These are the release notes for Intercept X Advanced for Server with EDR for Windows Server 2008 R2 and later operating systems.
Some of the features mentioned in these release notes are only available if you have the appropriate license.
You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.
HitManPro.Alert has been updated to 126.96.36.1993.
|WINEP-22855||HitmanPro.Alert||Resolved an issue in which files processed by the Lacerte tax application trigger a Sophos CryptoGuard detection.|
|WINEP-23600||HitmanPro.Alert||Resolved an issue in which copying files using Perl triggers false Sophos CryptoGuard detections.|
|WINEP-24788||HitmanPro.Alert||Resolved issues with opening applications when Sophos Intercept X is installed.|
|WINEP-24979||HitmanPro.Alert||Resolved an issue in which the DATAC accounting application triggers a Sophos CryptoGuard detection.|
|WINEP-22721||HitmanPro.Alert||Resolved performance issues.|
|WINEP-25281||HitmanPro.Alert||Resolved an issue in which running a program called FLS VISITOUR Client 3.0 causes a Code Cave detection to occur.|
|WINEP-25612||HitmanPro.Alert||Resolved an issue in which running Digital Guardian and Intercept X causes Microsoft Outlook to stop.|
|WINEP-25816||HitmanPro.Alert||Resolved an issue in which running Citrix and Intercept X causes slow startup of computers.|
|WINEP-26020||HitmanPro.Alert||Resolved an issue in which Intercept X causes an application called ShopVue to stop.|
|WINEP-26083||HitmanPro.Alert||Resolved an issue in which running Intercept X causes an application called MeyerFire Toolkit to stop.|
|WINEP-27200||HitmanPro.Alert||Resolved an issue in which using TIFF as a file extension triggers false Sophos CryptoGuard detections.|
|WINEP-27353||HitmanPro.Alert||Resolved an issue in which Windows computers fail to restart from sleep mode.|
|WINEP-27965||HitmanPro.Alert||Resolved an issue with 32-bit computers running Windows 7 stopping.|
|WINEP-28764||HitmanPro.Alert||Resolved an issue with multiple applications stopping when running AMSIGuard.|
|Sophos Central Server
Windows Server 2008 R2 and later
|Machine Learning Engine||Updates dynamically||Updates dynamically||Updates dynamically||Updates dynamically||188.8.131.52||184.108.40.206||220.127.116.11||18.104.22.168||22.214.171.124||126.96.36.199|
|Machine Learning Model||Updates dynamically||Updates dynamically||Updates dynamically||Updates dynamically||20190222||20181024||20180820||20180611||20180611||20180410|
|Sophos Machine Learning Engine||1.1.148||1.1.148||1.1.148||1.1.148||1.1.148||1.1.148||1.1.148||1.1.148||1.1.148||1.1.148|
You should also read the Sophos Server Core Agent release notes. They cover the changes, resolved issues and known issues for the core components.
For information about the changes to the Sophos Server Core Agent, see the Sophos Server Core Agent release notes.
For information about the changes to Sophos Central Server Anti-Virus, see the Sophos Central Server Anti-Virus release notes.
For improvements and new features in Sophos Central, see What's new in Sophos Central.
Occasionally an update requires a restart. Sophos never forces this restart and there is no impact on protection or threat detection updates during the period before the restart.
We recommend that you schedule a restart during your next maintenance window to ensure that you are running the latest version.
HitManPro.Alert has been updated to 188.8.131.521.
|WINEP-24365||HitmanPro.Alert||Resolved an issue on Windows 7 64 bit in which Google Chrome stops responding when it is opened.|
|WINEP-24165||HitmanPro.Alert||Resolved an issue in which running an ALPS touch pad driver causes Windows to stop unexpectedly.|
|WINEP-23418||HitmanPro.Alert||Reduced memory usage during CryptoGuard backup to reduce the likelihood of stack exhaustion when CryptoGuard is run alongside some third-party software.|
|WINEP-22509||HitmanPro.Alert||Resolved an issue that affects the performance of Sophos CryptoGuard with Caselle Connect.|
|WINEP-22307||HitmanPro.Alert||Resolved an issue in which Microsoft Excel stops responding if hmpalert.dll is loaded.|
|WINEP-23475||HitmanPro.Alert||Resolved an issue to mitigate against the RIPlace evasion technique.|
|WINEP-23022||HitmanPro.Alert||Added a check of alerts to ensure that they are valid XML and can therefore be sent to the management console.|
|WINEP-22694||HitmanPro.Alert||Resolved an issue in which alerts that are triggered by HitmanPro.Alert are not sent to the management console.|
|WINEP-21284||HitmanPro.Alert||Resolved an issue in which a StackExec detection occurs while browsing an internal website.|
|WINEP-22968||HitmanPro.Alert||Resolved an issue in which running a program called Flight Time causes a CodeCave detection to occur.|
|WINEP-22653||HitmanPro.Alert||Resolved an issue with a CallerCheck exception in Microsoft Word documents.|
|WINEP-22425||HitmanPro.Alert||Resolved an issue in which a LoadLib detection occurs while browsing the Centricity Enterprise website.|
|WINEP-21285||HitmanPro.Alert||Resolved an issue in which decrypted files that IFMS decryption software places on a file server trigger a Sophos CryptoGuard IP detection.|
|WINEP-16280||HitmanPro.Alert||Resolved an issue in which a previously allowed application needed to be re-allowed after it was updated.|
This release supports the following new protection features. These will initially be turned on only for servers in early access program subscriptions, before being turned on for all Intercept X customers:
HitManPro.Alert has been updated to 184.108.40.2066.
|WINEP-21933||HitmanPro.Alert||Resolved an issue in which the thumbprint required to allow a lockdown alert is changed every time the application is run.|
|WINEP_20880||HitmanPro.Alert||Resolved an issue in which CryptoGuard detects an attack when EPS files are copied to a file server share.|
|WINEP-20812||HitmanPro.Alert||Resolved an issue that caused laptops to occasionally stop when docked.|
|WINEP-20759||HitmanPro.Alert||Resolved an issue in which the HitmanPro.Alert service crashes after updating to 220.127.116.117.|
|WINEP-20438||HitmanPro.Alert||Resolved an issue in which CryptoGuard is triggered on a file server because of actions being performed on endpoints using an application called AdvantX.|
|WINEP-20356||HitmanPro.Alert||Resolved an issue in which Import Address Table Access Filtering exploit detections are triggered against Microsoft Office applications, as well as Adobe Acrobat and nschill.exe.|
|WINEP-19843||HitmanPro.Alert||Resolved an issue in which two different lockdown detections happen at the same time.|
|WINEP-19818||HitmanPro.Alert||Resolved an issue in which, with CryptoGuard turned on, the PAEXEC application fails to load.|
|WINEP-19765||HitmanPro.Alert||Resolved an issue in which HitmanPro.Alert caused the operating system to stop unexpectedly on a server.|
|WINEP-19707||HitmanPro.Alert||Resolved an issue in which a ZENworks virtual application fails to open.|
|WINEP-19647||HitmanPro.Alert||Resolved an issue in which a lockdown is detected on Foxit Reader when attempting to open it.|
|WINEP-19378||HitmanPro.Alert||Resolved an issue in which Cygwin commands fail.|
|WINEP-19359||HitmanPro.Alert||Resolved an issue in which SecureCS is detected as ransomware.|
|WINEP-19351||HitmanPro.Alert||Resolved an issue in which a CryptoGuard detection occurs in an internal application: FIS Direct Branch or COCC.|
|WINEP-19320||HitmanPro.Alert||Resolve an issue in which Central endpoints trigger alternate Policy non-compliance: Exploit Detection and Policy in compliance: Exploit Detection events.|
|WINEP-19174||HitmanPro.Alert||Resolved an issue in which a CryptoGuard detection occurs at remote IP addresses when files are saved to a shared files server.|
|WINEP-19100||HitmanPro.Alert||Resolved an issue in which Directory Opus 12 triggers a CryptoGuard remote ransomware detection.|
|WINEP-17943||HitmanPro.Alert||Resolved an issue in which Digital Guardian DLP causes an intruder detection to be reported while the user is browsing in Microsoft Edge.|
This version includes improvements and fixes to HitManPro.Alert.
HitManPro.Alert has been updated to 18.104.22.168.
|WINEP-16237||HitmanPro.Alert||Resolved an issue preventing a secure email gateway processing emails.|
|WINEP-16354||HitmanPro.Alert||Resolved an issue with the CryptoGuard folder not emptying correctly on a file server.|
|WINEP-17173||HitmanPro.Alert||Resolved an issue with ROP detection in Microsoft Excel with encrypted documents.|
|WINEP-17347||HitmanPro.Alert||Resolved an issue with DNS resolution failing.|
|WINEP-17406||HitmanPro.Alert||Resolved an issue with AppSense failing to install.|
|WINEP-17454||HitmanPro.Alert||Resolved an issue with a Caller Check exception in Internet Explorer 11.|
|WINEP-17842||HitmanPro.Alert||Resolved an issue with CryptoGuard detecting an attack in RoboCopy copying files.|
|WINEP-18105||HitmanPro.Alert||Resolved an issue with CryptoGuard slowing down the digitial file signature checking process.|
|WINEP-18169||HitmanPro.Alert||Resolved an issue with false CryptoGuard detections when generating Microsoft Word documents remotely.|
|WINEP-18181||HitmanPro.Alert||Resolved an issue with CryptoGuard checking excluded processes.|
|WINEP-18292||HitmanPro.Alert||Resolved an issue with a Caller Check exception in Microsoft Outlook.|
|WINEP-18353||HitmanPro.Alert||Improved CryptoGuard's performance with excluded files.|
|WINEP-18520||HitmanPro.Alert||Resolved an issue with running secure apps in Firefox.|
|WINEP-18583||HitmanPro.Alert||Resolved an issue with a Caller Check exception in macro enabled Microsoft Excel files.|
|WINEP-18667||HitmanPro.Alert||Resolved an issue with HitmanPro.Alert upgrades causing servers to stop.|
|WINEP-18722||HitmanPro.Alert||Resolved an issue with HitmanPro.Alert failing to add files as exceptions.|
|WINEP-18783||HitmanPro.Alert||Resolved performance issues with HitmanPro.Alert.|
|WINEP-18873||HitmanPro.Alert||Resolved an issue with HitmanPro.Alert preventing encrypted remote sessions starting.|
|WINEP-18893||HitmanPro.Alert||Resolved an issue with HitmanPro.Alert causing machines running Windows 10 (1803) to stop.|
|WINEP-18915||HitmanPro.Alert||Resolved an issue with false CryptoGuard detections when encrypting files.|
|WINEP-19078||HitmanPro.Alert||Resolved an issue with false CryptoGuard detections when encrypting files remotely with SafeGuard File Encryption 8.10.2.|
|WINEP-19179||HitmanPro.Alert||Resolved an issue with false CryptoGuard detections when encrypting files remotely with etfile.|
|WINEP-19282, WINEP-17047||HitmanPro.Alert||Resolved issues with Caller Check exceptions in games.|
|WINEP-19792||HitmanPro.Alert||Resolved an issue with HitmanPro.Alert causing servers running Windows Server 2008 R2 to stop.|
|WINEP-15961||HitmanPro.Alert||Resolved an issue with saving Microsoft Office files to a network share when CryptoGuard is installed.|
|WINEP-16679||HitmanPro.Alert||Resolved an issue with false CryptoGuard detections when Safeguard File Encryption is installed.|
|WINEP-17244||HitmanPro.Alert||Resolved memory issues on Windows 2012 servers.|
|WINEP-15669||HitmanPro.Alert||Resolved an issue with Microsoft Application Verifier protected apps not starting.|
|WINEP-15791||HitmanPro.Alert||Resolved an issue with running the Microsoft Office NetDocuments plugin in Internet Explorer 11.|
|WINEP-15954||HitmanPro.Alert||Resolved an issue with false Data Execution Prevention (DEP) detections when creating PDF files in Adobe Acrobat 2017.|
|WINEP-16207||HitmanPro.Alert||Resolved an issue with reading ebooks in Internet Explorer 11.|
|WINEP-16564||HitmanPro.Alert||Resolved an issue where vswhere.exe doesn't run (first time) when CryptoGuard is turned on.|
|WINEP-16763||HitmanPro.Alert||Resolved false hollow process detections with open source office suite and eye tracking software.|
|WINEP-16974||HitmanPro.Alert||Resolved an issue with detections in auditing software.|
|WINEP-17393||HitmanPro.Alert||Resolved an issue with APC alert reporting.|
|WINEP-17439||HitmanPro.Alert||Resolved false hollow process detections in Microsoft Visual Studio 2017.|
|WINEP-16914||HitmanPro.Alert||Resolved an issue with CryptoGuard detections in PDF files.|
|WINEP-20547||HitmanPro.Alert||Resolved an issue with logging off from Windows after upgrading Windows 10 to version 1903.|
|WINEP-21188||HitmanPro.Alert||Resolved an issue that could cause an older version of a component to be loaded instead of the latest.|
This version includes improvements and fixes to HitManPro.Alert.
HitManPro.Alert has been updated to 22.214.171.1246.466.
Machine Learning Model has been updated to 20190222.
This version includes improvements and fixes to HitManPro.Alert./p>
HitManPro.Alert has been updated to 126.96.36.1992.174.
Machine Learning Model has been updated to 20181024.
|WINEP-15695||HitmanPro.Alert||Resolved an issue with an IP Cryptoguard detection when using the NGEN publishing application.|
|WINEP-14950||HitmanPro.Alert||Resolved an issue with ROP detection in Winword.exe.|
|WINEP-14858||HitmanPro.Alert||Resolved an issue with ROP detection in several applications.|
|WINEP-14833||HitmanPro.Alert||Resolved an issue with ROP detections in Chrome 67 and later.|
|WINEP-14590||HitmanPro.Alert||Resolved an issue with intruder detections in Chrome and Internet Explorer with LANDesk installed (SoftMon.exe)|
|WINEP-14505||HitmanPro.Alert||Resolved an issue with PDFs failing to open from the command line.|
|WINEP-14442||HitmanPro.Alert||Resolved an issue with a Caller Check exception in Outlook when the SNAPAddy plugin is installed.|
|WINEP-14253||HitmanPro.Alert||Resolved memory issues that caused Windows to stop.|
|WINEP-14139||HitmanPro.Alert||Resolved an issue with Skype failing during a video call.|
|WINEP-13578||HitmanPro.Alert||Resolved an issue with an IP Cryptoguard detection in Lotus Notes.|
|WINEP-13460||HitmanPro.Alert||Resolved an issue with Windows 7 computers hanging on shutdown.|
|WINEP-13454||HitmanPro.Alert||Resolved an issue a false LoadLib exploit detection in Firefox.|
|WINEP-13338||HitmanPro.Alert||Resolved an issue with Wipeguard protection not working on Hyper-V virtualized systems.|
|WINEP-13238||HitmanPro.Alert||Resolved an issue with a Caller Check exception in Excel when the UnionSquare plugin is installed.|
|WINEP-13230||HitmanPro.Alert||Resolved an issue with a Windows 7 machine freezing when running Intercept X and Symantec Endpoint 14.0.3897.1101.|
|WINEP-13209||HitmanPro.Alert||Resolved an issue with false ROP exploit detection with Excel documents containing multiple macros.|
|WINEP-13164||HitmanPro.Alert||Resolved an issue with a Cryptoguard detection in AppLife Update.|
|WINEP-13162||HitmanPro.Alert||Resolved an issue with false detections when Digital Guardian is installed.|
|WINEP-12989||HitmanPro.Alert||Resolved an issue with a HitmanPro.Alert driver causing Windows to stop.|
|WINEP-12932||HitmanPro.Alert||Resolved an issue with a Lockdown detection in Internet Explorer when accessing an internal web app.|
|WINEP-12840||HitmanPro.Alert||Resolved an issue with detections in a debug version of the Flash ActiveX plugin.|
|WINEP-12735||HitmanPro.Alert||Resolved an issue with false Import Address Table Access Filtering detections in Outlook.|
|WINEP-11473||HitmanPro.Alert||Resolved an issue with Windows error logs being created for HitmanPro.Alert.|
|WINEP-16464||HitmanPro.Alert||Resolved an issue causing ROP detections against Microsoft Office 2013.|
|WINEP-16202||HitmanPro.Alert||Resolved an issue with ROP detections in Chrome and streaming media.|
|WINEP-15832||HitmanPro.Alert||Resolved an issue when installing Sophos Central Web Gateway.|
Machine Learning Model has been updated to 20180820.
This version includes security improvements.
This version includes security improvements.
HitManPro.Alert has been updated to 188.8.131.525.40.
Machine Learning Model has been updated to 20180611.
Deep learning uses advanced machine learning to detect threats. It can identify known and previously unknown malware and potentially unwanted applications without using signatures.
Deep learning quarantines detected items, together with associated registry entries, links or files. If you're sure that an item is safe, you can restore it and stop deep learning from detecting it again.
We now protect against these exploits:
Credential theft. We prevent the theft of passwords and hash information from memory, registry, or hard disk.
Code cave exploits. We detect malicious code that's been inserted into another, legitimate application.
Privilege escalation. We prevent attacks from escalating a low-privilege process to higher privileges to access your systems.
Malicious process migration. We prevent attacks from moving across to a system process that's hard to close down.
APC abuse. We prevent attacks from using Application Procedure Calls (APC) to run their code.
This release also includes:
Application lockdown. We prevent browsers from using Power Shell and running applications.
New registry protection. We prevent attacks that exploit the Windows "sticky keys" feature or the application verifier in order to run unauthorized software at startup.
See knowledge base article 124988 for a full list of known issues with Sophos Central Server Intercept X .
This version of Sophos Central Server Intercept X is supported on Windows Server 2008 R2 and later operating systems. Versions of Windows targeted by Microsoft for non-business environments are not supported.
You can find technical support for Sophos products in any of these ways:
Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.