Is there an issue with Sophos Intercept X and Internet Explorer 11?

Can you test disabling "CPU Branch Tracing" within your central threat protection policy and let me know if this also resolves the issue for your users?

Can you test disabling "CPU Branch Tracing" within your central threat protection policy and let me know if this also resolves the issue for your users?

We don't seem to have this option?

I've had the issue described in this thread since Nov, 2017, when our company first started using Sophos Central and InterceptX.  I've had a case open for a couple months now.  IE crashes on Win 10 systems so frequently it's almost unusable. 

At the current time, a reliable workaround for us is to disable "Shockwave Flash Object" in IE.  With that disabled, I'm able to use IE successfully without disabling any Sophos components.  I'm curious if this will work for others.  I've only done it on some test PCs so far.

We also have been experiencing the same issue since migrated to Sophos Central and InterceptX.  I implemented the Shockwave Flash change on a test group but have seen a couple of failures since although the rate has been much lower.  We have a call open with Sophos but have not had any meaningful advise or feedback so far. 

I will look to implemenet the rename of the hmpralert.dll and see if this has any impact. 

Kevin

We also have been experiencing the same issue since migrated to Sophos Central and InterceptX.  I implemented the Shockwave Flash change on a test group but have seen a couple of failures since although the rate has been much lower.  We have a call open with Sophos but have not had any meaningful advise or feedback so far. 

I will look to implemenet the rename of the hmpralert.dll and see if this has any impact. 

Kevin

kevin Whiteman said:

We also have been experiencing the same issue since migrated to Sophos Central and InterceptX.  I implemented the Shockwave Flash change on a test group but have seen a couple of failures since although the rate has been much lower.  We have a call open with Sophos but have not had any meaningful advise or feedback so far. 

I will look to implemenet the rename of the hmpralert.dll and see if this has any impact. 

Kevin

 

Yes, we rolled this out as a Group Policy.  While it does seem to be a bit better, Internet Explorer is still crashing.  Did renaming the DLL make any difference?

Disabling InterceptX will prevent the IE crashes in Win 10.  Renaming the DLL for Hitman Pro Alert is one way, but you have to do that at the client.  Here's a way to disable InterceptX in the console for only the clients you choose:

• On the left side menu in the console, under Manage Protection, click Computers
• On the right at top, click the Manage Endpoint Software button
• In the window that pops up, under Software List, click "Intercept X"
• Move any computers from the Assigned Computers group to the Eligible Computers group.
• Save and close the window.
• Once the clients grab this update, InterceptX will be disabled.  I believe they will want to reboot anytime this is disabled/enabled.

Obviously disabled InterceptX is not something we want to do, but if disabling Shockwave Flash isn't enough of a work around, this is an option until we have a final solution. 

I am very unhappy with Sophos support on this and other issues.  Communication from them is very infrequent.  I've had to ask the same questions 2 & 3 times before getting answers.  The were unwilling to own this issue in the beginning, hinting "no one else is reporting this issue."  They have asked me to do testing, generate logs, dumps, even this week asking for more dumps.  This is very time consuming.  It should be very simple for them to test and generate these in-house.  None of the issues I raised over the last 2+ months have resolution, the only workarounds have been to disable components.  I've never had such an unsatisfactory support experience with a software vendor.

David Fosbenner said:

Disabling InterceptX will prevent the IE crashes in Win 10.  Renaming the DLL for Hitman Pro Alert is one way, but you have to do that at the client.  Here's a way to disable InterceptX in the console for only the clients you choose:

• On the left side menu in the console, under Manage Protection, click Computers
• On the right at top, click the Manage Endpoint Software button
• In the window that pops up, under Software List, click "Intercept X"
• Move any computers from the Assigned Computers group to the Eligible Computers group.
• Save and close the window.
• Once the clients grab this update, InterceptX will be disabled.  I believe they will want to reboot anytime this is disabled/enabled.

Obviously disabled InterceptX is not something we want to do, but if disabling Shockwave Flash isn't enough of a work around, this is an option until we have a final solution. 

I am very unhappy with Sophos support on this and other issues.  Communication from them is very infrequent.  I've had to ask the same questions 2 & 3 times before getting answers.  The were unwilling to own this issue in the beginning, hinting "no one else is reporting this issue."  They have asked me to do testing, generate logs, dumps, even this week asking for more dumps.  This is very time consuming.  It should be very simple for them to test and generate these in-house.  None of the issues I raised over the last 2+ months have resolution, the only workarounds have been to disable components.  I've never had such an unsatisfactory support experience with a software vendor.

 

 

 

 

I don't think you are the only one frustrated by Sophos support or lack of!