Updates to EAP agent

This week an update is being published for the early access program endpoint.  The update addresses a number of reported issues and makes improvements on multiple core components for active hacking protection. 

Call to Action: we would like folks to perform a reboot of the endpoint to complete the install before resuming testing. If you reported issues in the last few weeks please re-test to confirm if they have been addressed. If you still encounter problems please create a question on the Forum so we can address the issue.

ALSO - Coming soon will be an update to introduce machine learning and false positive suppression, look for that in the coming weeks

The update will be automatically delivered and will complete it's deployment after a reboot.  To check if you are on the current build for the EAP, you can check the 'about' information from the endpoint management console.  The current EAP would show "Sophos Intercept X 3.7.0" the updated version will show "Sophos Intercept X 3.7.1"

In this update the following issues have been improved/fixed.


  • Credential Theft Protection
  • CryptoGuard
  • Lockdown mitigation 
  • LoadLib mitigation
  • ROP mitigation
  • DEP mitigation
  • Redstone 3 compatibility
  • Compatibility with Forcepoint
  • Memory usage


  • CodeCave detection in Visual Studio 2017 15.3
  • LoadLib detection in Firefox 55.0.3
  • NonPaged memory leak in driver
  • BSOD when minifilter failed to initialize
  • BSOD when trying to hash the executable of a process located on the network
  • DLL hijacking vulnerability on Windows 7 machines without KB2533623
  • Windows 10 OS upgrade fails with EAP 0 
  • Components fail to install with Tamper Protection