Why is the Hitmanpro service installed and used when it is Sophos Intercept?

I understand it is Hitmanpro's software, but why does it show as Hitmanpro and not a rebranded Sophos name? It would make sense to keep all the services together. Was this intentional?

  • I am wondering the same thing.

  • We will get around to the branding in the future.  Our initial focus is on making the features from HitmanPro available to Sophos Central customers as part of Intercept X

  • T H I S !!!!

    This is the exact thing that PISSES off customers to no end from ALL software companies.

    Nearly TWO Years ago you stated below, yeah, we might try and rebrand the hitman name. Here it is 2018 and nothin' has changed.

    I thought hitman was bloody malware crap and spent the better half of the day trying to rid the bloody thing off our servers but, of course, couldnt.

    It wasnt until just now upon doing a google search that Ive learnt it is part of Sophos.

    1) We pay thousands of good dollars every year for a software product, and get re-branded stuff that we never knew about running in the background. We were never told about it. Sophos should be advertising this; forcing this down our throats upon installs or emails or something. Pushed out. Not end users having to google for it!!

    2) Hitman has been hitting our cpu's hard , as in, 100% for days. Why is the product so crappily written? Pure bloatware and poor sharing of resources.

    3) As admin I want to be in control of my hardware and software. Why lock it down so much that I need a 3 year software engineering course in order to unlock / uninstall your totally-locked up software?  Sure , it needs to be locked up and secure, but I think that Sophos has totally gone too far overboard and has lost the plot for simple administration.

    4) Change the bloody name on that dreadfully written software already.


    /cheesed-off admin user whom has had too much coffee.

  • In reply to Bushy555:

    Hello Bushy555,

    Apologies for the inconveniences this may have caused. I do not have an ETA regarding when will the name be updated, but let me try to find more information for you and update this thread as soon as I hear more.  ---> UPDATE (7/30/2018) --> There is no plan to change the Intercept X components (processes/services) names at this time. 

    In the meantime, please review this article as it covers all the Sophos Components and their names.
    As for the uninstall, Tamper protection exists to avoid unauthorized users and certain types of malware from uninstalling Sophos or disabling its components. Please see the FAQ for more information.
    If you ever need to recover a system with tamper protection (that cannot be disabled in the conventional ways), we do have a way for that as well: Sophos Endpoint Defense: How to recover a tamper protected system

    Regarding your concerns about CPU usage, I recommend that you start a support case via here  so that your issue can be further investigated.
    Once you create the ticket, please DM me the number so that I can follow up.


  • In reply to Barb@Sophos:



    Serious Request: if Sophos cannot be bothered to rebrand, can I please beg that you at least put 'sophos' in the executable name so we know where its coming from? (and hence, a trail of bits to figure out how to get rid of it / stop it?)


    Sleep Deprived Home User / Admin Not At Work: Its good software, when needed.  However, how many damn years does it take for you guys to rebrand something like this?  Twice a year I run into a situation where suddenly hitmanpro is running when something else isnt working and it takes me an hour to figure out, again, that its fscking sophos I need to put the kibosh on!!!

    If I ran into these situations in the morning when I'm alert I'm sure my neurons would make the permanent connection so this wouldn't be a recurring thing - and maybe by me registering to post this informal complaint, when this happens again in 2021 (I'm sure you'll still be working on the branding) when this happens I'll not need to waste another hour!

    In summation: rebrand it already!!!!

    Thank you very kindly, and please pardon my candor.  You guys do make good software. (otherwise I'd not have implemented it at work or home!) But, seriously!!!

  • In reply to Bushy555:

    Hi Bushy

    Short answers:

    1) You finally (or hopefully) don't pay your dollars for "branding". Maybe in some cases for a "brand". Usually you're paying for the protection capabilities to keep malicious crap away to protect the crown jewels of a company. I do not know the technical or other reasons for not rebranding it until now, but 99% of Sophos partners selling Intercept x are usually aware that hitman process belongs to Intercept.

    2) Jup. I have seen this a few times too over time. Especially on low end machines, or slow HDDs, and often also due third party apps heavily scraping around on HDD (Dropbox, Onedrive, CCLEANER boottime auto cleanup, additional Anti Spyware Installations as Spybot etc.) and giving hitman (and AV too) a hard time to keep up. On halfway state of the Art machines Boot and Login are still slowed down, but daily working afterwards is perfectly fluid. I personally prefer protection over fast boot and login times, as I boot and log in only once or twice a day, but work for hours on my device(s).

    3) That comfort can be achieved by simply disabling tamper protection. That same comfort (disabling tamper protection)  also opens door for some malwares to disable AV and do bad stuff afterwards There's a reason that this (in earlier times not avaiable) tamper protection feature got demanded for years by enterprise and higly security affine cutomers. If it's hard to tamper Sophos AV with tamper protection on, I'd take this as credit to the devs, that they implemented it right.

    4) +1 from me. I'd like to see it renamed in future too. However, I peronally mainly need the protection capabilities and give not too much on how the processes are called, I only need to know which ones belong to a Sophos installation and what their function is ;o)

    BTW concerning your hitman removal attempt: A google search might have given you a quick answer too. But tbh as I"m a man too, I'm not better. I usually also try to handle things first by myself, RTFM is the last option

  • In reply to SaschaParis:

    Sascha, you’re response sounds like a recent graduate with a CS degree, with little understanding of the larger context in which software serves. Branding is a form of communication. Wasting the time of so many people is what the other members are complaining about, yet you ignore the basic premise of the complaint. Your response talks to the term branding as if they’re talking about brand market dominance (which is not what they are requesting), rather than simply recognition of the product as part of Sophos. So arguing against whether money is put to branding as advertising ignores the actual and legitimate request. Your answer is called a strawman argument. In fact, #2 & #3 have a similar problem where you respond to something that is not directly an issue, so those too can be considered strawman arguments and rather ineffectual. #4 is really just a repeat of #1. Perhaps I was just annoyed by your attitude and blindness in answering #1. You come off as an employee that has very little concern for the customers, and self-serving rather than helpful. That may not be true, but your lead-in really sets the tone.

  • In reply to Brant Fetter:

    I can understand the frustration with software branding, as an IT professional you can waster a lot of time navigating in the in's and out's of how a new software package works, why are things not done in a more organized fashion to make our jobs a little easier.

    But I am amazed at how many people complain about things that would not have happened if they would have stuck to standard practices in the IT world.

    For example this should never happen in the first place, when vetting software any software, there is not a college in the world for IT administration the does not teach to test software and or any changes prior to putting those changes into a production environment.  IT admins should be installing the software on a new test system with known services and applications and compare the changes after the software is installed, this should be done before it is even purchased.  Sophos offers a free 30 day trial so no one should really be surprised after the fact about anything.  


    This part I have to assume a little but it still stands some reasoning-

    Which is, the re-branding aspect might not be possible based on the purchase agreement Sophos may have with Hitman Pro.  That agreement may also be renewed every few years with the intention to re-brand but Hitman Pro might not want that and it could be a deal breaker in the negation. 

  • I stumbled on to this thread after about 5 minutes of discovering hitmanpro processes running on my system after recently installing Sophos Endpoint as a trial to research it as a solution to replace Symantec Endpoint. I say that because any IT professional should take about that long to figure it out after seeing the directories created at the same time as the Sophos directories that the hitmanpro processes reside in. Then a simple Google search of hitmanpro and sophos endpoint quickly shows you this fact and this thread. So anyone who spends all day trying to get rid of it without easily figuring out where it cam from needs to re-evaluate their profession.

    Just my .02

  • In reply to sratson:

    SRatson, simply put, I'm not an IT professional so there goes your argument.  More importantly and to address your argument, good software design means you don't need to go 'look it up'. One of the main tenents of this discussion is better labeling of components so that they're not suspicious, despite whatever deal was made to purchase the component. 

  • In reply to Badrobot:

    BadRobot, very good points (From last year.) I got pulled back into this when I was notified that my ID was expiring. To my amazement, this discussion is still relevant since they haven't fixed this issue. I agree wholeheartedly that basic practices may have been the cause. To your second point, I think that's a good guess as to why they choose not to fix such an annoying issue, either in negotiating such a purchase or simply not fixing it. This still points to how they have a total disregard for the general concept of naming for the sake of usability, and thus less frustration for end users. The continued cavelier attitude and lack of change indicates a lack of awareness possibly due to insular thinking which plagues the tech community.