Sophos is pleased to announce the introduction of the Sophos Central Intercept X , Central Server Intercept X Advanced and Sophos Exploit Prevention cumulative hotfix. This hotfix is a beta release of the Exploit Mitigation/Runtime protection component of Sophos Central Intercept X, Central Server Intercept X Advanced and Sophos Exploit Prevention that is still undergoing testing.
The hotfix is provided to customers for beta testing and to confirm that any previous release issues are resolved. This version will be updated regularly in line with our development cycles The following sections are covered:
Applies to the following Sophos products and versions Sophos Exploit ProtectionCentral Windows Endpoint Intercept X 2.0.12Central Server Intercept X 2.0.3
If you wish to test the hotfix version it can be downloaded from the following link:
Current Hotfix Version: 22.214.171.124 Current Hotfix Release Date: 05/09/19
Please be aware that although this version has been through some basic testing, it is not fully release tested and should be considered as a pre-release version for testing only. Sophos recommends that you only install this version on test machines to confirm that the issue is resolved.
To apply the hotfix build to an affected machine please follow the steps below (Note: for Servers please see command line instructions further down):
After following these steps, please verify if the original issue still occurs. If it does, please contact Sophos Support and provide them with as much information as possible about the issue, the cause, and what troubleshooting has been performed; including the use of the hotfix build.
If the issue no longer occurs, customers can be assured that Sophos is working to resolve this issue in the upcoming release.
On the next major version release of Intercept X or Exploit Prevention the hotfix version will automatically be replaced by the full release version that should fix your issue.
If there is a requirement to roll-back to the current supported version of Sophos Central Intercept X and Exploit Prevention, this can be performed by following the steps below:
This should revert the installed hotfix version back to the current supported version of the HitmanPro.Alert component.
If you are deploying this hotfix to machines that do not currently have Sophos Endpoint installed then you will need to follow the below steps before installing the Endpoint:
REG ADD HKLM\SOFTWARE\Sophos\AutoUpdate REG ADD HKLM\SOFTWARE\Wow6432Node\Sophos\AutoUpdate Sophos HitmanPro.Alert Hotfix Installer.exe /install /version x.xx.xx.xx /quiet
Note: For servers using the hotfix, it is recommended to enable Paused Updates once the hotfix has been applied, until advised that the issue fixed has been rolled out to server systems.
For machines that are already protected by Sophos Endpoint; the Hotfix can be deployed as part of a script or by command line tools. The below section describes the methodology for this:
"Sophos HitmanPro.Alert Hotfix Installer.exe" /install
"Sophos HitmanPro.Alert Hotfix Installer.exe" /install /version x.xx.xx.xx /quiet
The installer accepted the below switches:
Sophos HitmanPro.Alert Hotfix Installer.exe [/install|/restore][/path][/version][/quiet]
Please find below the list of what is fixed in the current and previous Cumulative Hotfixes. This list is cumulative so newer versions also contain the fixes specified for older versions. This list also includes the existing fixes listed in our release notes:
Resolved a system crash on Servers
Resolved a Cryptoguard detection on Directory Opus 12
Resolved an issue with Novell Zenworks Virtualized Applications
Resolved an issue with DNS resolution and hmaplert.dll
Resolved a system crash on Windows 10 1803
Resolved a conflict with the Intel MPX Runtime driver that caused performance issues
Resolved an issue with servers stopping when HitmanPro.Alert is upgraded
Resolved a Callercheck detection on Paragon Clinical Carestation
Resolved an ROP detection alongside E-Safe
Resolved an issue where Application Verifier enabled applications would fail to start
Resolved a Cryptoguard detection against Robocopy
Resolved a crash when dealing with APC alerts
Resolved a number of Memory leaks
Resolved a HollowProcess detection in VMware ThinApp
Resolved an issue around disk space usage and the C:\Windows\Cryptoguard folder
Resolved an issue with applications crashing in low memory situations
Resolved a Lockdown detection with 1password
Resolved a Lockdown detection with Google Chrome and the 1password website
Resolved a Lockdown detection with Google Chrome and the extendoffice website
Resolved an issue with Autorun Lockdown detections against iexplore.exe
Resolved and issue with IAF detections with XecureWeb Control
Resolved an issue with Wipeguard and Symantec PGP Encryption
Resolved an ROP detection with ss3DevProps.dll
Resolved an autorun Lockdown detection against firefox.exe
Resolved an issue with Skype being unable to start with Windows
Resolved a conflict with SofTrack client that caused IE to crash
Resolved a DEP detection when creating a PDF from a Scanner in Adobe Acrobat 2017
Resolved a Cryptoguard detection with AutoDWG to PDF converter
Resolved a Cryptoguard detection with Windows Media player
Resolved an issue with Dell RAID controllers
Resolved a CryptoGuard detection in Windows Explorer
Resolved an issue with performance issues on boot
Resolved a Callercheck detection on 1password.exe
Resolved Callercheck detections involving mono.dll
Resolved Website performance issues alongside Intercept X
Resolved a Cryptoguard detection with non installer .msi files
Resolved Cryptoguard issues with Prism software
Resolved conflicts with Cygwin
Resolved an ROP Alert for KUTools Excel plugin
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.