About these release notes

These are the release notes for Sophos Intercept X for Windows 7 and later, managed by Sophos Central.

Some of the features mentioned in these release notes are only available if you have the appropriate license.

Note

You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

You should also read the Sophos Core Agent release notes. They cover the changes, resolved issues and known issues for the core components.

For information about the changes to the Sophos Core Agent, see the Sophos Core Agent release notes.

For information about the changes to Sophos Endpoint Advanced, see the Sophos Endpoint Advanced release notes.

For improvements and new features in the Sophos Central console, see What's new in Sophos Central.

Versions

Components

Sophos Intercept X

Windows 7 and later

2.0.16

November 2019

2.0.15.2

September 2019

2.0.15

July 2019

2.0.14.1

July 2019

2.0.14

February 2019

2.0.13

February 2019

2.0.12

January 2019

2.0.11

November 2018

HitManPro.Alert

3.7.15.446

3.7.14.40

3.7.13.1460

3.7.12.466

3.7.12.466

3.7.12.454

3.7.10.762

3.7.6.756.289

Machine Learning Engine

Updates dynamically.

Updates dynamically.

Updates dynamically.

Updates dynamically.

1.3.0

1.3.0

1.3.0

1.3.0

Machine Learning Model

Updates dynamically.

Updates dynamically.

Updates dynamically.

Updates dynamically.

20181226

20181024

20181024

20181024

Version 2.0.16

Updated components

HitManPro.Alert has been updated to 3.7.15.446.

New features

This release supports the following new protection features. These will initially be turned on only for endpoints in early access program subscriptions, before being turned on for all Intercept X customers:

  • API Set Guard
  • CTF Guard
  • CryptoGuard – EFS
  • Dynamic Shellcode

Resolved issues

Issue ID

Component

Description

WINEP-21933

HitmanPro.Alert

Resolved an issue in which the thumbprint required to allow a lockdown alert is changed every time the application is run.

WINEP_20880

HitmanPro.Alert

Resolved an issue in which CryptoGuard detects an attack when EPS files are copied to a file server share.

WINEP-20812

HitmanPro.Alert

Resolved an issue that caused laptops to occasionally stop when docked.

WINEP-20759

HitmanPro.Alert

Resolved an issue in which the HitmanPro.Alert service crashes after updating to 3.7.13.1337.

WINEP-20438

HitmanPro.Alert

Resolved an issue in which CryptoGuard is triggered on a file server because of actions being performed on endpoints using an application called AdvantX.

WINEP-20356

HitmanPro.Alert

Resolved an issue in which Import Address Table Access Filtering exploit detections are triggered against Microsoft Office applications, as well as Adobe Acrobat and nschill.exe.

WINEP-19843

HitmanPro.Alert

Resolved an issue in which two different lockdown detections happen at the same time.

WINEP-19818

HitmanPro.Alert

Resolved an issue in which, with CryptoGuard turned on, the PAEXEC application fails to load.

WINEP-19765

HitmanPro.Alert

Resolved an issue in which HitmanPro.Alert caused the operating system to stop unexpectedly on a server.

WINEP-19707

HitmanPro.Alert

Resolved an issue in which a ZENworks virtual application fails to open.

WINEP-19647

HitmanPro.Alert

Resolved an issue in which a lockdown is detected on FoxitReader when attempting to open it.

WINEP-19378

HitmanPro.Alert

Resolved an issue in which cygwin commands fail.

WINEP-19359

HitmanPro.Alert

Resolved an issue in which SecureCS is detected as ransomware.

WINEP-19351

HitmanPro.Alert

Resolved an issue in which a CryptoGuard detection occurs in an internal application: FIS Direct Branch or COCC.

WINEP-19320

HitmanPro.Alert

Resolve an issue in which Central endpoints trigger alternate Policy non-compliance: Exploit Detection and Policy in compliance: Exploit Detection events.

WINEP-19174

HitmanPro.Alert

Resolved an issue in which a CryptoGuard detection occurs at remote IP addresses when files are saved to a shared files server.

WINEP-19100

HitmanPro.Alert

Resolved an issue in which Directory Opus 12 triggers a CryptoGuard remote ransomware detection.

WINEP-17943

HitmanPro.Alert

Resolved an issue in which Digital Guardian DLP causes intruder detection / safe browsing in Microsoft Edge.

Version 2.0.15.2

Updated components

HitManPro.Alert has been updated to 3.7.14.40.

Resolved issues

Issue ID

Component

Description

WINEP-21188

HitmanPro.Alert

Resolved an issue that could cause an older version of a component to be loaded instead of the latest.

Version 2.0.15

Updated components

HitManPro.Alert has been updated to 3.7.13.1460.

Resolved issues

Issue ID

Component

Description

WINEP-16237

HitmanPro.Alert

Resolved an issue preventing a secure email gateway processing emails.

WINEP-16354

HitmanPro.Alert

Resolved an issue with the CryptoGuard folder not emptying correctly on a file server.

WINEP-17173

HitmanPro.Alert

Resolved an issue with ROP detection in Microsoft Excel with encrypted documents.

WINEP-17347

HitmanPro.Alert

Resolved an issue with DNS resolution failing.

WINEP-17406

HitmanPro.Alert

Resolved an issue with AppSense failing to install.

WINEP-17454

HitmanPro.Alert

Resolved an issue with a Caller Check exception in Internet Explorer 11.

WINEP-17842

HitmanPro.Alert

Resolved an issue with CryptoGuard detecting an attack in RoboCopy copying files.

WINEP-18105

HitmanPro.Alert

Resolved an issue with CryptoGuard slowing down the digitial file signature checking process.

WINEP-18169

HitmanPro.Alert

Resolved an issue with false CryptoGuard detections when generating Microsoft Word documents remotely.

WINEP-18181

HitmanPro.Alert

Resolved an issue with CryptoGuard checking excluded processes.

WINEP-18292

HitmanPro.Alert

Resolved an issue with a Caller Check exception in Microsoft Outlook.

WINEP-18353

HitmanPro.Alert

Improved CryptoGuard's performance with excluded files.

WINEP-18520

HitmanPro.Alert

Resolved an issue with running secure apps in Firefox.

WINEP-18583

HitmanPro.Alert

Resolved an issue with a Caller Check exception in macro enabled Microsoft Excel files.

WINEP-18667

HitmanPro.Alert

Resolved an issue with HitmanPro.Alert upgrades causing servers to stop.

WINEP-18722

HitmanPro.Alert

Resolved an issue with HitmanPro.Alert failing to add files as exceptions.

WINEP-18783

HitmanPro.Alert

Resolved performance issues with HitmanPro.Alert.

WINEP-18873

HitmanPro.Alert

Resolved an issue with HitmanPro.Alert preventing encrypted remote sessions starting.

WINEP-18893

HitmanPro.Alert

Resolved an issue with HitmanPro.Alert causing machines running Windows 10 (1803) to stop.

WINEP-18915

HitmanPro.Alert

Resolved an issue with false CryptoGuard detections when encrypting files.

WINEP-19078

HitmanPro.Alert

Resolved an issue with false CryptoGuard detections when encrypting files remotely with SafeGuard File Encryption 8.10.2.

WINEP-19179

HitmanPro.Alert

Resolved an issue with false CryptoGuard detections when encrypting files remotely with etfile.

WINEP-19282, WINEP-17047

HitmanPro.Alert

Resolved issues with Caller Check exceptions in games.

WINEP-19792

HitmanPro.Alert

Resolved an issue with HitmanPro.Alert causing servers running Windows Server 2008 R2 to stop.

WINEP-15961

HitmanPro.Alert

Resolved an issue with saving Microsoft Office files to a network share when CryptoGuard is installed.

WINEP-16679

HitmanPro.Alert

Resolved an issue with false CryptoGuard detections when Safeguard File Encryption is installed.

WINEP-17244

HitmanPro.Alert

Resolved memory issues on Windows 2012 servers.

WINEP-15669

HitmanPro.Alert

Resolved an issue with Microsoft Application Verifier protected apps not starting.

WINEP-15791

HitmanPro.Alert

Resolved an issue with running the Microsoft Office NetDocuments plugin in Internet Explorer 11.

WINEP-15954

HitmanPro.Alert

Resolved an issue with false Data Execution Prevention (DEP) detections when creating PDF files in Adobe Acrobat 2017.

WINEP-16207

HitmanPro.Alert

Resolved an issue with reading ebooks in Internet Explorer 11.

WINEP-16564

HitmanPro.Alert

Resolved an issue where vswhere.exe doesn't run (first time) when CryptoGuard is turned on.

WINEP-16763

HitmanPro.Alert

Resolved false hollow process detections with open source office suite and eye tracking software.

WINEP-16974

HitmanPro.Alert

Resolved an issue with detections in auditing software.

WINEP-17393

HitmanPro.Alert

Resolved an issue with APC alert reporting.

WINEP-17439

HitmanPro.Alert

Resolved false hollow process detections in Microsoft Visual Studio 2017.

WINEP-16914

HitmanPro.Alert

Resolved an issue with CryptoGuard detections in PDF files.

WINEP-20547

HitmanPro.Alert

Resolved an issue with logging off from Windows after upgrading Windows 10 to version 1903.

Version 2.0.14.1

Machine Learning Model and Machine Learning Engine will update independently of Sophos Intercept X.

Version 2.0.14

Version 2.0.13 was a partial release and was not distributed to all customers.

Updated components

HitManPro.Alert has been updated to 3.7.12.466.

Machine Learning Model has been updated to 20181226.

Resolved issues

Issue ID

Component

Description

WINEP-7929

HitmanPro.Alert

Resolved an issue with not being able to start Skype automatically.

WINEP-13549

HitmanPro.Alert

Resolved an issue with ROP detection in Microsoft Office 2016.

WINEP-14044

HitmanPro.Alert

Resolved an issue with ROP detection in Excel.exe when using KUTools.

WINEP-14080

HitmanPro.Alert

Resolved an issue with Cygwin running slowly.

WINEP-14369

HitmanPro.Alert

Resolved an issue with exclusions in Prism.

WINEP-14482

HitmanPro.Alert

Resolved an issue with processing invoice files.

WINEP-14507

HitmanPro.Alert

Resolved performance issues with loading some websites in Internet Explorer.

WINEP-14696

HitmanPro.Alert

Resolved an issue with detections in games.

WINEP-14789

HitmanPro.Alert

Resolved an issue with detections in 1Password.

WINEP-15400

HitmanPro.Alert

Resolved an issue with computers being slow to start and starting with failed services.

WINEP-15531

HitmanPro.Alert

Resolved an issue with stopping SiteKiosk opening.

WINEP-15539

HitmanPro.Alert

Resolved an issue with false positives in Explorer.exe.

WINEP-15651

HitmanPro.Alert

Resolved issues with Raid controllers.

WINEP-15779

HitmanPro.Alert

Resolved an issue with detections in Windows Media player.

WINEP-15828

HitmanPro.Alert

Resolved an issue with detections when using 'AutoDWG to PDF converter'.

WINEP-16310

HitmanPro.Alert

Resolved an issue with false detections in Symantec PGP Encryption.

WINEP-16404

HitmanPro.Alert

Resolved an issue with using Internet Explorer.

WINEP-16512

HitmanPro.Alert

Resolved an issue with SofTrack failing on Internet Explorer.

Version 2.0.13

This version was not distributed to all customers.

Updated components

HitManPro.Alert has been updated to 3.7.12.454.

Resolved issues

Issue ID

Component

Description

WINEP-7929

HitmanPro.Alert

Resolved an issue with not being able to start Skype automatically.

WINEP-13549

HitmanPro.Alert

Resolved an issue with ROP detection in Microsoft Office 2016.

WINEP-14044

HitmanPro.Alert

Resolved an issue with ROP detection in Excel.exe when using KUTools.

WINEP-14080

HitmanPro.Alert

Resolved an issue with Cygwin running slowly.

WINEP-14369

HitmanPro.Alert

Resolved an issue with exclusions in Prism.

WINEP-14482

HitmanPro.Alert

Resolved an issue with processing invoice files.

WINEP-14507

HitmanPro.Alert

Resolved performance issues with loading some websites in Internet Explorer.

WINEP-14696

HitmanPro.Alert

Resolved an issue with detections in games.

WINEP-14789

HitmanPro.Alert

Resolved an issue with detections in 1Password.

WINEP-15400

HitmanPro.Alert

Resolved an issue with computers being slow to start and starting with failed services.

WINEP-15531

HitmanPro.Alert

Resolved an issue with stopping SiteKiosk opening.

WINEP-15539

HitmanPro.Alert

Resolved an issue with false positives in Explorer.exe.

WINEP-15651

HitmanPro.Alert

Resolved issues with Raid controllers.

WINEP-15779

HitmanPro.Alert

Resolved an issue with detections in Windows Media player.

WINEP-15828

HitmanPro.Alert

Resolved an issue with detections when using 'AutoDWG to PDF converter'.

WINEP-16310

HitmanPro.Alert

Resolved an issue with false detections in Symantec PGP Encryption.

WINEP-16404

HitmanPro.Alert

Resolved an issue with using Internet Explorer.

WINEP-16512

HitmanPro.Alert

Resolved an issue with SofTrack failing on Internet Explorer.

Version 2.0.12

Updated components

HitManPro.Alert has been updated to 3.7.10.762.

Resolved issues

Issue ID

Component

Description

WINEP-15695

HitmanPro.Alert

Resolved an issue with an IP CryptoGuard detection when using the NGEN publishing application.

WINEP-14950

HitmanPro.Alert

Resolved an issue with ROP detection in Winword.exe.

WINEP-14858

HitmanPro.Alert

Resolved an issue with ROP detection in several applications.

WINEP-14833

HitmanPro.Alert

Resolved an issue with ROP detections in Chrome 67 and later.

WINEP-14590

HitmanPro.Alert

Resolved an issue with intruder detections in Chrome and Internet Explorer with LANDesk installed (SoftMon.exe)

WINEP-14505

HitmanPro.Alert

Resolved an issue with PDFs failing to open from the command line.

WINEP-14442

HitmanPro.Alert

Resolved an issue with a Caller Check exception in Outlook when the SNAPAddy plugin is installed.

WINEP-14253

HitmanPro.Alert

Resolved memory issues that caused Windows to stop.

WINEP-14139

HitmanPro.Alert

Resolved an issue with Skype failing during a video call.

WINEP-13578

HitmanPro.Alert

Resolved an issue with an IP CryptoGuard detection in Lotus Notes.

WINEP-13460

HitmanPro.Alert

Resolved an issue with Windows 7 computers hanging on shutdown.

WINEP-13454

HitmanPro.Alert

Resolved an issue a false LoadLib exploit detection in Firefox.

WINEP-13338

HitmanPro.Alert

Resolved an issue with WipeGuard protection not working on Hyper-V virtualized systems.

WINEP-13238

HitmanPro.Alert

Resolved an issue with a Caller Check exception in Excel when the UnionSquare plugin is installed.

WINEP-13230

HitmanPro.Alert

Resolved an issue with a Windows 7 machine freezing when running Intercept X and Symantec Endpoint 14.0.3897.1101.

WINEP-13209

HitmanPro.Alert

Resolved an issue with false ROP exploit detection with Excel documents containing multiple macros.

WINEP-13164

HitmanPro.Alert

Resolved an issue with a CryptoGuard detection in AppLife Update.

WINEP-13162

HitmanPro.Alert

Resolved an issue with false detections when Digital Guardian is installed.

WINEP-12989

HitmanPro.Alert

Resolved an issue with a HitmanPro.Alert driver causing Windows to stop.

WINEP-12932

HitmanPro.Alert

Resolved an issue with a Lockdown detection in Internet Explorer when accessing an internal web app.

WINEP-12840

HitmanPro.Alert

Resolved an issue with detections in a debug version of the Flash ActiveX plugin.

WINEP-12735

HitmanPro.Alert

Resolved an issue with false Import Address Table Access Filtering detections in Outlook.

WINEP-11473

HitmanPro.Alert

Resolved an issue with Windows error logs being created for HitmanPro.Alert.

WINEP-16464

HitmanPro.Alert

Resolved an issue causing ROP detections against Microsoft Office 2013.

WINEP-16202

HitmanPro.Alert

Resolved an issue with ROP detections in Chrome and streaming media.

WINEP-15832

HitmanPro.Alert

Resolved an issue when installing Sophos Central Web Gateway.

Version 2.0.11

Updated components

Machine Learning Model has been updated to 20181024.

Version 2.0.10

Version 2.0.9 has been deprecated after customer feedback. The current HitManPro.Alert version is 3.7.6.756.

Updated components

Machine Learning Model has been updated to 20180820.

Known issues and limitations

Issue ID

Component

Description

 

HitmanPro.Alert

We've currently disabled protection of the Security Account Manager (SAM) database against attempts to steal hashed authentication credentials. We expect to enable it soon after the product release. Protection against theft of cleartext passwords from the Local Security Authority Subsystem Service (LSASS) is enabled.

 

HitmanPro.Alert

Credential theft protection does not report an event when it prevents malicious access to the runtime cleartext version of the user's password.

 

Machine Learning Engine

Sophos Intercept X Machine Learning should not be run alongside Invincea X. Invincea X should be uninstalled before installing Sophos Intercept X.

WINEP-12220

HitmanPro.Alert

Compatibility issue with Devicelock®. During shutdown, a computer with both Devicelock® DLP suite and Sophos Endpoint installed the machine may crash. (See Sophos Knowledge Base article 124988.)

WINEP-8860

HitmanPro.Alert

Uninstalling the Opera browser may generate an application lockdown detection and fail to allow uninstall of all the Opera browser components.

WINEP-9246

HitmanPro.Alert

Endpoint running Kaspersky Small Office Security 5 and Intercept X with Cryptoguard enabled. The Kaspersky “File Shredder” is detected as a ransomware attack and files are not deleted. (See Sophos Knowledge Base article 124988.)

WINEP-12347

HitmanPro.Alert

Windows 10 Redstone 3 machines that are not joined to a domain may experience intermittent issues with the Windows Start Menu. We believe this is caused by a Microsoft problem. (See Sophos Knowledge Base article 124988.)

See https://community.sophos.com/kb/en-us/124988 for a full list of known issues with Sophos Intercept X .

Additional information

System requirements

This version of Sophos Intercept X is supported on Windows 7 and later client operating systems. Versions of Windows targeted by Microsoft for non-business environments are not supported.

Legal notices

Copyright © 2019 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.