Sophos Central Server Intercept X
About these release notes
These are the release notes for Intercept X Advanced for Server with EDR for Windows Server 2008 R2 and later operating systems.
Some of the features mentioned in these release notes are only available if you have the appropriate license.Note
You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.
You should also read the Sophos Server Core Agent release notes. They cover the changes, resolved issues and known issues for the core components.
For information about the changes to the Sophos Server Core Agent, see the Sophos Server Core Agent release notes.
For information about the changes to Sophos Central Server Anti-Virus, see the Sophos Central Server Anti-Virus release notes.
For improvements and new features in the Sophos Central console, see What’s new in Sophos Central.
Updates that require a restart
Occasionally an update requires a restart. Sophos never forces this restart and there is no impact on protection or threat detection updates during the period before the restart.
We recommend that you schedule a restart during your next maintenance window to ensure that you are running the latest version.Versions
Components
| Sophos Central ServerIntercept XWindows Server 2008 R2 and later | 2.0.16January 2020 | 2.0.11September 2019 | 2.0.8May 2019 | 2.0.5February 2019 | 2.0.4November 2018 | 2.0.3September 2018 | 2.0.2September 2018 | 2.0.1July 2018 |
| HitManPro.Alert | 3.7.15.446 | 3.7.14.40 | 3.7.12.466.466 | 3.7.10.762.174 | 3.7.7.756.58 | 3.7.7.756.58 | 3.7.7.755.40 | 3.7.7.745.25 |
| Machine Learning Engine | Updates dynamically | Updates dynamically | 1.3.0.0 | 1.3.0.0 | 1.3.0.0 | 1.3.0.0 | 1.3.0.0 | 1.3.0.0 |
| Machine Learning Model | Updates dynamically | Updates dynamically | 20190222 | 20181024 | 20180820 | 20180611 | 20180611 | 20180410 |
| Sophos Machine Learning Engine | 1.1.148 | 1.1.148 | 1.1.148 | 1.1.148 | 1.1.148 | 1.1.148 | 1.1.148 | 1.1.148 |
Version 2.0.16
Updated Components
HitManPro.Alert has been updated to 3.7.15.446.
New features
This release supports the following new protection features. These will initially be turned on only for servers in early access program subscriptions, before being turned on for all Intercept X customers:
- API Set Guard
- CTF Guard
- CryptoGuard – EFS
- Dynamic Shellcode
Resolved issues
| Issue ID | Component | Description |
|---|---|---|
| WINEP-21933 | HitmanPro.Alert | Resolved an issue in which the thumbprint required to allow a lockdown alert is changed every time the application is run. |
| WINEP_20880 | HitmanPro.Alert | Resolved an issue in which CryptoGuard detects an attack when EPS files are copied to a file server share. |
| WINEP-20812 | HitmanPro.Alert | Resolved an issue that caused laptops to occasionally stop when docked. |
| WINEP-20759 | HitmanPro.Alert | Resolved an issue in which the HitmanPro.Alert service crashes after updating to 3.7.13.1337. |
| WINEP-20438 | HitmanPro.Alert | Resolved an issue in which CryptoGuard is triggered on a file server because of actions being performed on endpoints using an application called AdvantX. |
| WINEP-20356 | HitmanPro.Alert | Resolved an issue in which Import Address Table Access Filtering exploit detections are triggered against Microsoft Office applications, as well as Adobe Acrobat and nschill.exe. |
| WINEP-19843 | HitmanPro.Alert | Resolved an issue in which two different lockdown detections happen at the same time. |
| WINEP-19818 | HitmanPro.Alert | Resolved an issue in which, with CryptoGuard turned on, the PAEXEC application fails to load. |
| WINEP-19765 | HitmanPro.Alert | Resolved an issue in which HitmanPro.Alert caused the operating system to stop unexpectedly on a server. |
| WINEP-19707 | HitmanPro.Alert | Resolved an issue in which a ZENworks virtual application fails to open. |
| WINEP-19647 | HitmanPro.Alert | Resolved an issue in which a lockdown is detected on Foxit Reader when attempting to open it. |
| WINEP-19378 | HitmanPro.Alert | Resolved an issue in which Cygwin commands fail. |
| WINEP-19359 | HitmanPro.Alert | Resolved an issue in which SecureCS is detected as ransomware. |
| WINEP-19351 | HitmanPro.Alert | Resolved an issue in which a CryptoGuard detection occurs in an internal application: FIS Direct Branch or COCC. |
| WINEP-19320 | HitmanPro.Alert | Resolve an issue in which Central endpoints trigger alternate Policy non-compliance: Exploit Detection and Policy in compliance: Exploit Detection events. |
| WINEP-19174 | HitmanPro.Alert | Resolved an issue in which a CryptoGuard detection occurs at remote IP addresses when files are saved to a shared files server. |
| WINEP-19100 | HitmanPro.Alert | Resolved an issue in which Directory Opus 12 triggers a CryptoGuard remote ransomware detection. |
| WINEP-17943 | HitmanPro.Alert | Resolved an issue in which Digital Guardian DLP causes an intruder detection to be reported while the user is browsing in Microsoft Edge. |
Version 2.0.11
What’s new
This version includes improvements and fixes to HitManPro.Alert.
Updated Components
HitManPro.Alert has been updated to 3.7.14.40.
Resolved issues
| Issue ID | Component | Description |
|---|---|---|
| WINEP-16237 | HitmanPro.Alert | Resolved an issue preventing a secure email gateway processing emails. |
| WINEP-16354 | HitmanPro.Alert | Resolved an issue with the CryptoGuard folder not emptying correctly on a file server. |
| WINEP-17173 | HitmanPro.Alert | Resolved an issue with ROP detection in Microsoft Excel with encrypted documents. |
| WINEP-17347 | HitmanPro.Alert | Resolved an issue with DNS resolution failing. |
| WINEP-17406 | HitmanPro.Alert | Resolved an issue with AppSense failing to install. |
| WINEP-17454 | HitmanPro.Alert | Resolved an issue with a Caller Check exception in Internet Explorer 11. |
| WINEP-17842 | HitmanPro.Alert | Resolved an issue with CryptoGuard detecting an attack in RoboCopy copying files. |
| WINEP-18105 | HitmanPro.Alert | Resolved an issue with CryptoGuard slowing down the digitial file signature checking process. |
| WINEP-18169 | HitmanPro.Alert | Resolved an issue with false CryptoGuard detections when generating Microsoft Word documents remotely. |
| WINEP-18181 | HitmanPro.Alert | Resolved an issue with CryptoGuard checking excluded processes. |
| WINEP-18292 | HitmanPro.Alert | Resolved an issue with a Caller Check exception in Microsoft Outlook. |
| WINEP-18353 | HitmanPro.Alert | Improved CryptoGuard’s performance with excluded files. |
| WINEP-18520 | HitmanPro.Alert | Resolved an issue with running secure apps in Firefox. |
| WINEP-18583 | HitmanPro.Alert | Resolved an issue with a Caller Check exception in macro enabled Microsoft Excel files. |
| WINEP-18667 | HitmanPro.Alert | Resolved an issue with HitmanPro.Alert upgrades causing servers to stop. |
| WINEP-18722 | HitmanPro.Alert | Resolved an issue with HitmanPro.Alert failing to add files as exceptions. |
| WINEP-18783 | HitmanPro.Alert | Resolved performance issues with HitmanPro.Alert. |
| WINEP-18873 | HitmanPro.Alert | Resolved an issue with HitmanPro.Alert preventing encrypted remote sessions starting. |
| WINEP-18893 | HitmanPro.Alert | Resolved an issue with HitmanPro.Alert causing machines running Windows 10 (1803) to stop. |
| WINEP-18915 | HitmanPro.Alert | Resolved an issue with false CryptoGuard detections when encrypting files. |
| WINEP-19078 | HitmanPro.Alert | Resolved an issue with false CryptoGuard detections when encrypting files remotely with SafeGuard File Encryption 8.10.2. |
| WINEP-19179 | HitmanPro.Alert | Resolved an issue with false CryptoGuard detections when encrypting files remotely with etfile. |
| WINEP-19282, WINEP-17047 | HitmanPro.Alert | Resolved issues with Caller Check exceptions in games. |
| WINEP-19792 | HitmanPro.Alert | Resolved an issue with HitmanPro.Alert causing servers running Windows Server 2008 R2 to stop. |
| WINEP-15961 | HitmanPro.Alert | Resolved an issue with saving Microsoft Office files to a network share when CryptoGuard is installed. |
| WINEP-16679 | HitmanPro.Alert | Resolved an issue with false CryptoGuard detections when Safeguard File Encryption is installed. |
| WINEP-17244 | HitmanPro.Alert | Resolved memory issues on Windows 2012 servers. |
| WINEP-15669 | HitmanPro.Alert | Resolved an issue with Microsoft Application Verifier protected apps not starting. |
| WINEP-15791 | HitmanPro.Alert | Resolved an issue with running the Microsoft Office NetDocuments plugin in Internet Explorer 11. |
| WINEP-15954 | HitmanPro.Alert | Resolved an issue with false Data Execution Prevention (DEP) detections when creating PDF files in Adobe Acrobat 2017. |
| WINEP-16207 | HitmanPro.Alert | Resolved an issue with reading ebooks in Internet Explorer 11. |
| WINEP-16564 | HitmanPro.Alert | Resolved an issue where vswhere.exe doesn’t run (first time) when CryptoGuard is turned on. |
| WINEP-16763 | HitmanPro.Alert | Resolved false hollow process detections with open source office suite and eye tracking software. |
| WINEP-16974 | HitmanPro.Alert | Resolved an issue with detections in auditing software. |
| WINEP-17393 | HitmanPro.Alert | Resolved an issue with APC alert reporting. |
| WINEP-17439 | HitmanPro.Alert | Resolved false hollow process detections in Microsoft Visual Studio 2017. |
| WINEP-16914 | HitmanPro.Alert | Resolved an issue with CryptoGuard detections in PDF files. |
| WINEP-20547 | HitmanPro.Alert | Resolved an issue with logging off from Windows after upgrading Windows 10 to version 1903. |
| WINEP-21188 | HitmanPro.Alert | Resolved an issue that could cause an older version of a component to be loaded instead of the latest. |
Version 2.0.8
What’s new
This version includes improvements and fixes to HitManPro.Alert.
Updated Components
HitManPro.Alert has been updated to 3.7.12.466.466.
Machine Learning Model has been updated to 20190222.
Version 2.0.5
What’s new
This version includes improvements and fixes to HitManPro.Alert.
Updated Components
HitManPro.Alert has been updated to 3.7.10.762.174.
Machine Learning Model has been updated to 20181024.
Resolved issues
| Issue ID | Component | Description |
|---|---|---|
| WINEP-15695 | HitmanPro.Alert | Resolved an issue with an IP Cryptoguard detection when using the NGEN publishing application. |
| WINEP-14950 | HitmanPro.Alert | Resolved an issue with ROP detection in Winword.exe. |
| WINEP-14858 | HitmanPro.Alert | Resolved an issue with ROP detection in several applications. |
| WINEP-14833 | HitmanPro.Alert | Resolved an issue with ROP detections in Chrome 67 and later. |
| WINEP-14590 | HitmanPro.Alert | Resolved an issue with intruder detections in Chrome and Internet Explorer with LANDesk installed (SoftMon.exe) |
| WINEP-14505 | HitmanPro.Alert | Resolved an issue with PDFs failing to open from the command line. |
| WINEP-14442 | HitmanPro.Alert | Resolved an issue with a Caller Check exception in Outlook when the SNAPAddy plugin is installed. |
| WINEP-14253 | HitmanPro.Alert | Resolved memory issues that caused Windows to stop. |
| WINEP-14139 | HitmanPro.Alert | Resolved an issue with Skype failing during a video call. |
| WINEP-13578 | HitmanPro.Alert | Resolved an issue with an IP Cryptoguard detection in Lotus Notes. |
| WINEP-13460 | HitmanPro.Alert | Resolved an issue with Windows 7 computers hanging on shutdown. |
| WINEP-13454 | HitmanPro.Alert | Resolved an issue a false LoadLib exploit detection in Firefox. |
| WINEP-13338 | HitmanPro.Alert | Resolved an issue with Wipeguard protection not working on Hyper-V virtualized systems. |
| WINEP-13238 | HitmanPro.Alert | Resolved an issue with a Caller Check exception in Excel when the UnionSquare plugin is installed. |
| WINEP-13230 | HitmanPro.Alert | Resolved an issue with a Windows 7 machine freezing when running Intercept X and Symantec Endpoint 14.0.3897.1101. |
| WINEP-13209 | HitmanPro.Alert | Resolved an issue with false ROP exploit detection with Excel documents containing multiple macros. |
| WINEP-13164 | HitmanPro.Alert | Resolved an issue with a Cryptoguard detection in AppLife Update. |
| WINEP-13162 | HitmanPro.Alert | Resolved an issue with false detections when Digital Guardian is installed. |
| WINEP-12989 | HitmanPro.Alert | Resolved an issue with a HitmanPro.Alert driver causing Windows to stop. |
| WINEP-12932 | HitmanPro.Alert | Resolved an issue with a Lockdown detection in Internet Explorer when accessing an internal web app. |
| WINEP-12840 | HitmanPro.Alert | Resolved an issue with detections in a debug version of the Flash ActiveX plugin. |
| WINEP-12735 | HitmanPro.Alert | Resolved an issue with false Import Address Table Access Filtering detections in Outlook. |
| WINEP-11473 | HitmanPro.Alert | Resolved an issue with Windows error logs being created for HitmanPro.Alert. |
| WINEP-16464 | HitmanPro.Alert | Resolved an issue causing ROP detections against Microsoft Office 2013. |
| WINEP-16202 | HitmanPro.Alert | Resolved an issue with ROP detections in Chrome and streaming media. |
| WINEP-15832 | HitmanPro.Alert | Resolved an issue when installing Sophos Central Web Gateway. |
Version 2.0.4
Updated Components
Machine Learning Model has been updated to 20180820.
Version 2.0.3
What’s new
This version includes security improvements.
Version 2.0.2
What’s new
This version includes security improvements.
Updated Components
HitManPro.Alert has been updated to 3.7.7.755.40.
Machine Learning Model has been updated to 20180611.
Version 2.0.1
What’s new
Deep learning
Deep learning uses advanced machine learning to detect threats. It can identify known and previously unknown malware and potentially unwanted applications without using signatures.
Deep learning quarantines detected items, together with associated registry entries, links or files. If you’re sure that an item is safe, you can restore it and stop deep learning from detecting it again.
Exploit prevention features
We now protect against these exploits:
Credential theft. We prevent the theft of passwords and hash information from memory, registry, or hard disk.
Code cave exploits. We detect malicious code that’s been inserted into another, legitimate application.
Privilege escalation. We prevent attacks from escalating a low-privilege process to higher privileges to access your systems.
Malicious process migration. We prevent attacks from moving across to a system process that’s hard to close down.
APC abuse. We prevent attacks from using Application Procedure Calls (APC) to run their code.
This release also includes:
Application lockdown. We prevent browsers from using Power Shell and running applications.
New registry protection. We prevent attacks that exploit the Windows “sticky keys” feature or the application verifier in order to run unauthorized software at startup.
See https://community.sophos.com/kb/en-us/124988 for a full list of known issues with Sophos Central Server Intercept X .
System requirements
This version of Sophos Central Server Intercept X is supported on Windows Server 2008 R2 and later operating systems. Versions of Windows targeted by Microsoft for non-business environments are not supported.
You can find technical support for Sophos products in any of these ways:
- Visit the Sophos Community at community.sophos.com/ and search for other users who are experiencing the same problem.
- Visit the Sophos support knowledge base at www.sophos.com/en-us/support.aspx.
- Download the product documentation at www.sophos.com/en-us/support/documentation.aspx.
- Open a ticket with our support team at https://secure2.sophos.com/support/contact-support/support-query.aspx.
Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
