About these release notes

These are the release notes for Intercept X Advanced for Server with EDR for Windows Server 2008 R2 and later operating systems.

Some of the features mentioned in these release notes are only available if you have the appropriate license.

Note

You may find that you cannot yet download and use the latest version. This is because Sophos releases the software over a number of days, but publishes the release notes on the first day.

You should also read the Sophos Server Core Agent release notes. They cover the changes, resolved issues and known issues for the core components.

For information about the changes to the Sophos Server Core Agent, see the Sophos Server Core Agent release notes.

For information about the changes to Sophos Central Server Anti-Virus, see the Sophos Central Server Anti-Virus release notes.

For improvements and new features in the Sophos Central console, see What's new in Sophos Central.

Updates that require a restart

Occasionally an update requires a restart. Sophos never forces this restart and there is no impact on protection or threat detection updates during the period before the restart.

We recommend that you schedule a restart during your next maintenance window to ensure that you are running the latest version.

Versions

Components

Sophos Central Server

Intercept X

Windows Server 2008 R2 and later

2.0.8

May 2019

2.0.5

February 2019

2.0.4

November 2018

2.0.3

September 2018

2.0.2

September 2018

2.0.1

July 2018

HitManPro.Alert

3.7.12.466.466

3.7.10.762.174

3.7.7.756.58

3.7.7.756.58

3.7.7.755.40

3.7.7.745.25

Machine Learning Engine

1.3.0.0

1.3.0.0

1.3.0.0

1.3.0.0

1.3.0.0

1.3.0.0

Machine Learning Model

20190222

20181024

20180820

20180611

20180611

20180410

Sophos Machine Learning Engine

1.1.148

1.1.148

1.1.148

1.1.148

1.1.148

1.1.148

Version 2.0.8

What's new

This version includes improvements and fixes to HitManPro.Alert.

Updated Components

HitManPro.Alert has been updated to 3.7.12.466.466.

Machine Learning Model has been updated to 20190222.

Version 2.0.5

What's new

This version includes improvements and fixes to HitManPro.Alert.

Updated Components

HitManPro.Alert has been updated to 3.7.10.762.174.

Machine Learning Model has been updated to 20181024.

Resolved issues

Issue ID Component Description

WINEP-15695

HitmanPro.Alert

Resolved an issue with an IP Cryptoguard detection when using the NGEN publishing application.

WINEP-14950

HitmanPro.Alert

Resolved an issue with ROP detection in Winword.exe.

WINEP-14858

HitmanPro.Alert

Resolved an issue with ROP detection in several applications.

WINEP-14833

HitmanPro.Alert

Resolved an issue with ROP detections in Chrome 67 and later.

WINEP-14590

HitmanPro.Alert

Resolved an issue with intruder detections in Chrome and Internet Explorer with LANDesk installed (SoftMon.exe)

WINEP-14505

HitmanPro.Alert

Resolved an issue with PDFs failing to open from the command line.

WINEP-14442

HitmanPro.Alert

Resolved an issue with a Caller Check exception in Outlook when the SNAPAddy plugin is installed.

WINEP-14253

HitmanPro.Alert

Resolved memory issues that caused Windows to stop.

WINEP-14139

HitmanPro.Alert

Resolved an issue with Skype failing during a video call.

WINEP-13578

HitmanPro.Alert

Resolved an issue with an IP Cryptoguard detection in Lotus Notes.

WINEP-13460

HitmanPro.Alert

Resolved an issue with Windows 7 computers hanging on shutdown.

WINEP-13454

HitmanPro.Alert

Resolved an issue a false LoadLib exploit detection in Firefox.

WINEP-13338

HitmanPro.Alert

Resolved an issue with Wipeguard protection not working on Hyper-V virtualized systems.

WINEP-13238

HitmanPro.Alert

Resolved an issue with a Caller Check exception in Excel when the UnionSquare plugin is installed.

WINEP-13230

HitmanPro.Alert

Resolved an issue with a Windows 7 machine freezing when running Intercept X and Symantec Endpoint 14.0.3897.1101.

WINEP-13209

HitmanPro.Alert

Resolved an issue with false ROP exploit detection with Excel documents containing multiple macros.

WINEP-13164

HitmanPro.Alert

Resolved an issue with a Cryptoguard detection in AppLife Update.

WINEP-13162

HitmanPro.Alert

Resolved an issue with false detections when Digital Guardian is installed.

WINEP-12989

HitmanPro.Alert

Resolved an issue with a HitmanPro.Alert driver causing Windows to stop.

WINEP-12932

HitmanPro.Alert

Resolved an issue with a Lockdown detection in Internet Explorer when accessing an internal web app.

WINEP-12840

HitmanPro.Alert

Resolved an issue with detections in a debug version of the Flash ActiveX plugin.

WINEP-12735

HitmanPro.Alert

Resolved an issue with false Import Address Table Access Filtering detections in Outlook.

WINEP-11473

HitmanPro.Alert

Resolved an issue with Windows error logs being created for HitmanPro.Alert.

WINEP-16464

HitmanPro.Alert

Resolved an issue causing ROP detections against Microsoft Office 2013.

WINEP-16202

HitmanPro.Alert

Resolved an issue with ROP detections in Chrome and streaming media.

WINEP-15832

HitmanPro.Alert

Resolved an issue when installing Sophos Central Web Gateway.

Version 2.0.4

Updated Components

Machine Learning Model has been updated to 20180820.

Version 2.0.3

What's new

This version includes security improvements.

Version 2.0.2

What's new

This version includes security improvements.

Updated Components

HitManPro.Alert has been updated to 3.7.7.755.40.

Machine Learning Model has been updated to 20180611.

Version 2.0.1

What's new

Deep learning

Deep learning uses advanced machine learning to detect threats. It can identify known and previously unknown malware and potentially unwanted applications without using signatures.

Deep learning quarantines detected items, together with associated registry entries, links or files. If you're sure that an item is safe, you can restore it and stop deep learning from detecting it again.

Exploit prevention features

We now protect against these exploits:

Credential theft. We prevent the theft of passwords and hash information from memory, registry, or hard disk.

Code cave exploits. We detect malicious code that's been inserted into another, legitimate application.

Privilege escalation. We prevent attacks from escalating a low-privilege process to higher privileges to access your systems.

Malicious process migration. We prevent attacks from moving across to a system process that's hard to close down.

APC abuse. We prevent attacks from using Application Procedure Calls (APC) to run their code.

This release also includes:

Application lockdown. We prevent browsers from using Power Shell and running applications.

New registry protection. We prevent attacks that exploit the Windows "sticky keys" feature or the application verifier in order to run unauthorized software at startup.

Additional information

System requirements

This version of Sophos Central Server Intercept X is supported on Windows Server 2008 R2 and later operating systems. Versions of Windows targeted by Microsoft for non-business environments are not supported.

Legal notices

Copyright © 2019 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.