Skip to content

Sophos Central Server Intercept X

About these release notes

These are the release notes for Intercept X Advanced for Server with EDR for Windows Server 2008 R2 and later operating systems.

Some of the features mentioned in these release notes are only available if you have the appropriate license.Note

You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

You should also read the Sophos Server Core Agent release notes. They cover the changes, resolved issues and known issues for the core components.

For information about the changes to the Sophos Server Core Agent, see the Sophos Server Core Agent release notes.

For information about the changes to Sophos Central Server Anti-Virus, see the Sophos Central Server Anti-Virus release notes.

For improvements and new features in the Sophos Central console, see What's new in Sophos Central.

Updates that require a restart

Occasionally an update requires a restart. Sophos never forces this restart and there is no impact on protection or threat detection updates during the period before the restart.

We recommend that you schedule a restart during your next maintenance window to ensure that you are running the latest version.Versions

Components

Sophos Central ServerIntercept XWindows Server 2008 R2 and later 2.0.16January 2020 2.0.11September 2019 2.0.8May 2019 2.0.5February 2019 2.0.4November 2018 2.0.3September 2018 2.0.2September 2018 2.0.1July 2018
HitManPro.Alert 3.7.15.446 3.7.14.40 3.7.12.466.466 3.7.10.762.174 3.7.7.756.58 3.7.7.756.58 3.7.7.755.40 3.7.7.745.25
Machine Learning Engine Updates dynamically Updates dynamically 1.3.0.0 1.3.0.0 1.3.0.0 1.3.0.0 1.3.0.0 1.3.0.0
Machine Learning Model Updates dynamically Updates dynamically 20190222 20181024 20180820 20180611 20180611 20180410
Sophos Machine Learning Engine 1.1.148 1.1.148 1.1.148 1.1.148 1.1.148 1.1.148 1.1.148 1.1.148

Version 2.0.16

Updated Components

HitManPro.Alert has been updated to 3.7.15.446.

New features

This release supports the following new protection features. These will initially be turned on only for servers in early access program subscriptions, before being turned on for all Intercept X customers:

  • API Set Guard
  • CTF Guard
  • CryptoGuard – EFS
  • Dynamic Shellcode

Resolved issues

Issue ID Component Description
WINEP-21933 HitmanPro.Alert Resolved an issue in which the thumbprint required to allow a lockdown alert is changed every time the application is run.
WINEP_20880 HitmanPro.Alert Resolved an issue in which CryptoGuard detects an attack when EPS files are copied to a file server share.
WINEP-20812 HitmanPro.Alert Resolved an issue that caused laptops to occasionally stop when docked.
WINEP-20759 HitmanPro.Alert Resolved an issue in which the HitmanPro.Alert service crashes after updating to 3.7.13.1337.
WINEP-20438 HitmanPro.Alert Resolved an issue in which CryptoGuard is triggered on a file server because of actions being performed on endpoints using an application called AdvantX.
WINEP-20356 HitmanPro.Alert Resolved an issue in which Import Address Table Access Filtering exploit detections are triggered against Microsoft Office applications, as well as Adobe Acrobat and nschill.exe.
WINEP-19843 HitmanPro.Alert Resolved an issue in which two different lockdown detections happen at the same time.
WINEP-19818 HitmanPro.Alert Resolved an issue in which, with CryptoGuard turned on, the PAEXEC application fails to load.
WINEP-19765 HitmanPro.Alert Resolved an issue in which HitmanPro.Alert caused the operating system to stop unexpectedly on a server.
WINEP-19707 HitmanPro.Alert Resolved an issue in which a ZENworks virtual application fails to open.
WINEP-19647 HitmanPro.Alert Resolved an issue in which a lockdown is detected on Foxit Reader when attempting to open it.
WINEP-19378 HitmanPro.Alert Resolved an issue in which Cygwin commands fail.
WINEP-19359 HitmanPro.Alert Resolved an issue in which SecureCS is detected as ransomware.
WINEP-19351 HitmanPro.Alert Resolved an issue in which a CryptoGuard detection occurs in an internal application: FIS Direct Branch or COCC.
WINEP-19320 HitmanPro.Alert Resolve an issue in which Central endpoints trigger alternate Policy non-compliance: Exploit Detection and Policy in compliance: Exploit Detection events.
WINEP-19174 HitmanPro.Alert Resolved an issue in which a CryptoGuard detection occurs at remote IP addresses when files are saved to a shared files server.
WINEP-19100 HitmanPro.Alert Resolved an issue in which Directory Opus 12 triggers a CryptoGuard remote ransomware detection.
WINEP-17943 HitmanPro.Alert Resolved an issue in which Digital Guardian DLP causes an intruder detection to be reported while the user is browsing in Microsoft Edge.

Version 2.0.11

What's new

This version includes improvements and fixes to HitManPro.Alert.

Updated Components

HitManPro.Alert has been updated to 3.7.14.40.

Resolved issues

Issue ID Component Description
WINEP-16237 HitmanPro.Alert Resolved an issue preventing a secure email gateway processing emails.
WINEP-16354 HitmanPro.Alert Resolved an issue with the CryptoGuard folder not emptying correctly on a file server.
WINEP-17173 HitmanPro.Alert Resolved an issue with ROP detection in Microsoft Excel with encrypted documents.
WINEP-17347 HitmanPro.Alert Resolved an issue with DNS resolution failing.
WINEP-17406 HitmanPro.Alert Resolved an issue with AppSense failing to install.
WINEP-17454 HitmanPro.Alert Resolved an issue with a Caller Check exception in Internet Explorer 11.
WINEP-17842 HitmanPro.Alert Resolved an issue with CryptoGuard detecting an attack in RoboCopy copying files.
WINEP-18105 HitmanPro.Alert Resolved an issue with CryptoGuard slowing down the digitial file signature checking process.
WINEP-18169 HitmanPro.Alert Resolved an issue with false CryptoGuard detections when generating Microsoft Word documents remotely.
WINEP-18181 HitmanPro.Alert Resolved an issue with CryptoGuard checking excluded processes.
WINEP-18292 HitmanPro.Alert Resolved an issue with a Caller Check exception in Microsoft Outlook.
WINEP-18353 HitmanPro.Alert Improved CryptoGuard's performance with excluded files.
WINEP-18520 HitmanPro.Alert Resolved an issue with running secure apps in Firefox.
WINEP-18583 HitmanPro.Alert Resolved an issue with a Caller Check exception in macro enabled Microsoft Excel files.
WINEP-18667 HitmanPro.Alert Resolved an issue with HitmanPro.Alert upgrades causing servers to stop.
WINEP-18722 HitmanPro.Alert Resolved an issue with HitmanPro.Alert failing to add files as exceptions.
WINEP-18783 HitmanPro.Alert Resolved performance issues with HitmanPro.Alert.
WINEP-18873 HitmanPro.Alert Resolved an issue with HitmanPro.Alert preventing encrypted remote sessions starting.
WINEP-18893 HitmanPro.Alert Resolved an issue with HitmanPro.Alert causing machines running Windows 10 (1803) to stop.
WINEP-18915 HitmanPro.Alert Resolved an issue with false CryptoGuard detections when encrypting files.
WINEP-19078 HitmanPro.Alert Resolved an issue with false CryptoGuard detections when encrypting files remotely with SafeGuard File Encryption 8.10.2.
WINEP-19179 HitmanPro.Alert Resolved an issue with false CryptoGuard detections when encrypting files remotely with etfile.
WINEP-19282, WINEP-17047 HitmanPro.Alert Resolved issues with Caller Check exceptions in games.
WINEP-19792 HitmanPro.Alert Resolved an issue with HitmanPro.Alert causing servers running Windows Server 2008 R2 to stop.
WINEP-15961 HitmanPro.Alert Resolved an issue with saving Microsoft Office files to a network share when CryptoGuard is installed.
WINEP-16679 HitmanPro.Alert Resolved an issue with false CryptoGuard detections when Safeguard File Encryption is installed.
WINEP-17244 HitmanPro.Alert Resolved memory issues on Windows 2012 servers.
WINEP-15669 HitmanPro.Alert Resolved an issue with Microsoft Application Verifier protected apps not starting.
WINEP-15791 HitmanPro.Alert Resolved an issue with running the Microsoft Office NetDocuments plugin in Internet Explorer 11.
WINEP-15954 HitmanPro.Alert Resolved an issue with false Data Execution Prevention (DEP) detections when creating PDF files in Adobe Acrobat 2017.
WINEP-16207 HitmanPro.Alert Resolved an issue with reading ebooks in Internet Explorer 11.
WINEP-16564 HitmanPro.Alert Resolved an issue where vswhere.exe doesn't run (first time) when CryptoGuard is turned on.
WINEP-16763 HitmanPro.Alert Resolved false hollow process detections with open source office suite and eye tracking software.
WINEP-16974 HitmanPro.Alert Resolved an issue with detections in auditing software.
WINEP-17393 HitmanPro.Alert Resolved an issue with APC alert reporting.
WINEP-17439 HitmanPro.Alert Resolved false hollow process detections in Microsoft Visual Studio 2017.
WINEP-16914 HitmanPro.Alert Resolved an issue with CryptoGuard detections in PDF files.
WINEP-20547 HitmanPro.Alert Resolved an issue with logging off from Windows after upgrading Windows 10 to version 1903.
WINEP-21188 HitmanPro.Alert Resolved an issue that could cause an older version of a component to be loaded instead of the latest.

Version 2.0.8

What's new

This version includes improvements and fixes to HitManPro.Alert.

Updated Components

HitManPro.Alert has been updated to 3.7.12.466.466.

Machine Learning Model has been updated to 20190222.

Version 2.0.5

What's new

This version includes improvements and fixes to HitManPro.Alert.

Updated Components

HitManPro.Alert has been updated to 3.7.10.762.174.

Machine Learning Model has been updated to 20181024.

Resolved issues

Issue ID Component Description
WINEP-15695 HitmanPro.Alert Resolved an issue with an IP Cryptoguard detection when using the NGEN publishing application.
WINEP-14950 HitmanPro.Alert Resolved an issue with ROP detection in Winword.exe.
WINEP-14858 HitmanPro.Alert Resolved an issue with ROP detection in several applications.
WINEP-14833 HitmanPro.Alert Resolved an issue with ROP detections in Chrome 67 and later.
WINEP-14590 HitmanPro.Alert Resolved an issue with intruder detections in Chrome and Internet Explorer with LANDesk installed (SoftMon.exe)
WINEP-14505 HitmanPro.Alert Resolved an issue with PDFs failing to open from the command line.
WINEP-14442 HitmanPro.Alert Resolved an issue with a Caller Check exception in Outlook when the SNAPAddy plugin is installed.
WINEP-14253 HitmanPro.Alert Resolved memory issues that caused Windows to stop.
WINEP-14139 HitmanPro.Alert Resolved an issue with Skype failing during a video call.
WINEP-13578 HitmanPro.Alert Resolved an issue with an IP Cryptoguard detection in Lotus Notes.
WINEP-13460 HitmanPro.Alert Resolved an issue with Windows 7 computers hanging on shutdown.
WINEP-13454 HitmanPro.Alert Resolved an issue a false LoadLib exploit detection in Firefox.
WINEP-13338 HitmanPro.Alert Resolved an issue with Wipeguard protection not working on Hyper-V virtualized systems.
WINEP-13238 HitmanPro.Alert Resolved an issue with a Caller Check exception in Excel when the UnionSquare plugin is installed.
WINEP-13230 HitmanPro.Alert Resolved an issue with a Windows 7 machine freezing when running Intercept X and Symantec Endpoint 14.0.3897.1101.
WINEP-13209 HitmanPro.Alert Resolved an issue with false ROP exploit detection with Excel documents containing multiple macros.
WINEP-13164 HitmanPro.Alert Resolved an issue with a Cryptoguard detection in AppLife Update.
WINEP-13162 HitmanPro.Alert Resolved an issue with false detections when Digital Guardian is installed.
WINEP-12989 HitmanPro.Alert Resolved an issue with a HitmanPro.Alert driver causing Windows to stop.
WINEP-12932 HitmanPro.Alert Resolved an issue with a Lockdown detection in Internet Explorer when accessing an internal web app.
WINEP-12840 HitmanPro.Alert Resolved an issue with detections in a debug version of the Flash ActiveX plugin.
WINEP-12735 HitmanPro.Alert Resolved an issue with false Import Address Table Access Filtering detections in Outlook.
WINEP-11473 HitmanPro.Alert Resolved an issue with Windows error logs being created for HitmanPro.Alert.
WINEP-16464 HitmanPro.Alert Resolved an issue causing ROP detections against Microsoft Office 2013.
WINEP-16202 HitmanPro.Alert Resolved an issue with ROP detections in Chrome and streaming media.
WINEP-15832 HitmanPro.Alert Resolved an issue when installing Sophos Central Web Gateway.

Version 2.0.4

Updated Components

Machine Learning Model has been updated to 20180820.

Version 2.0.3

What's new

This version includes security improvements.

Version 2.0.2

What's new

This version includes security improvements.

Updated Components

HitManPro.Alert has been updated to 3.7.7.755.40.

Machine Learning Model has been updated to 20180611.

Version 2.0.1

What's new

Deep learning

Deep learning uses advanced machine learning to detect threats. It can identify known and previously unknown malware and potentially unwanted applications without using signatures.

Deep learning quarantines detected items, together with associated registry entries, links or files. If you're sure that an item is safe, you can restore it and stop deep learning from detecting it again.

Exploit prevention features

We now protect against these exploits:

Credential theft. We prevent the theft of passwords and hash information from memory, registry, or hard disk.

Code cave exploits. We detect malicious code that's been inserted into another, legitimate application.

Privilege escalation. We prevent attacks from escalating a low-privilege process to higher privileges to access your systems.

Malicious process migration. We prevent attacks from moving across to a system process that's hard to close down.

APC abuse. We prevent attacks from using Application Procedure Calls (APC) to run their code.

This release also includes:

Application lockdown. We prevent browsers from using Power Shell and running applications.

New registry protection. We prevent attacks that exploit the Windows "sticky keys" feature or the application verifier in order to run unauthorized software at startup.

Known issues and limitations

See https://community.sophos.com/kb/en-us/124988 for a full list of known issues with Sophos Central Server Intercept X .

Additional information

System requirements

This version of Sophos Central Server Intercept X is supported on Windows Server 2008 R2 and later operating systems. Versions of Windows targeted by Microsoft for non-business environments are not supported.

Support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

Previous article Advisory: Sophos Central Maintenance scheduled

More Sophos News Posts