Endpoint

Sophos Intercept X

For Sophos Central customers

About these release notes

These are the release notes for Sophos Intercept X for Windows 7 and later, managed by Sophos Central.

Some of the features mentioned in these release notes are only available if you have the appropriate license.

Note

You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

You should also read the Sophos Core Agent release notes. They cover the changes, resolved issues and known issues for the core components.

For information about the changes to the Sophos Core Agent, see the Sophos Core Agent release notes.

For information about the changes to Sophos Endpoint Advanced, see the Sophos Endpoint Advanced release notes.

For improvements and new features in the Sophos Central console, see What's new in Sophos Central.

Versions

Components

Sophos Intercept X

Windows 7 and later

2.0.14

February 2019

2.0.13

February 2019

2.0.12

January 2019

2.0.11

November 2018

2.0.10

November 2018

2.0.9

October 2018

2.0.8

September 2018

HitManPro.Alert

3.7.12.466

3.7.12.454

3.7.10.762

3.7.6.756.289

3.7.6.756.289

3.7.10

3.7.6.756.289

Machine Learning Engine

1.3.0

1.3.0

1.3.0

1.3.0

1.3.0

1.3.0

1.3.0

Machine Learning Model

20181226

20181024

20181024

20181024

20180820

20180410

20180410

Version 2.0.14

Version 2.0.13 was a partial release and was not distributed to all customers.

Updated components

HitManPro.Alert has been updated to 3.7.12.466.

Machine Learning Model has been updated to 20181226.

Resolved issues

Issue ID Component Description

WINEP-7929

HitmanPro.Alert

Resolved an issue with not being able to start Skype automatically.

WINEP-13549

HitmanPro.Alert

Resolved an issue with ROP detection in Microsoft Office 2016.

WINEP-14044

HitmanPro.Alert

Resolved an issue with ROP detection in Excel.exe when using KUTools.

WINEP-14080

HitmanPro.Alert

Resolved an issue with Cygwin running slowly.

WINEP-14369

HitmanPro.Alert

Resolved an issue with exclusions in Prism.

WINEP-14482

HitmanPro.Alert

Resolved an issue with processing invoice files.

WINEP-14507

HitmanPro.Alert

Resolved performance issues with loading some websites in Internet Explorer.

WINEP-14696

HitmanPro.Alert

Resolved an issue with detections in games.

WINEP-14789

HitmanPro.Alert

Resolved an issue with detections in 1Password.

WINEP-15400

HitmanPro.Alert

Resolved an issue with computers being slow to start and starting with failed services.

WINEP-15531

HitmanPro.Alert

Resolved an issue with stopping SiteKiosk opening.

WINEP-15539

HitmanPro.Alert

Resolved an issue with false positives in Explorer.exe.

WINEP-15651

HitmanPro.Alert

Resolved issues with Raid controllers.

WINEP-15779

HitmanPro.Alert

Resolved an issue with detections in Windows Media player.

WINEP-15828

HitmanPro.Alert

Resolved an issue with detections when using 'AutoDWG to PDF converter'.

WINEP-16310

HitmanPro.Alert

Resolved an issue with false detections in Symantec PGP Encryption.

WINEP-16404

HitmanPro.Alert

Resolved an issue with using Internet Explorer.

WINEP-16512

HitmanPro.Alert

Resolved an issue with SofTrack failing on Internet Explorer.

Version 2.0.13

This version was not distributed to all customers.

Updated components

HitManPro.Alert has been updated to 3.7.12.454.

Resolved issues

Issue ID Component Description

WINEP-7929

HitmanPro.Alert

Resolved an issue with not being able to start Skype automatically.

WINEP-13549

HitmanPro.Alert

Resolved an issue with ROP detection in Microsoft Office 2016.

WINEP-14044

HitmanPro.Alert

Resolved an issue with ROP detection in Excel.exe when using KUTools.

WINEP-14080

HitmanPro.Alert

Resolved an issue with Cygwin running slowly.

WINEP-14369

HitmanPro.Alert

Resolved an issue with exclusions in Prism.

WINEP-14482

HitmanPro.Alert

Resolved an issue with processing invoice files.

WINEP-14507

HitmanPro.Alert

Resolved performance issues with loading some websites in Internet Explorer.

WINEP-14696

HitmanPro.Alert

Resolved an issue with detections in games.

WINEP-14789

HitmanPro.Alert

Resolved an issue with detections in 1Password.

WINEP-15400

HitmanPro.Alert

Resolved an issue with computers being slow to start and starting with failed services.

WINEP-15531

HitmanPro.Alert

Resolved an issue with stopping SiteKiosk opening.

WINEP-15539

HitmanPro.Alert

Resolved an issue with false positives in Explorer.exe.

WINEP-15651

HitmanPro.Alert

Resolved issues with Raid controllers.

WINEP-15779

HitmanPro.Alert

Resolved an issue with detections in Windows Media player.

WINEP-15828

HitmanPro.Alert

Resolved an issue with detections when using 'AutoDWG to PDF converter'.

WINEP-16310

HitmanPro.Alert

Resolved an issue with false detections in Symantec PGP Encryption.

WINEP-16404

HitmanPro.Alert

Resolved an issue with using Internet Explorer.

WINEP-16512

HitmanPro.Alert

Resolved an issue with SofTrack failing on Internet Explorer.

Version 2.0.12

Updated components

HitManPro.Alert has been updated to 3.7.10.762.

Resolved issues

Issue ID Component Description

WINEP-15695

HitmanPro.Alert

Resolved an issue with an IP CryptoGuard detection when using the NGEN publishing application.

WINEP-14950

HitmanPro.Alert

Resolved an issue with ROP detection in Winword.exe.

WINEP-14858

HitmanPro.Alert

Resolved an issue with ROP detection in several applications.

WINEP-14833

HitmanPro.Alert

Resolved an issue with ROP detections in Chrome 67 and later.

WINEP-14590

HitmanPro.Alert

Resolved an issue with intruder detections in Chrome and Internet Explorer with LANDesk installed (SoftMon.exe)

WINEP-14505

HitmanPro.Alert

Resolved an issue with PDFs failing to open from the command line.

WINEP-14442

HitmanPro.Alert

Resolved an issue with a Caller Check exception in Outlook when the SNAPAddy plugin is installed.

WINEP-14253

HitmanPro.Alert

Resolved memory issues that caused Windows to stop.

WINEP-14139

HitmanPro.Alert

Resolved an issue with Skype failing during a video call.

WINEP-13578

HitmanPro.Alert

Resolved an issue with an IP CryptoGuard detection in Lotus Notes.

WINEP-13460

HitmanPro.Alert

Resolved an issue with Windows 7 computers hanging on shutdown.

WINEP-13454

HitmanPro.Alert

Resolved an issue a false LoadLib exploit detection in Firefox.

WINEP-13338

HitmanPro.Alert

Resolved an issue with WipeGuard protection not working on Hyper-V virtualized systems.

WINEP-13238

HitmanPro.Alert

Resolved an issue with a Caller Check exception in Excel when the UnionSquare plugin is installed.

WINEP-13230

HitmanPro.Alert

Resolved an issue with a Windows 7 machine freezing when running Intercept X and Symantec Endpoint 14.0.3897.1101.

WINEP-13209

HitmanPro.Alert

Resolved an issue with false ROP exploit detection with Excel documents containing multiple macros.

WINEP-13164

HitmanPro.Alert

Resolved an issue with a CryptoGuard detection in AppLife Update.

WINEP-13162

HitmanPro.Alert

Resolved an issue with false detections when Digital Guardian is installed.

WINEP-12989

HitmanPro.Alert

Resolved an issue with a HitmanPro.Alert driver causing Windows to stop.

WINEP-12932

HitmanPro.Alert

Resolved an issue with a Lockdown detection in Internet Explorer when accessing an internal web app.

WINEP-12840

HitmanPro.Alert

Resolved an issue with detections in a debug version of the Flash ActiveX plugin.

WINEP-12735

HitmanPro.Alert

Resolved an issue with false Import Address Table Access Filtering detections in Outlook.

WINEP-11473

HitmanPro.Alert

Resolved an issue with Windows error logs being created for HitmanPro.Alert.

WINEP-16464

HitmanPro.Alert

Resolved an issue causing ROP detections against Microsoft Office 2013.

WINEP-16202

HitmanPro.Alert

Resolved an issue with ROP detections in Chrome and streaming media.

WINEP-15832

HitmanPro.Alert

Resolved an issue when installing Sophos Central Web Gateway.

Version 2.0.11

Updated components

Machine Learning Model has been updated to 20181024.

Version 2.0.10

Version 2.0.9 has been deprecated after customer feedback. The current HitManPro.Alert version is 3.7.6.756.

Updated components

Machine Learning Model has been updated to 20180820.

Version 2.0.9

Updated components

HitManPro.Alert has been updated to 3.7.10.

Resolved issues

Issue ID Component Description

WINEP-15695

HitmanPro.Alert

Resolved an issue with an IP CryptoGuard detection when using the NGEN publishing application.

WINEP-14950

HitmanPro.Alert

Resolved an issue with ROP detection in Winword.exe.

WINEP-14858

HitmanPro.Alert

Resolved an issue with ROP detection in several applications.

WINEP-14833

HitmanPro.Alert

Resolved an issue with ROP detections in Chrome 67 and later.

WINEP-14590

HitmanPro.Alert

Resolved an issue with intruder detections in Chrome and Internet Explorer with LANDesk installed (SoftMon.exe)

WINEP-14505

HitmanPro.Alert

Resolved an issue with PDFs failing to open from the command line.

WINEP-14442

HitmanPro.Alert

Resolved an issue with a Caller Check exception in Outlook when the SNAPAddy plugin is installed.

WINEP-14253

HitmanPro.Alert

Resolved memory issues that caused Windows to stop.

WINEP-14139

HitmanPro.Alert

Resolved an issue with Skype failing during a video call.

WINEP-13578

HitmanPro.Alert

Resolved an issue with an IP CryptoGuard detection in Lotus Notes.

WINEP-13460

HitmanPro.Alert

Resolved an issue with Windows 7 computers hanging on shutdown.

WINEP-13454

HitmanPro.Alert

Resolved an issue a false LoadLib exploit detection in Firefox.

WINEP-13338

HitmanPro.Alert

Resolved an issue with WipeGuard protection not working on Hyper-V virtualized systems.

WINEP-13238

HitmanPro.Alert

Resolved an issue with a Caller Check exception in Excel when the UnionSquare plugin is installed.

WINEP-13230

HitmanPro.Alert

Resolved an issue with a Windows 7 machine freezing when running Intercept X and Symantec Endpoint 14.0.3897.1101.

WINEP-13209

HitmanPro.Alert

Resolved an issue with false ROP exploit detection with Excel documents containing multiple macros.

WINEP-13164

HitmanPro.Alert

Resolved an issue with a CryptoGuard detection in AppLife Update.

WINEP-13162

HitmanPro.Alert

Resolved an issue with false detections when Digital Guardian is installed.

WINEP-12989

HitmanPro.Alert

Resolved an issue with a HitmanPro.Alert driver causing Windows to stop.

WINEP-12932

HitmanPro.Alert

Resolved an issue with a Lockdown detection in Internet Explorer when accessing an internal web app.

WINEP-12840

HitmanPro.Alert

Resolved an issue with detections in a debug version of the Flash ActiveX plugin.

WINEP-12735

HitmanPro.Alert

Resolved an issue with false Import Address Table Access Filtering detections in Outlook.

WINEP-11473

HitmanPro.Alert

Resolved an issue with Windows error logs being created for HitmanPro.Alert.

Version 2.0.8

Security improvements.

Updated components

HitManPro.Alert has been updated to 3.7.6.756.

Known issues and limitations

Issue ID

Component

Description

  HitmanPro.Alert We've currently disabled protection of the Security Account Manager (SAM) database against attempts to steal hashed authentication credentials. We expect to enable it soon after the product release. Protection against theft of cleartext passwords from the Local Security Authority Subsystem Service (LSASS) is enabled.
  HitmanPro.Alert Credential theft protection does not report an event when it prevents malicious access to the runtime cleartext version of the user's password.
 

Machine Learning Engine

Sophos Intercept X Machine Learning should not be run alongside Invincea X. Invincea X should be uninstalled before installing Sophos Intercept X.

WINEP-12220

HitmanPro.Alert

Compatibility issue with Devicelock®. During shutdown, a computer with both Devicelock® DLP suite and Sophos Endpoint installed the machine may crash. (See Sophos Knowledge Base article 124988.)

WINEP-8860

HitmanPro.Alert

Uninstalling the Opera browser may generate an application lockdown detection and fail to allow uninstall of all the Opera browser components.

WINEP-9246

HitmanPro.Alert

Endpoint running Kaspersky Small Office Security 5 and Intercept X with Cryptoguard enabled. The Kaspersky “File Shredder” is detected as a ransomware attack and files are not deleted. (See Sophos Knowledge Base article 124988.)

WINEP-12347

HitmanPro.Alert

Windows 10 Redstone 3 machines that are not joined to a domain may experience intermittent issues with the Windows Start Menu. We believe this is caused by a Microsoft problem. (See Sophos Knowledge Base article 124988.)

See https://community.sophos.com/kb/en-us/124988 for a full list of known issues with Sophos Intercept X .

Additional information

System requirements

This version of Sophos Intercept X is supported on Windows 7 and later client operating systems. Versions of Windows targeted by Microsoft for non-business environments are not supported.

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2019 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.