Question Sophos antivirus engine

[Xeno1234]

Hello,
Is SOPHOS antivirus reliable and efficient for home users ?
Also is it light ?

Yes. Its scanner is ok but I’m pretty sure its behavior blocker is really good, if it’s anything like Sophos Intelix.

 

[JB007]

Hello

It's been a long time since I tested it...
When I tested it over 1 year ago, Web detection was very good. Its AV engine, however, had trouble detecting some forms of malware... And it had a lot of trouble cleaning up detected elements (either it didn't delete, or it didn't analyze everything, so the interceptor had to manage everything).
I don't know if it has evolved yet.

Hi @Shadowra
If this is your last test App Review - Sophos Home Premium 2021 ; the conclusion was not very good for Sophos

 

[JB007]

Yes. Its scanner is ok but I’m pretty sure its behavior blocker is really good, if it’s anything like Sophos Intelix.

But, Intelix is for business and not home users ?

 

[Shadowra]

Hi @Shadowra
If this is your last test App Review - Sophos Home Premium 2021 ; the conclusion was not very good for Sophos

I didn't test it on video, but on the Hub
But I should look into it when I have time

 

[Shadowra]

But, Intelix is for business and not home users ?

Probably here Intelix UI

 

[Xeno1234]

Probably here Intelix UI

Intelix is very good. If anything I can recommend it as a sandbox

 

[oldschool]

this is your last test App Review - Sophos Home Premium 2021 ; the conclusion was not very good for Sophos

Indeed, not very good. Unfortunate decline for an AV that was quite good in the early days, just about 7 yrs ago. Now, not so much. Like Edge was in its earliest Chromium days, if you get the analogy.

 

[Trident]

Sophos Home, Waredot, digital-defender
Waredot and Digital-Defender only use Sophos's SDK base, which is very poor...
Waredot also uses Mal/Generic.S detection, but both antivirus programs have no access to Intercept X (ML/PE.A detection used only by Sophos Home / Sophos Endpoint).

The Sophos engine has very flexible configuration and it is up to the OEM to decide what they want to use. This includes emulation (behavioural genotype), cloud, remediation and others.
The config manual for OEMs is here:

https://docs.sophos.com/esg/SAV-Interface-DTK/en-us/savi_sen.pdf

The Mal/Generic-S (for those who don’t know) is Sophos hash-based cloud detection for High Risk (confirmed malicious files). There is Mal/Generic-R as well for low risk files such as hack tools.

The ML/PE detections are not produced by the AV engine (Sophos SAVI) but are produced by the InterceptX pre-execution machine learning. Third party vendors will not have access to that. They will have to complement the Sophos engine with other technologies. If they rely solely on Sophos, stay away from this product.