Advice Request Anyone on the new Sophos Home Beta?

[ForgottenSeer 72227]

- machine learning so that we get what has been marketed
- AMSI support
- being able to add phone devices to the web dashboard
- as Sophos does not provide a firewall , allow SHP to blend with home edition of XG firewall
- more support for protection against malicious docs, PDFs
- 2FA for your website
- use a sandbox to minimize your own product’s vulnerabilities, as Windows Defender now does
- extend the array of applications in the web dashboard for hitman Pro to protect
- more details on your signatures, which databases do they come from etc

These are some very good suggestions!

For me I would also see:

-Some sort of device control to restrict what hardware (ie: USB drives) run on the system (similar to Eset's device control), with the ability to exclude ones we want to allow to run.

-I would also like to see the capability to restrict access to vulnerable processes and some form of application control. Again with the ability to allow exclusions to the ones we want.

Both of these features can be disabled by default to avoid conflicts/issues with people less familiar with them, but if someone wants to use them, they can easily enabled them.

 

[Deleted Member 3a5v73x]

Sophos Home Beta have detection modules realtime of the Sophos AV, Sophos ML and HitmanPro forensic engine.

Here's an example of HitmanPro detection, in response to @erreale 's shared Shade ransomware. https://malwaretips.com/posts/786300

VirusTotal

Small note: If HP wouldn't have picked it up, it would still need to pass through Ransomware Protection, which is provided by the integrated HitmanPro.Alert into Sophos Home Premium.

 

[ForgottenSeer 72227]

Sophos Home Beta have detection modules realtime of the Sophos AV, Sophos ML and HitmanPro forensic engine.

Here's an example of HitmanPro detection, in response to @erreale 's shared Shade ransomware. https://malwaretips.com/posts/786300

VirusTotal

View attachment 204532

Small note: If HP wouldn't have picked it up, it would still need to pass through Ransomware Protection, which is provided by the integrated HitmanPro.Alert into Sophos Home Premium.

Pretty cool! It seems like they've listened to some of the issues in the past and have made some great improvements to the capabilities of SHP

 

[chabbo]

Hey how its going any news on the beta to share with Us?

 

[Deleted Member 3a5v73x]

Windows 2.0.10 (Beta) and Mac 2.0.9 (Beta) - January 3, 2019

Applies to: Sophos Home Windows 2.0.10 (Beta), Sophos Home Mac 2.0.9 (Beta)

Windows 2.0.10 (Beta)
Fixes

• CHOME-4540 - Improvements in cleaning workflow
• CHOME-4919 - Scan Complete shown at the start of a right-click scan
• CHOME-4948 - Clean and antivirus improvements
• CHOME-4976 - Web icon missing from scan results
• CHOME-5050 - Scan my computer shows "go home" momentarily
• CHOME-5077 - Double clicking tray icon whilst UI open shows error message box on Windows 7 & 8
• CHOME-5084 - Layout issues due to localization
• CHOME-5090 - Switch to scanning page on first-time scan
• CHOME-5057 - Scanning a file can result in a right-click scan stuck at 0%
• CHOME-5061 - Right-click scan shows "scan failed" when free remote scan is in progress
• CHOME-5063 - Office 2013 apps did not launch
• CHOME-5073 - local exclusion improvements

Features

• CHOME-4057,5034,5035,5036 - Updated Sophos Home icons

Mac 2.0.9 (Beta)
Fixes

• CHOME-4560 - Initial fast scan aborts automatically
• CHOME-4989 - Text changes for auto-clean off scenarios for clarity
• CHOME-5088, 5089 - Scheduled scan bug fixes

Features

• CHOME-5029 - Mac Smart Scan (run a scan 48 hours on the behavioral detection)
• CHOME-4999 - System extension approval is now mandatory within the app on initial install

 

[ForgottenSeer 72227]

Hey how its going any news on the beta to share with Us?

I've been using it since the beta was released and I am quite impressed with the changes they have made. With the inclusion of more up to date features from HMPA, M/L, quarantine and tamper protection, IMHO they have made some significant improvements. I am hoping that with the added protection from HMPA and M/L it should improve it's overall protection level.

One thing I found when using SHP in the past that it did impact the system/web browsing slightly, however since using the 2.0 beta, I have to say that I don't even notice it on my system. For me anyways web browsing is not impacted in anyway.

So far I am quite impressed with what they have done and I think the changes/improvements they have made will make it a very good contender.

Windows 2.0.10 (Beta) and Mac 2.0.9 (Beta) - January 3, 2019

Applies to: Sophos Home Windows 2.0.10 (Beta), Sophos Home Mac 2.0.9 (Beta)

Windows 2.0.10 (Beta)
Fixes

• CHOME-4540 - Improvements in cleaning workflow
• CHOME-4919 - Scan Complete shown at the start of a right-click scan
• CHOME-4948 - Clean and antivirus improvements
• CHOME-4976 - Web icon missing from scan results
• CHOME-5050 - Scan my computer shows "go home" momentarily
• CHOME-5077 - Double clicking tray icon whilst UI open shows error message box on Windows 7 & 8
• CHOME-5084 - Layout issues due to localization
• CHOME-5090 - Switch to scanning page on first-time scan
• CHOME-5057 - Scanning a file can result in a right-click scan stuck at 0%
• CHOME-5061 - Right-click scan shows "scan failed" when free remote scan is in progress
• CHOME-5063 - Office 2013 apps did not launch
• CHOME-5073 - local exclusion improvements

Features

• CHOME-4057,5034,5035,5036 - Updated Sophos Home icons

Mac 2.0.9 (Beta)
Fixes

• CHOME-4560 - Initial fast scan aborts automatically
• CHOME-4989 - Text changes for auto-clean off scenarios for clarity
• CHOME-5088, 5089 - Scheduled scan bug fixes

Features

• CHOME-5029 - Mac Smart Scan (run a scan 48 hours on the behavioral detection)
• CHOME-4999 - System extension approval is now mandatory within the app on initial install

Thanks for the change log. I've noticed they have release new versions for the beta, but I could never find out what was changed.

@davisd for the local exclusions, did they move it to the web portal, or is it still available on the machine? If I'm not mistaken with the current release, you can access the local exclusions through the GUI on the computer, but for the beta I don't see it anywhere. Is it still there, or was it moved? I am blind at times

 

[Deleted Member 3a5v73x]

@davisd for the local exclusions, did they move it to the web portal, or is it still available on the machine? If I'm not mistaken with the current release, you can access the local exclusions through the GUI on the computer, but for the beta I don't see it anywhere. Is it still there, or was it moved? I am blind at times

 

[SumTingWong]

View attachment 205368View attachment 205369

What is the RAM usage?

 

[ForgottenSeer 72227]

View attachment 205368View attachment 205369

Thanks a bunch! For some reason I never thought to look there hehe. Maybe it was in the same location as before and I totally forgot:emoji_flushed:, but either way mystery solved.

Actually another thing I noticed was that when I was looking at the troubleshooting section, I didn't see the tamper protection setting, but then it dawned on me, if you are logged in under a SUA the tamper protection setting won't be visible, however if you log under the Admin account it's there.

What is the RAM usage?

One thing to note is that SHP does have a lot of processes running for the various components, but when I added them all up to on my system it was about 160mb total, which isn't too bad. Like I said in my previous post, I don't even notice that it's there and hasn't impacted my overall system performance in any way, at least to my eyes.

 

[Deleted Member 3a5v73x]

- AMSI support

AMSI support is currently NOT implemented as of Sophos Home 2.x BETA, but it's in their to-do list to add it in the future. No ETA.

 

[chabbo]

sophos home version 2.0.11 released

 

[ForgottenSeer 72227]

sophos home version 2.0.11 released

Awsome! Would like to see it tested in the hub to see how the new capabilities do

 

[dash]

sophos home version 2.0.11 released

Not to much fanfare. No sign of a new and improved Home on their site yet.

 

[notabot]

Tbh I was disappointed of Sophos marketing Home as on par with intercept X for home 1.x so in my new machine I spent the time to harden defender via group policy.

It’s a product that’s testable Home - Windows Defender Testground , very configurable via group policy and provides many layers of protection and the product itself is quite secure.

I’ll keep Sophos on my old machine but not renew the license at expiry. No test vectors to know what I’m getting and I don’t feel I can take marketing claims at face value anymore. no participation at independent reviews does not increase my confidence either.

 

[ForgottenSeer 72227]

Not to much fanfare. No sign of a new and improved Home on their site yet.

Ya I was surprised to see nothing mentioned either. I think I may have misinterpreted the previous post, I think the latest release might be for the free version only. I downloaded the SHP again and it was still a beta and it was still at 2.0.10. My assumption is that they will probably want to promote the premium version more, so once they release 2.0 for the premium version I am sure we will hear a lot about it.

Funny thing is I was listening to the latest security now podcast and Sophos is now an advertiser for SN and it seems like the main pitch was for the SH and SHP versions. It's interesting because Leo and Steve have been saying not to use any 3rd party AV's for some time now, so it's interesting to see them promote this. Well I guess money talks

Tbh I was disappointed of Sophos marketing Home as on par with intercept X for home 1.x so in my new machine I spent the time to harden defender via group policy.

It’s a product that’s testable Home - Windows Defender Testground , very configurable via group policy and provides many layers of protection and the product itself is quite secure.

I’ll keep Sophos on my old machine but not renew the license at expiry. No test vectors to know what I’m getting and I don’t feel I can take marketing claims at face value anymore. no participation at independent reviews does not increase my confidence either.

Ya I think their marketing upset a lot of people because everyone was under the same impression as you. It wasn't until @davisd did some digging and found out the truth, but needless to say with the new version they seem to have addressed a lot of issues, so this release could be a big deal for them. Hopefully they won't do stupid things with marketing like last time, but in the end all companies market their products in a way to attract attention. After all they want you to buy their product

I too have been using WD with tweaks, some W10 hardening and OSA. Personally I don't think 3rd party AV/suites are worth it anymore. I know some will disagree with me and that's totally cool, everyone has their opinion, but I feel like WD has improved a lot on the protection front that simply hardening Windows, or adding something like VS, OSA, Syshardener, etc... is way more than enough for virtually 99% of the people out there. I practice safe habits, as everyone should, it's just as important and I've had not issues what's so ever. Does that mean I never get infected, well never say never, but I don't sit here stressing about some random 1 in a 100000 chance that some very advanced attack is going to happen the moment I turn on my computer

 

[Handsome Recluse]

I too have been using WD with tweaks

It's slow though.

 

[jtshadow92]

I tested the new beta, but not really impressed with it that much. I'm still disappointed on how many processes it uses and it still feels pretty heavy on my system. I still notice a good amount of slowdown when web browsing.

 

[Hollow]

This is my 2nd year on testing sophos beta
I got it by e-mail
And it’s very good but many bugs

 

[ForgottenSeer 72227]

It's slow though.

That's fair. Not to go off topic anymore, but IMO it's a bit of a yes/no answer. WD IMO is barely noticeable provided that you aren't installing/uninstalling a lot of programs and transferring a lot of files on a very regular basis, that's were WD has it's biggest impact. If you aren't doing those things very frequently, like in my case, you don't even notice it. Again, everyone may have a different opinion on the matter and that's totally fine. I'm just speaking from my own personal experience and for me in my day to day usage, I don't feel it at all. Doesn't mean that MS can't improve on it though.

I tested the new beta, but not really impressed with it that much. I'm still disappointed on how many processes it uses and it still feels pretty heavy on my system. I still notice a good amount of slowdown when web browsing.

Ya it's web browsing has a slight impact that is still there from the previous version, not very much, but it's there. I think they have addressed a lot of issues with this new version, but the product as a whole is still very much a work in progress. As I've said in my previous post, I think this new version will make a lot of people happy, but it still may not meet everyone's needs and that's fine, as no product can meet everyone's needs. The way I look at it, SH/SHP are still very new products compared to the other product/vendors out there and will take time to get to where the others are currently.

I do agree that they have a ton of processes running. Adding them all up was about 160mb, which isn't bad at all, but it's still a lot of processes. If I could suggest another area that Sophos can improve on with these products, it would be to consolidate as many processes as they can and hopefully they can cut it down to potentially 1-3 process max.

 

[notabot]

Ya I was surprised to see nothing mentioned either. I think I may have misinterpreted the previous post, I think the latest release might be for the free version only. I downloaded the SHP again and it was still a beta and it was still at 2.0.10. My assumption is that they will probably want to promote the premium version more, so once they release 2.0 for the premium version I am sure we will hear a lot about it.

Funny thing is I was listening to the latest security now podcast and Sophos is now an advertiser for SN and it seems like the main pitch was for the SH and SHP versions. It's interesting because Leo and Steve have been saying not to use any 3rd party AV's for some time now, so it's interesting to see them promote this. Well I guess money talks



Ya I think their marketing upset a lot of people because everyone was under the same impression as you. It wasn't until @davisd did some digging and found out the truth, but needless to say with the new version they seem to have addressed a lot of issues, so this release could be a big deal for them. Hopefully they won't do stupid things with marketing like last time, but in the end all companies market their products in a way to attract attention. After all they want you to buy their product

I too have been using WD with tweaks, some W10 hardening and OSA. Personally I don't think 3rd party AV/suites are worth it anymore. I know some will disagree with me and that's totally cool, everyone has their opinion, but I feel like WD has improved a lot on the protection front that simply hardening Windows, or adding something like VS, OSA, Syshardener, etc... is way more than enough for virtually 99% of the people out there. I practice safe habits, as everyone should, it's just as important and I've had not issues what's so ever. Does that mean I never get infected, well never say never, but I don't sit here stressing about some random 1 in a 100000 chance that some very advanced attack is going to happen the moment I turn on my computer

Agreed re Windows Defender. I harden windows with GPO and will look into the OS built in anti exe over the next few months ( I don’t think Sophos has anti exe) + write anti exploit profiles for my browser, email client and pdf reader - all is covered and in a testable and transparent way.

can’t agree regarding SHP v1.x marketing, I felt this one crossed a line for me.