Hi Community, 

A new version of Sophos Central Server Intercept X 2.0.16 has been released to our Sophos Central customers. This release also contains the below customer fixes:

Updated Components

HitManPro.Alert has been updated to 3.7.15.446.

New features

This release supports the following new protection features. These will initially be turned on only for servers in early access program subscriptions, before being turned on for all Intercept X customers:

  • API Set Guard
  • CTF Guard
  • CryptoGuard – EFS
  • Dynamic Shellcode

Resolved issues

Issue ID

Component

Description

WINEP-21933

HitmanPro.Alert

Resolved an issue in which the thumbprint required to allow a lockdown alert is changed every time the application is run.

WINEP_20880

HitmanPro.Alert

Resolved an issue in which CryptoGuard detects an attack when EPS files are copied to a file server share.

WINEP-20812

HitmanPro.Alert

Resolved an issue that caused laptops to occasionally stop when docked.

WINEP-20759

HitmanPro.Alert

Resolved an issue in which the HitmanPro.Alert service crashes after updating to 3.7.13.1337.

WINEP-20438

HitmanPro.Alert

Resolved an issue in which CryptoGuard is triggered on a file server because of actions being performed on endpoints using an application called AdvantX.

WINEP-20356

HitmanPro.Alert

Resolved an issue in which Import Address Table Access Filtering exploit detections are triggered against Microsoft Office applications, as well as Adobe Acrobat and nschill.exe.

WINEP-19843

HitmanPro.Alert

Resolved an issue in which two different lockdown detections happen at the same time.

WINEP-19818

HitmanPro.Alert

Resolved an issue in which, with CryptoGuard turned on, the PAEXEC application fails to load.

WINEP-19765

HitmanPro.Alert

Resolved an issue in which HitmanPro.Alert caused the operating system to stop unexpectedly on a server.

WINEP-19707

HitmanPro.Alert

Resolved an issue in which a ZENworks virtual application fails to open.

WINEP-19647

HitmanPro.Alert

Resolved an issue in which a lockdown is detected on Foxit Reader when attempting to open it.

WINEP-19378

HitmanPro.Alert

Resolved an issue in which Cygwin commands fail.

WINEP-19359

HitmanPro.Alert

Resolved an issue in which SecureCS is detected as ransomware.

WINEP-19351

HitmanPro.Alert

Resolved an issue in which a CryptoGuard detection occurs in an internal application: FIS Direct Branch or COCC.

WINEP-19320

HitmanPro.Alert

Resolve an issue in which Central endpoints trigger alternate Policy non-compliance: Exploit Detection and Policy in compliance: Exploit Detection events.

WINEP-19174

HitmanPro.Alert

Resolved an issue in which a CryptoGuard detection occurs at remote IP addresses when files are saved to a shared files server.

WINEP-19100

HitmanPro.Alert

Resolved an issue in which Directory Opus 12 triggers a CryptoGuard remote ransomware detection.

WINEP-17943

HitmanPro.Alert

Resolved an issue in which Digital Guardian DLP causes an intruder detection to be reported while the user is browsing in Microsoft Edge.