOS
Server 10 8 7
Internet Explorer 11    
Microsoft Edge (latest  
version)
Mozilla Firefox       
(version 52.5 ESR or later)
Google Chrome (latest       
version)
Apple Safari (latest 
version)

Third Party Software Interoperability

Some software applications are known to have interoperability issues with Capture Client and SentinelOne. You
can work around these issues by creating an exclusion and pushing it to the clients. Refer to this knowledge base
article for more information: https://www.sonicwall.com/support/knowledge-base/180514100738172/.

SonicWall Capture Client 3.0 6

Release Notes
New Features and Enhancements
Capture Client has been updated with several new features and enhancements to improve its client protection
capabilities. Refer to the Capture Client Operations Guide for more information on how to use these features.

Topics:
• Web Content Filtering
• Application Risk Management
• Active Directory Integration
• Notifications
• Support for Linux Endpoints
• Capture Client Version Management Improvements

Web Content Filtering

The ability to perform web content filtering has been added to Capture Client’s policy management. You can
configure policies that allow or block access to various websites. This allows endpoint security and content
filtering to be managed from the same management console, simplifying administration. The feature also
includes web activity reporting for easier monitoring.

NOTE: To enable this feature, the Capture Client Advance License is required.

There are several aspects to creating a strong content filtering policy. First it needs to be created, followed by
editing it to set the parameters you want. Use the following steps to guide you:
1 Add a web content filter.
2 Edit the web content filter.
3 Customize the default or timed filter features.
4 Set up localhost filtering.
Refer to the Capture Client Operations Guide for more details.

Application Risk Management

Capture Client can help manage the risks associated with applications that do not have the latest patches.
Unpatched applications can be vulnerable to exploits which exposes your entire IT infrastructure.

NOTE: To enable this feature, the Capture Client Advance License is required.

For details about application risk, navigate to Analytics > Application Risk. The table there lists the unpatched
applications and provides a risk level for each. The risk levels are:
• Critical (dark red)
• High (bright red)
• Medium (orange)
• No known risk (green)

SonicWall Capture Client 3.0 7

Release Notes
Active Directory Integration
Because many customers use Active Directory (AD) to manage users and devices, Capture Client was enhanced
so you could define policies based on groups that users belongs to and/or organizational units (OUs) that the
devices belong to. Active Directory can be further leveraged to define different kinds of policies based on
content filtering requirements, Trusted Certificates, and so forth.
The AD enhancements include:
• Creating dynamic user groups based on Active Directory User Group names.
• Creating dynamic user groups based on Active Directory OU names.
• By default, being able to browse devices by groups and being able to easily see the devices in a specific
group.
• Importing static, directory-service, user groups into Capture Client.
• Importing static, directory-service, device groups into Capture Client.
• Using the API to get user group memberships belonging to a single user.
Navigate to Protection > Groups to define dynamic and static groups to manage and protect.

Notifications
The Notifications feature allows administrators and users to see the status of any threats, events or alerts and to
set the rules for the kinds of notifications associated with these activities. When you first log into the Capture
Client, you can quickly see the number of notifications that are pending some kind of acknowledgment. Click
the Notifications icon in upper right corner, which opens the Notification Center.
All alerts are also listed in a table at Overview > Alerts. The table lists the alert severity, time it was detected,
type of issue, message, and status. Once you mouse over a particular threat, you also have the option to Mark it
as read or Delete it.
You can customize the alerts and notification settings to notify you of the things you are most concerned with.
Navigate to Management > Notifications to see all the options. You can set up notifications for:
• Email Settings
• Threats
• Threat Detected
• Threat Killed and Quarantined/Remediated
• Suspicious Activity Detected
• Suspicious Activity K&Q/Remediated
• Device events
• Infected Device
• Device Offline
• Scan Started
• Scan Completed Successfully
• Scan Completed with Errors
• Other Devices Event
• Licenses
• License Expiring Soon
• License Expired

SonicWall Capture Client 3.0 8

Release Notes
 • Management events
• Global Notification
• Planned Maintenance
• New Version Available
• Incompatible versions
• End of Support
• Invalid Release
• Other Console Event

Support for Linux Endpoints

By leveraging the native SentinelOne Linux agent, Capture Client can now protect Linux endpoints from
malware. It allows autonomous detection and protection to function in a mission-critical datacenter or in a
standalone/disconnected network. Internet-facing services using Linux are often vulnerable to attack, but now
those critical workloads can be secured. Refer to the Capture Client Operations Guide for more details.
The features supported for Linux include:

Feature Options Supported Options Not Available

Overview > Dashboard
Administration > Threats
Protection > Devices
Protection > Groups
Security Policies
Configuration
Application Risk
Unresolved Detections view Blocked Web Activity view
Online Clients view
Threats, threats list, and threat Capture ATP is not supported
details included attack storyline Rollback feature
Device details as shown on the The Device Command Menu is
device list limited to those items supported by
Upgrade Client SentinelOne Linux agent actions
Dynamic Groups tab
Static Groups tab
Capture Client policies Trusted Certificates
Threat Protection policies Web Content Filtering
Exclusions Device Control
Blacklist
Analytics > Application Risk
Dashboard > Vulnerable Apps
Protection > Devices, select View
Details and select the Applications
tab.

Additional features that are not supported for Linux devices includes:
• Device control
• Web Protection
• Firewall enforcement

SonicWall Capture Client 3.0 9

Release Notes
Capture Client Version Management
Improvements
The version of Capture Client (and the relevant agents) installed on the device is normally defined by the client
policy that applies to this device. However, administrators might want to test a new version of Capture Client on
a select number of devices before deploying them everywhere. This feature adds an option in the device menu
to upgrade a specific device to another version of Capture Client.

NOTE: Only upgrade is supported, not downgrading to prior versions.

To upgrade Capture Client and threat protection on a specific endpoint:

1 Log into CMC as an Administrator, Global Admin or Super Admin.
2 Navigate to Protection > Devices.
3 Hover over a device and click on the Options (cogwheel) menu.
4 Select Upgrade Client in the drop-down list.
5 Select a version of Capture Client from the list.

6 Select a version of Threat Protection from the list.

7 Click Upgrade Client.

8 Observe that a command has been sent to the client.
9 After a few minutes, verify that the client has been upgraded to the requested version.
10 To upgrade another device, click on another device to open the device details page.
11 Click on the Options menu on the top-right of the screen.
12 Repeat steps 4-10 and verify that the device is upgraded correctly.

SonicWall Capture Client 3.0 10

Release Notes
Resolved Issues
This section provides a list of issues resolved in this release.

Resolved issue Issue ID

The CATP Report section does not load on Analytics > Threats > Threat Details page, and the UC-2470
report generated shows An error occurred, PDF generation was aborted under Capture ATP
History (last 24 hours).
During fresh installation of Capture Client 3.0 on Windows 8.1 64-bit and Windows Server 2008 UC-2211
client machines that don’t have Microsoft Visual C++ 2017 installed, an error message "Invalid
Tenant Id" is displayed.
The reboot prompt is not appearing for all the Windows servers and Windows Client versions UC-2126
during a fresh installation.
When in a multi-tenancy environment, the total number of ONLINE CLIENTS with the All Tenants UC-2058
option and the tenant-selector box selected in the Dashboard page is displayed incorrectly.
Endpoint name changes are not reflected on the Devices page. UC-1964
The Go Back option in the Usage tab of a Threat Protection policy is not working. UC-1957
A duplicate entry is observed for endpoints in Protection > Devices page on the console. UC-1950
Devices are not getting removed from the Static Devices Group. UC-1908
Pagination breaks on Threat Details page when entries exceed 1000. UC-1809
The Add certificate in Firefox certificate store option does not work on macOS 10.12.6 clients. UC-1689
Users are not prompted to reboot their system after installing of Capture Client 2.0.7 with UC-1683
SentinelOne build 3.0.3. It also happens when installing Capture Client 2.0.10 on Windows 2019
Core, Window 2012 R2 and Windows 8.1.
An exported CSV file from the Exclusion page doesn't display any data when exported with UC-1682
option Current list only.
The Default Threat Protection Policy cannot be deleted when Custom Threat Protection Policy UC-1660
is marked as the default.
Hash values under the blacklist are automatically getting added to the global exclusion list after UC-1627
detection. Entries in the blacklist should not be automatically added to the global exclusion list.
The number of devices to which a Capture Client policy is assigned is incorrect in the USAGE UC-1616
section of the Capture Client policy.

Known Issues
This section provides a list of known issues in this release.

NOTE: The Upgrade Client option doesn’t work if the endpoint device is enforced with either the
default/custom client policy and the endpoint Capture Client version is less than 3.x.

Known issue Issue ID

On Devices, CURRENT USER is showing as none for Linux devices. UC-2665
The Network Protection status in the Summary page of Capture Client interface displays UC-2092
SonicWall Firewall Enforced even though Anti-Virus Enforcement is disabled on Zones.
SentinelOne stays Active on endpoint after Capture Client gets automatically decommissioned. UC-1965

SonicWall Capture Client 3.0 11

Release Notes
Known issue Issue ID
The Dock icon is not removed for Capture Client after successful uninstall on Mac OS 10.14.x. UC-1802
Inconsistent filtering results are shown on the Analytics > Threats page. UC-1687

Licensing
SonicWall Capture Client can be licensed as a security service associated with a SonicWall network security
appliance or as a standalone service without an associated appliance.

Topics:
• Licensing with a Network Security Appliance
• Licensing without a Network Security Appliance

Licensing with a Network Security

Appliance
To license SonicWall Capture Client with a network security appliance:
1 Log into your network security appliance as an administrator.
2 Navigate to the MANAGE | Updates > Licenses page.
3 In the pane to Manage Security Services Online, click the link to log into mySonicWall and activate the
Capture Client license.
4 Click the SYNCHRONIZE button to synchronize all your licenses on the appliance.

Licensing without a Network Security

Appliance
To provision Capture Client without a network security appliance:
1 Log into mySonicWall at https://www.mysonicwall.com/muir/login/step2.
2 Navigate to Products Management > My Products.
3 Click the + (Add Client Licenses) icon.

SonicWall Capture Client 3.0 12

Release Notes
4 To register a client licenses group, Enter the client license name, select the appropriate Tenant Name
from the drop-down list, and then click Confirm.

5 Click <Licenses> icon on the newly created client license in the table.

6 On the LICENSES page, scroll down to the DESKTOP & SERVER SOFTWARE section, find Capture Client in
the list, and click Action on Tenant.

7 Enter the activation key if you have and click Confirm, or click Cancel.

SonicWall Capture Client 3.0 13

Release Notes
 8 Click the Cart icon to purchase a license for Capture Client, click Try for a free trial, or click the Key icon to
activate your license with a key from your provider.

9 Once the server has been licensed, click on the <Service Status> icon.

10 Select Click here to access your Security Center. This redirects you to the Client Management Console for
login.

Upgrading Information
When initially setting up your Capture Client implementation, you can opt for self-managed updates or
SonicWall-managed updates. For the self-managed option, you control which version of the client get installed
on your devices by manually updating the required client version in the Capture Client policy. If you choose
SonicWall-managed under the Capture Client Policy, client systems are automatically upgraded when SonicWall
releases and promotes a new version of Capture Client. Refer to the Capture Client Operations Guide for details
on how to configure this.

NOTE: The Upgrade Client option is available beginning with the Capture Client 3.0 release. Customers
running older versions should not try the Upgrade Client option.

SonicWall Capture Client 3.0 14

Release Notes
SonicWall Support
Technical support is available to customers who have purchased SonicWall products with a valid maintenance
contract and to customers who have trial versions.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.
The Support Portal enables you to:
• View knowledge base articles and technical documentation
• View video tutorials
• Access mySonicWall
• Learn about SonicWall professional services
• Review SonicWall Support services and warranty information
• Register for training and certification
• Request technical support or customer service
To contact SonicWall Support, visit https://www.sonicwall.com/support/contact-support.

SonicWall Capture Client 3.0 15

Release Notes
Copyright © 2020 SonicWall Inc. All rights reserved.
This product is protected by U.S. and international copyright and intellectual property laws. SonicWall is a trademark or
registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and
registered trademarks are property of their respective owners.
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates' products. No license,
express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection
with the sale of SonicWall products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE
AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS
ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT
SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR
INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR
LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS
AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no
representations or warranties with respect to the accuracy or completeness of the contents of this document and reserve the
right to make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates
do not make any commitment to update the information contained in this document.
For more information, visit https://www.sonicwall.com/legal.
To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/legal/eupa.

Legend
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are
not followed.

IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

Last updated: 4/29/20

232-005273-00 Rev A

SonicWall Capture Client 3.0 16

Release Notes