Disclaimer

This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Andy Ful

Level 60
Verified
Trusted
Content Creator
I hope I won't, but legit and fully updated apps can be exploited by a zero day exploit and then a behavioural block becomes very important. Or an application may update and a supply chain attack may replace a dll with a malicious one, smartscreen won't catch that if the exe doesn't change.

The chance of something like this happening is small but to secure against these attack vectors, it's up to the BB.
That is right, and that is why you will not see this in tests (especially in real-world tests) with SmartScreen on Chromium Edge, except when you preselect the samples and choose only those that could bypass SmartScreen (anti-phishing and application-reputation).

The BB can be seen on Malware Hub (dynamic detection), but you have to read carefully the AV alerts, because nowadays behavior blocking is related to behavioral detections in the cloud and it is not easy to see the difference with cloud signature detections.
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
I don't care what people say,Webroot is doing great in the Malware hub.....just my humble opinion of course...;)
Sorry guys I just couldn't handle myself....:oops::D
Ha, ha. It is really not for people who would run 0-day malware on their computers.:)
Anyway, we should not talk about Webroot too much on this thread. Both SE Labs tests and Malware Hub tests do not test the efficiency of the Webroot rollback feature. Furthermore, most users will never see the tested (or similar) samples on their computers, so the discussion would be rather speculative.:sneaky:
 
Last edited:

Andy Ful

Level 60
Verified
Trusted
Content Creator
Indeed, but would like to see how the free version of it performs
The premium version has additionally: Advanced Real-Time Threat Prevention, Ransomware Security, Advanced Web Security, Banking Protection, etc.
But, the free version can use AI deep learning, so it will be probably not bad protection (similar to other free AVs).
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
3 other free AVs + CIS, I stand corrected :)
I'd argue then, excluding WD, it's unfair to compare free products to paid ones in general. Paid-to-paid and free-to-free makes more sense imo. -- Unless ( I'm not familiar with these 3 AVs) the free ones has feature parity and only diff is eg it delivers ads/privacy policy.
It would not be fair, if the free AVs have got significantly worse scorings.:)
 

notabot

Level 15
The premium version has additionally: Advanced Real-Time Threat Prevention, Ransomware Security, Advanced Web Security, Banking Protection, etc.
But, the free version can use AI deep learning, so it will be probably not bad protection (similar to other free AVs).
"AI" in Sophos marketing material is tricky, it has been used as a term in a less than ideal way.
When they first launched SHP, it was marketed with ML but it turned out it did not have intercept X ( their ML flagship ), so there must be some baseline ML module and Intercept X.
Later on it was added Intercept X to SHP, but the fact that Sophos free version says it has AI, it doesn't mean it's on par with SHP with respect to ML, as SHP itself was marketed as "ML" in the past while it didn't include the intercept X module ( it doesn't mean it's not there either, but don't assume parity ).

When they rolled intercept X to SHP, I was impressed, it even flagged binaries I had created because eg an index was going out of bounds.
 

notabot

Level 15
Thanks harlan, it didn't do great I guess.
From your experience, where was it lacking, eg what module is it that it lacks compared to other suites? is it the behavioral blocker ? or to rephrase, for the same malware pack, those suites that did keep your VM clean, which modules were the ones that stopped the malware Sophos let through ?
 

notabot

Level 15
Hum I don't think it lacks anything (any module)... but probably a better signature detection would be better, also if You check some results of the testing, it also had issues to stop/blocking scripts...
How did you find it's behavior blocker for malware ? ( excluding fileless/scripts where we know this suite is not strong and excluding ransomware as it has a specialized module for that) , is it on par with the SONARs, DeepGuards and System Watchers out there?

Regarding scripts, SHP doesn't have AMSI yet, they just added AMSI one month ago to their enterprise endpoint, at some point it will be added to SHP but no word on it yet, so till they support AMSI I don't expect it to do well with scripts.

weaker signatures I don't mind so much tbh, they only concern static detection and one can always upload a file to virus total

What I'm trying to get to is, if the BB is good, when they add AMSI this could well become one of good suites, and for those of us that prefer management via web dashboard, it could be the product of choice.
 
Last edited:

blackice

Level 26
Verified
How did you find it's behavior blocker for malware ? ( excluding fileless/scripts where we know this suite is not strong and excluding ransomware as it has a specialized module for that) , is it on par with the SONARs, DeepGuards and System Watchers out there?

Regarding scripts, SHP doesn't have AMSI yet, they just added AMSI one month ago to their enterprise endpoint, at some point it will be added to SHP but not word on it yet, so till they support AMSI I don't expect it to do well with scripts.

weaker signatures I don't mind so much tbh, they only concern static detection and one can always upload a file to virus total

What I'm trying to get to is, if the BB is good, when they add AMSI this could well become one of good suites, and for those of us that prefer management via web dashboard, it could be the product of choice.
It’s important to note SOPHOS was just purchased by a private equity firm. It is unclear what their motives are. We may not see much improvement in their product if their sole intent is to bleed them dry, though they may be planning a different path.
 
Top