The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.

"Wanna" ransomware outbreak. Please see this Sophos article for advice on how to protect your organization. Immediate action recommended.

Need a way to confirm Intercept-X installed by command line


I work for a Managed Services provider, and we're deploying Intercept-X to our clients.  I need a way through command line to check if Intercept-X has been deployed to a PC.  Is there an .EXE or a .DLL file I can look for to prove its presence?  Or is there something in the registry I can look for?

Any help would be appreciated...


  • You could check for the services being installed/started.

    sc query hmpalert

    is the driver service for example.

    "HitmanPro Alert service" is the user mode service, etc...