Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
Software UpdatesSophos
Home›Software Updates›Sophos Central Server Intercept X

Sophos Central Server Intercept X

By admin
05/02/2020
3006
0
Share:
Sophos Logo

About these release notes

These are the release notes for Intercept X Advanced for Server with EDR for Windows Server 2008 R2 and later operating systems.

Some of the features mentioned in these release notes are only available if you have the appropriate license.Note

You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

You should also read the Sophos Server Core Agent release notes. They cover the changes, resolved issues and known issues for the core components.

For information about the changes to the Sophos Server Core Agent, see the Sophos Server Core Agent release notes.

For information about the changes to Sophos Central Server Anti-Virus, see the Sophos Central Server Anti-Virus release notes.

For improvements and new features in the Sophos Central console, see What’s new in Sophos Central.

Updates that require a restart

Occasionally an update requires a restart. Sophos never forces this restart and there is no impact on protection or threat detection updates during the period before the restart.

We recommend that you schedule a restart during your next maintenance window to ensure that you are running the latest version.Versions

Components

Sophos Central ServerIntercept XWindows Server 2008 R2 and later2.0.16January 20202.0.11September 20192.0.8May 20192.0.5February 20192.0.4November 20182.0.3September 20182.0.2September 20182.0.1July 2018
HitManPro.Alert3.7.15.4463.7.14.403.7.12.466.4663.7.10.762.1743.7.7.756.583.7.7.756.583.7.7.755.403.7.7.745.25
Machine Learning EngineUpdates dynamicallyUpdates dynamically1.3.0.01.3.0.01.3.0.01.3.0.01.3.0.01.3.0.0
Machine Learning ModelUpdates dynamicallyUpdates dynamically201902222018102420180820201806112018061120180410
Sophos Machine Learning Engine1.1.1481.1.1481.1.1481.1.1481.1.1481.1.1481.1.1481.1.148

Version 2.0.16

Updated Components

HitManPro.Alert has been updated to 3.7.15.446.

New features

This release supports the following new protection features. These will initially be turned on only for servers in early access program subscriptions, before being turned on for all Intercept X customers:

  • API Set Guard
  • CTF Guard
  • CryptoGuard – EFS
  • Dynamic Shellcode

Resolved issues

Issue IDComponentDescription
WINEP-21933HitmanPro.AlertResolved an issue in which the thumbprint required to allow a lockdown alert is changed every time the application is run.
WINEP_20880HitmanPro.AlertResolved an issue in which CryptoGuard detects an attack when EPS files are copied to a file server share.
WINEP-20812HitmanPro.AlertResolved an issue that caused laptops to occasionally stop when docked.
WINEP-20759HitmanPro.AlertResolved an issue in which the HitmanPro.Alert service crashes after updating to 3.7.13.1337.
WINEP-20438HitmanPro.AlertResolved an issue in which CryptoGuard is triggered on a file server because of actions being performed on endpoints using an application called AdvantX.
WINEP-20356HitmanPro.AlertResolved an issue in which Import Address Table Access Filtering exploit detections are triggered against Microsoft Office applications, as well as Adobe Acrobat and nschill.exe.
WINEP-19843HitmanPro.AlertResolved an issue in which two different lockdown detections happen at the same time.
WINEP-19818HitmanPro.AlertResolved an issue in which, with CryptoGuard turned on, the PAEXEC application fails to load.
WINEP-19765HitmanPro.AlertResolved an issue in which HitmanPro.Alert caused the operating system to stop unexpectedly on a server.
WINEP-19707HitmanPro.AlertResolved an issue in which a ZENworks virtual application fails to open.
WINEP-19647HitmanPro.AlertResolved an issue in which a lockdown is detected on Foxit Reader when attempting to open it.
WINEP-19378HitmanPro.AlertResolved an issue in which Cygwin commands fail.
WINEP-19359HitmanPro.AlertResolved an issue in which SecureCS is detected as ransomware.
WINEP-19351HitmanPro.AlertResolved an issue in which a CryptoGuard detection occurs in an internal application: FIS Direct Branch or COCC.
WINEP-19320HitmanPro.AlertResolve an issue in which Central endpoints trigger alternate Policy non-compliance: Exploit Detection and Policy in compliance: Exploit Detection events.
WINEP-19174HitmanPro.AlertResolved an issue in which a CryptoGuard detection occurs at remote IP addresses when files are saved to a shared files server.
WINEP-19100HitmanPro.AlertResolved an issue in which Directory Opus 12 triggers a CryptoGuard remote ransomware detection.
WINEP-17943HitmanPro.AlertResolved an issue in which Digital Guardian DLP causes an intruder detection to be reported while the user is browsing in Microsoft Edge.

Version 2.0.11

What’s new

This version includes improvements and fixes to HitManPro.Alert.

Updated Components

HitManPro.Alert has been updated to 3.7.14.40.

Resolved issues

Issue IDComponentDescription
WINEP-16237HitmanPro.AlertResolved an issue preventing a secure email gateway processing emails.
WINEP-16354HitmanPro.AlertResolved an issue with the CryptoGuard folder not emptying correctly on a file server.
WINEP-17173HitmanPro.AlertResolved an issue with ROP detection in Microsoft Excel with encrypted documents.
WINEP-17347HitmanPro.AlertResolved an issue with DNS resolution failing.
WINEP-17406HitmanPro.AlertResolved an issue with AppSense failing to install.
WINEP-17454HitmanPro.AlertResolved an issue with a Caller Check exception in Internet Explorer 11.
WINEP-17842HitmanPro.AlertResolved an issue with CryptoGuard detecting an attack in RoboCopy copying files.
WINEP-18105HitmanPro.AlertResolved an issue with CryptoGuard slowing down the digitial file signature checking process.
WINEP-18169HitmanPro.AlertResolved an issue with false CryptoGuard detections when generating Microsoft Word documents remotely.
WINEP-18181HitmanPro.AlertResolved an issue with CryptoGuard checking excluded processes.
WINEP-18292HitmanPro.AlertResolved an issue with a Caller Check exception in Microsoft Outlook.
WINEP-18353HitmanPro.AlertImproved CryptoGuard’s performance with excluded files.
WINEP-18520HitmanPro.AlertResolved an issue with running secure apps in Firefox.
WINEP-18583HitmanPro.AlertResolved an issue with a Caller Check exception in macro enabled Microsoft Excel files.
WINEP-18667HitmanPro.AlertResolved an issue with HitmanPro.Alert upgrades causing servers to stop.
WINEP-18722HitmanPro.AlertResolved an issue with HitmanPro.Alert failing to add files as exceptions.
WINEP-18783HitmanPro.AlertResolved performance issues with HitmanPro.Alert.
WINEP-18873HitmanPro.AlertResolved an issue with HitmanPro.Alert preventing encrypted remote sessions starting.
WINEP-18893HitmanPro.AlertResolved an issue with HitmanPro.Alert causing machines running Windows 10 (1803) to stop.
WINEP-18915HitmanPro.AlertResolved an issue with false CryptoGuard detections when encrypting files.
WINEP-19078HitmanPro.AlertResolved an issue with false CryptoGuard detections when encrypting files remotely with SafeGuard File Encryption 8.10.2.
WINEP-19179HitmanPro.AlertResolved an issue with false CryptoGuard detections when encrypting files remotely with etfile.
WINEP-19282, WINEP-17047HitmanPro.AlertResolved issues with Caller Check exceptions in games.
WINEP-19792HitmanPro.AlertResolved an issue with HitmanPro.Alert causing servers running Windows Server 2008 R2 to stop.
WINEP-15961HitmanPro.AlertResolved an issue with saving Microsoft Office files to a network share when CryptoGuard is installed.
WINEP-16679HitmanPro.AlertResolved an issue with false CryptoGuard detections when Safeguard File Encryption is installed.
WINEP-17244HitmanPro.AlertResolved memory issues on Windows 2012 servers.
WINEP-15669HitmanPro.AlertResolved an issue with Microsoft Application Verifier protected apps not starting.
WINEP-15791HitmanPro.AlertResolved an issue with running the Microsoft Office NetDocuments plugin in Internet Explorer 11.
WINEP-15954HitmanPro.AlertResolved an issue with false Data Execution Prevention (DEP) detections when creating PDF files in Adobe Acrobat 2017.
WINEP-16207HitmanPro.AlertResolved an issue with reading ebooks in Internet Explorer 11.
WINEP-16564HitmanPro.AlertResolved an issue where vswhere.exe doesn’t run (first time) when CryptoGuard is turned on.
WINEP-16763HitmanPro.AlertResolved false hollow process detections with open source office suite and eye tracking software.
WINEP-16974HitmanPro.AlertResolved an issue with detections in auditing software.
WINEP-17393HitmanPro.AlertResolved an issue with APC alert reporting.
WINEP-17439HitmanPro.AlertResolved false hollow process detections in Microsoft Visual Studio 2017.
WINEP-16914HitmanPro.AlertResolved an issue with CryptoGuard detections in PDF files.
WINEP-20547HitmanPro.AlertResolved an issue with logging off from Windows after upgrading Windows 10 to version 1903.
WINEP-21188HitmanPro.AlertResolved an issue that could cause an older version of a component to be loaded instead of the latest.

Version 2.0.8

What’s new

This version includes improvements and fixes to HitManPro.Alert.

Updated Components

HitManPro.Alert has been updated to 3.7.12.466.466.

Machine Learning Model has been updated to 20190222.

Version 2.0.5

What’s new

This version includes improvements and fixes to HitManPro.Alert.

Updated Components

HitManPro.Alert has been updated to 3.7.10.762.174.

Machine Learning Model has been updated to 20181024.

Resolved issues

Issue IDComponentDescription
WINEP-15695HitmanPro.AlertResolved an issue with an IP Cryptoguard detection when using the NGEN publishing application.
WINEP-14950HitmanPro.AlertResolved an issue with ROP detection in Winword.exe.
WINEP-14858HitmanPro.AlertResolved an issue with ROP detection in several applications.
WINEP-14833HitmanPro.AlertResolved an issue with ROP detections in Chrome 67 and later.
WINEP-14590HitmanPro.AlertResolved an issue with intruder detections in Chrome and Internet Explorer with LANDesk installed (SoftMon.exe)
WINEP-14505HitmanPro.AlertResolved an issue with PDFs failing to open from the command line.
WINEP-14442HitmanPro.AlertResolved an issue with a Caller Check exception in Outlook when the SNAPAddy plugin is installed.
WINEP-14253HitmanPro.AlertResolved memory issues that caused Windows to stop.
WINEP-14139HitmanPro.AlertResolved an issue with Skype failing during a video call.
WINEP-13578HitmanPro.AlertResolved an issue with an IP Cryptoguard detection in Lotus Notes.
WINEP-13460HitmanPro.AlertResolved an issue with Windows 7 computers hanging on shutdown.
WINEP-13454HitmanPro.AlertResolved an issue a false LoadLib exploit detection in Firefox.
WINEP-13338HitmanPro.AlertResolved an issue with Wipeguard protection not working on Hyper-V virtualized systems.
WINEP-13238HitmanPro.AlertResolved an issue with a Caller Check exception in Excel when the UnionSquare plugin is installed.
WINEP-13230HitmanPro.AlertResolved an issue with a Windows 7 machine freezing when running Intercept X and Symantec Endpoint 14.0.3897.1101.
WINEP-13209HitmanPro.AlertResolved an issue with false ROP exploit detection with Excel documents containing multiple macros.
WINEP-13164HitmanPro.AlertResolved an issue with a Cryptoguard detection in AppLife Update.
WINEP-13162HitmanPro.AlertResolved an issue with false detections when Digital Guardian is installed.
WINEP-12989HitmanPro.AlertResolved an issue with a HitmanPro.Alert driver causing Windows to stop.
WINEP-12932HitmanPro.AlertResolved an issue with a Lockdown detection in Internet Explorer when accessing an internal web app.
WINEP-12840HitmanPro.AlertResolved an issue with detections in a debug version of the Flash ActiveX plugin.
WINEP-12735HitmanPro.AlertResolved an issue with false Import Address Table Access Filtering detections in Outlook.
WINEP-11473HitmanPro.AlertResolved an issue with Windows error logs being created for HitmanPro.Alert.
WINEP-16464HitmanPro.AlertResolved an issue causing ROP detections against Microsoft Office 2013.
WINEP-16202HitmanPro.AlertResolved an issue with ROP detections in Chrome and streaming media.
WINEP-15832HitmanPro.AlertResolved an issue when installing Sophos Central Web Gateway.

Version 2.0.4

Updated Components

Machine Learning Model has been updated to 20180820.

Version 2.0.3

What’s new

This version includes security improvements.

Version 2.0.2

What’s new

This version includes security improvements.

Updated Components

HitManPro.Alert has been updated to 3.7.7.755.40.

Machine Learning Model has been updated to 20180611.

Version 2.0.1

What’s new

Deep learning

Deep learning uses advanced machine learning to detect threats. It can identify known and previously unknown malware and potentially unwanted applications without using signatures.

Deep learning quarantines detected items, together with associated registry entries, links or files. If you’re sure that an item is safe, you can restore it and stop deep learning from detecting it again.

Exploit prevention features

We now protect against these exploits:

Credential theft. We prevent the theft of passwords and hash information from memory, registry, or hard disk.

Code cave exploits. We detect malicious code that’s been inserted into another, legitimate application.

Privilege escalation. We prevent attacks from escalating a low-privilege process to higher privileges to access your systems.

Malicious process migration. We prevent attacks from moving across to a system process that’s hard to close down.

APC abuse. We prevent attacks from using Application Procedure Calls (APC) to run their code.

This release also includes:

Application lockdown. We prevent browsers from using Power Shell and running applications.

New registry protection. We prevent attacks that exploit the Windows “sticky keys” feature or the application verifier in order to run unauthorized software at startup.

Known issues and limitations

See https://community.sophos.com/kb/en-us/124988 for a full list of known issues with Sophos Central Server Intercept X .

Additional information

System requirements

This version of Sophos Central Server Intercept X is supported on Windows Server 2008 R2 and later operating systems. Versions of Windows targeted by Microsoft for non-business environments are not supported.

Support

You can find technical support for Sophos products in any of these ways:

  • Visit the Sophos Community at community.sophos.com/ and search for other users who are experiencing the same problem.
  • Visit the Sophos support knowledge base at www.sophos.com/en-us/support.aspx.
  • Download the product documentation at www.sophos.com/en-us/support/documentation.aspx.
  • Open a ticket with our support team at https://secure2.sophos.com/support/contact-support/support-query.aspx.

Legal notices

Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

Previous Article

Sophos Exploit Prevention

Next Article

Fortinet Drives Channel Business Opportunities with Secure ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • Sophos Logo
    Software UpdatesSophos

    Sophos – Central Management 2019.24 Released

    28/06/2019
    By admin
  • Sophos Logo
    Software UpdatesSophos

    Sophos SFOS 16.05.5 MR5 Released

    07/06/2017
    By admin
  • WatchGuard logo
    Software UpdatesWatchGuard

    WatchGuard – Threat Detection and Response AD Helper 5.3.x and older End of Life

    04/06/2018
    By admin
  • WatchGuard logo
    Software UpdatesWatchGuard

    WatchGuard – New Firmware Available for AP100/AP102/AP200/AP300 with Security Vulnerability Fixes

    13/04/2018
    By admin
  • Sophos Logo
    Software UpdatesSophos

    Sophos SFOS 16.05.7 MR7 Released

    24/08/2017
    By admin
  • Sophos Logo
    Software UpdatesSophos

    Sophos SFOS 17.0.0 GA Released

    23/10/2017
    By admin

  • Sophos Logo
    News

    Sophos Next-Generation XG Firewall Now Available to Preview through Microsoft Azure Marketplace

  • WatchGuard logo
    Software UpdatesWatchGuard

    WatchGuard Fireware 11.12.4 is now available

  • WatchGuard Our Security
    News

    WatchGuard – Our security, delivered your way

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home