How do you Install Intercept-X?

We're a Sophos Cloud (Central) subscriber and looking to install Intercept-X which I just started a trial for. We've been running Endpoint Advanced Protection (started on Endpoint Standard in the beginning) since the beginning of this year.

When I go to download the Intercept-X installer, it gives me a checkbox to select Endpoint Advanced and/or Intercept-X. I checked off Intercept-X since I already have the Endpoint and agent installed. To my surprise, the installer wouldn't go through until I disabled tamper protection. This made me believe that I downloaded the wrong installer.

I re-downloaded and found that the file size of the downloaded file will be the exact same size whether I select Endpoint Advanced or Intercept-X or both. I don't believe this selection really means anything.

After downloading the "Intercept-X installer", disabling tamper protection, installing said file, and restarting my PC. I see no indication that Intercept-X is installed. Nothing in the tray other than the usual Endpoint Security and Control console. Product version still shows 11.3.1 Cloud.

I do see that I'm using 1 license in my trial now. Is it safe to assume it is now installed even though I cannot see it?
Should I be installing this some other way? It would be nice if the agent just saw that I was trialing it right now instead of having to deploy an executable to every client.

  • After all of that, I came across the hitman pro tester file, hmpalert-test.exe. Ran some tests to find that Sophos was successfully stopping most (not all) of the exploit attempts! Yay, looks like it is installed and working fine, although no indication of showing it as an installed application...

    Tried again today, Sophos is no longer stopping ANY of the exploits. Did it just uninstall by itself overnight?
    What gives? Why is this install so bad? Maybe don't announce a release until this thing actually comes out of beta.

  • HI Derek.

    As you have downloaded and install Intercept X it would not show as a separate component as you already have Endpoint .  If you are using another AVproduct then it would show as a Separate entity. You may check in the Task Manager and check if  hmpalertsvc service is running in your system . If you are already using Cloud Based endpoint you may see additional two notification box 1> Malicious Behaviour and 2> Exploits

    Thanks and Regards

    Aditya Patel

  • In reply to Aditya Patel:

    Hello Aditya,

    There is no such service 'hmpalertsvc' installed on the system at this time. Looking through the Windows Event Viewer, it was installed and working at some time, but the Sophos Endpoint software decided to remove it at its discretion for some reason.

    It's clear to me Intercept-X is not ready for release with existing Cloud customers. Maybe other AV combinations, but not this one. I hope this is actively being looked into, but I'm not going to purchase Intercept-X until I'm proven otherwise.

  • In reply to Derek Lauro1:

    Hi Derek, if you already have Endpoint Advanced installed..... In Central click on Computers, then in the top right of the screen you should see "Manage Endpoint Software", click on that and then click on the Intercept tab and you should see Eligible computers, from there just push them over to assigned, then save and it will install Intercept for you.  No need to download and install anything.  


    From there you can click on the Endpoint agent and in the bottom right click "About" and you can see if Intercept installed or not.  I can shoot some screenshots over too if that helps.



  • In reply to DMR188:

    I found that and selected a few computers, and I see that they "updated", but how do I know if Intercept-X is actually installed on the computer?

    I'm running the hmpalert-test.exe tester application and it does not prevent any of the exploits from running. I don't think it worked.

  • In reply to Derek Lauro1:

    It sounds like maybe its not updating for some reason?  Are you still seeing the old "Shield" in the system tray?  Or is it the new Blue Circle icon?  You want the new Blue Circle one, and if so you can double click on that and in the bottom right click "About" and it will show you if Intercept is installed.  But if its the Shield icon, then yeah, doesn't sound like its updating properly.


    I'm sure theres a way to know within Central that I'm not aware of by looking at the version numbers.  Maybe someone else can chime in and help with that.



  • In reply to DMR188:

    Oh, the "Shield" is old? That's what we have (11.3.1 Cloud). I've never seen a blue circle icon for Sophos.

    Even on a new computer new install it still installs the 'old' shield, so not sure how I would go about getting an updated version, because I'm fairly confident the Shield Sophos does not support Intercept-X.

  • In reply to Derek Lauro1:

    HI Derek , 

    Seems you using an old UI , wait for the New UI and it would work perfectly.

    Furthermore , as per information available the Migration will take place before 9th of November. Make sure your Endpoint is Updated and valid subscription on interceptX and Endpoint 

    You may also refer our KB 

    Thanks and Regards

    Aditya Patel 

  • In reply to Aditya Patel:


    Can I install only intercept X to work with Kaspersky and not fully download and isntall endpoint protection.

    From sophos central I have two options:

    1. Endpoint Intercept X advanced(to my understanding it is endpoint protect + Intercept X)

    2. Encryption

    I want to install it to client who already has Kaspersky. BUT I only want to "add" Intercept X. I do not want endpoint protect.

    Please help!

    Thanks in advance.

  • In reply to Kaloian Kirchev:


    You can install the Intercept X software alongside "traditional" anti-virus solutions (that do not contain any runtime or anti-exploit protection),however, please check this list of known issues with 3rd party products. To install only Intercept X, you can use the command line switch option where you can specify the product you want to install with "Products to Install" option. 

  • In reply to Shweta:

    Hello Shweta,

    I tried and only installed INTERCEPT X....BUT!

    My PC start showing red in central and error is HitmanPro is not running. 

  • In reply to Kaloian Kirchev:


    Please check the status on the Endpoint itself (double click on the Sophos Endpoint systray icon) and see if the machine needs to be rebooted, if this helps.



  • In reply to DianneY:


    it seems that without endpoint protect agent stays red :(.

    I reboted and it updated itself from Sophos Central. Now everything is green but with Endpoint protection/antivirus.

    It seems that HitmanPro.Alert only runs with full Endpoint protect + Intercept X.

  • In reply to Kaloian Kirchev:


    Intercept X can run with Sophos Endpoint, or with most other AV.

    Sorry, what specific service is still not started? From what I have seen, sometimes it may take up to a couple or so reboots when stuff are installed, depending on the state of the machine.



  • In reply to DianneY:

    Hi DianneY,

    My scenario is:

    1. I want to install only INTERCEPT X without installing Endpoint protect.

    2. I want to run it with Windows defender/Kasperky(for client of mine)

    3. I isntalled it using windows cli >SophosSetup.exe --product=intercept

    Nothing else.

    4. Now I am trying my second attempt.

    Thanks a lot for fast reply and help!